Authenticated, Verifiable Email from AI Agents

MultiMail provisions domains with SPF, DKIM, and DMARC alignment and adds signed identity metadata so every agent-sent email is both deliverable and provable.

The problem

Why this matters

Standard email authentication protocols — SPF, DKIM, DMARC, ARC — were designed for servers, not agents. They answer 'did this domain send this message?' but not 'which agent sent it, under whose authorization, and with what oversight level?' Teams building production AI agents hit this gap quickly: deliverability requires proper DNS alignment, but compliance under frameworks like the EU AI Act also requires provenance — knowing exactly which model instance generated an email and whether a human approved it. Bolting identity tracking onto standard authentication after the fact produces fragile, unauditable systems.

The solution

How MultiMail solves this

MultiMail handles both layers together. Domain provisioning generates DKIM keypairs, publishes SPF and DMARC records, and configures ARC sealing automatically. On top of that, every outbound message carries a cryptographically signed X-MultiMail-Identity header that records the agent ID, oversight mode, and whether the send was human-approved. Recipients — and your own audit logs — can verify both the domain authentication chain and the agent provenance chain independently. This means standard spam filters see a properly authenticated sender while your compliance tooling sees a fully attributable agent action.

1

Configure your sending domain

Call the domain configuration endpoint with your domain. MultiMail generates a DKIM keypair (RSA-2048 or Ed25519), returns the DNS records you need to publish, and sets the selector. You keep ownership of your domain; MultiMail signs on your behalf using the provisioned key.

2

Publish DNS records and verify alignment

Publish the TXT records for SPF (v=spf1 include:send.multimail.dev ~all), DKIM selector, and DMARC policy. MultiMail polls for propagation and runs an alignment check — SPF envelope-from, DKIM d= tag, and From header domain must all match for DMARC to pass. Misalignment is reported before you send a single message.

3

Sign outbound messages with agent identity

When your agent calls send_email or reply_email, MultiMail appends a signed X-MultiMail-Identity header containing the agent_id, the oversight_mode active at send time, and an approval_ref if a human approved the action. The signature uses the same Ed25519 keypair as your DKIM configuration so the provenance chain is tied to your domain authentication.

4

Send authenticated email

Every outbound message leaves MultiMail with DKIM signature, SPF alignment, DMARC policy in effect, ARC sealing for forwarded messages, and the agent identity header. Your audit log records the full authentication state for every send event.

Code examples

Implementation

Domain provisioning and DNS record retrieval
python
import requests

headers = {
    "Authorization": "Bearer $MULTIMAIL_API_KEY",
    "Content-Type": "application/json",
}

"cm"># Configure domain — returns DKIM selector and DNS record values
resp = requests.post(
    "https://api.multimail.dev/v1/domains",
    headers=headers,
    json={
        "domain": "mail.yourcompany.com",
        "dkim_key_type": "ed25519",
        "dmarc_policy": "quarantine",
        "dmarc_rua": "mailto:[email protected]",
    },
)
domain = resp.json()

print("Publish these DNS records:")
for record in domain["dns_records"]:
    print(f"  {record[&"cm">#039;type']} {record['name']} → {record['value']}")

"cm"># Output:
"cm"># TXT mail.yourcompany.com → v=spf1 include:send.multimail.dev ~all
"cm"># TXT mm1._domainkey.mail.yourcompany.com → v=DKIM1; k=ed25519; p=<pubkey>
"cm"># TXT _dmarc.mail.yourcompany.com → v=DMARC1; p=quarantine; rua=mailto:...

Configure a sending domain and retrieve the DNS records to publish. Call this once per domain; MultiMail returns the exact TXT record values.

Verify DMARC alignment before going live
python
import requests
import time

headers = {"Authorization": "Bearer $MULTIMAIL_API_KEY"}
domain_id = "dom_01abc123"

for attempt in range(12):  "cm"># up to 60 minutes
    resp = requests.post(
        f"https://api.multimail.dev/v1/domains/{domain_id}/verify",
        headers=headers,
    )
    result = resp.json()

    if result["status"] == "aligned":
        print("Domain fully aligned:")
        print(f"  SPF: {result[&"cm">#039;checks']['spf']}")
        print(f"  DKIM: {result[&"cm">#039;checks']['dkim']}")
        print(f"  DMARC: {result[&"cm">#039;checks']['dmarc']}")
        print(f"  Alignment: {result[&"cm">#039;checks']['alignment']}")
        break
    elif result["status"] == "misaligned":
        print(f"Misalignment detected: {result[&"cm">#039;detail']}")
        break
    else:
        print(f"Still propagating... (attempt {attempt + 1}/12)")
        time.sleep(300)

Poll for DNS propagation and run the alignment check. MultiMail validates that SPF, DKIM, and DMARC are all correctly aligned before you send production traffic.

Send authenticated email with agent identity signing
python
import requests

headers = {
    "Authorization": "Bearer $MULTIMAIL_API_KEY",
    "Content-Type": "application/json",
}

resp = requests.post(
    "https://api.multimail.dev/v1/send_email",
    headers=headers,
    json={
        "from": "[email protected]",
        "to": ["[email protected]"],
        "subject": "Your AI email authentication setup is complete",
        "text": (
            "SPF, DKIM, and DMARC are aligned, and MultiMail identity "
            "signing is active for verifiable agent email. "
            "Every message from this mailbox carries a signed provenance "
            "header so recipients and auditors can verify the sending agent."
        ),
        "agent_id": "onboarding-agent-v2",
        "oversight_mode": "monitored",
        "cm"># X-MultiMail-Identity header is added and signed automatically
    },
)
msg = resp.json()
print(f"Message ID: {msg[&"cm">#039;message_id']}")
print(f"Authentication: {msg[&"cm">#039;authentication']}")
"cm"># authentication: { spf: 'pass', dkim: 'pass', dmarc: 'pass', identity_signed: true }

Send an email that carries both standard DKIM authentication and a signed agent identity header. The oversight_mode and agent_id appear in the X-MultiMail-Identity header on every outbound message.

Verify agent identity from a received message header
python
import requests
import base64
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
from cryptography.hazmat.primitives.serialization import load_der_public_key

def verify_agent_identity(identity_header: str) -> dict:
    """
    Verify an X-MultiMail-Identity header.
    Header format: agent_id=<id>; oversight=<mode>; sig=<base64>
    """
    parts = dict(p.strip().split("=", 1) for p in identity_header.split(";"))
    agent_id = parts["agent_id"]
    oversight = parts["oversight"]
    sig_bytes = base64.b64decode(parts["sig"])

    # Fetch the public key for this agent from MultiMail
    resp = requests.get(
        f"https://api.multimail.dev/v1/identity/pubkey/{agent_id}",
        headers={"Authorization": "Bearer $MULTIMAIL_API_KEY"},
    )
    pubkey_der = base64.b64decode(resp.json()["public_key_der"])
    pub = load_der_public_key(pubkey_der)

    # Signed payload is agent_id + oversight concatenated
    payload = f"{agent_id}:{oversight}".encode()
    try:
        pub.verify(sig_bytes, payload)
        return {"verified": True, "agent_id": agent_id, "oversight": oversight}
    except Exception:
        return {"verified": False}

# Example usage
result = verify_agent_identity(
    "agent_id=onboarding-agent-v2; oversight=monitored; sig=ABC123..."
)
print(result)  "cm"># {'verified': True, 'agent_id': 'onboarding-agent-v2', 'oversight': 'monitored'}

Parse and verify the X-MultiMail-Identity header on a received message. Use the MultiMail public key endpoint to validate the signature without storing credentials.

MCP tool usage for authenticated email setup
text
# In a Claude Desktop session with MultiMail MCP connected:

# Step 1 — provision the domain
Tool: configure_domain
Arguments:
  domain: mail.yourcompany.com
  dkim_key_type: ed25519
  dmarc_policy: quarantine

# Step 2 — verify alignment after publishing DNS records
Tool: verify_domain_alignment
Arguments:
  domain_id: dom_01abc123

# Step 3 — send an authenticated message
Tool: send_email
Arguments:
  from: [email protected]
  to: ["[email protected]"]
  subject: Authentication setup confirmed
  text: SPF, DKIM, DMARC, and identity signing are all active.
  agent_id: onboarding-agent-v2
  oversight_mode: monitored

# MultiMail signs the message, adds the X-MultiMail-Identity header,
# and returns authentication state in the response.

Configure domain authentication and send a verified email using the MultiMail MCP server in a Claude Desktop or Cursor workflow.

Benefits

What you get

Standard deliverability, no manual DNS work

MultiMail generates correct SPF, DKIM, and DMARC record values for your domain and verifies alignment before your agent sends a single message. Misconfigured authentication is the most common cause of AI-sent email landing in spam.

Per-agent provenance on every message

The signed X-MultiMail-Identity header records which agent sent each message, under which oversight mode, and whether a human approved it. This is separate from DKIM — domain authentication proves the sender, identity signing proves the agent.

EU AI Act compliance evidence

The EU AI Act requires disclosure and traceability for AI-generated content. MultiMail's identity headers and audit log provide the artifact trail auditors need: agent ID, model version, oversight level, and approval records per message.

ARC support for forwarded email

Authenticated Received Chain (ARC) preserves the authentication state when messages are forwarded through mailing lists or other intermediaries. MultiMail seals ARC headers automatically so your agent's email survives forwarding without losing DMARC pass status.

Audit log tied to authentication events

Every domain verification, DKIM signing event, and identity signature is written to the MultiMail audit log. You can query by agent_id, domain, or time range to reconstruct exactly what was sent, when, and by which agent.

Oversight

Recommended oversight mode

Recommended
monitored
Authentication configuration is a one-time setup action that benefits from human review, but ongoing authenticated sends are routine and auditable. Monitored mode lets your agent send email autonomously while your team receives notifications for every message. The signed identity header gives you a full audit trail without requiring human approval on each send, which would create bottlenecks in high-volume workflows.
FAQ

Common questions

Do I need to transfer DNS control of my domain to MultiMail?
No. You keep full DNS control. MultiMail returns the specific TXT record values you need to publish (SPF include, DKIM selector, DMARC policy). You add those records in your registrar or DNS provider. MultiMail then polls to confirm propagation and runs the alignment check.
What is the difference between DKIM signing and MultiMail identity signing?
DKIM answers 'did mail.yourcompany.com authorize this message?' — it authenticates the sending domain. MultiMail identity signing answers 'which agent sent this message, under whose oversight?' — it authenticates the agent within the domain. Both signatures travel in headers on the same message. DKIM is read by receiving mail servers; the identity header is read by your audit tooling and any recipient who wants to verify provenance.
Does MultiMail support DMARC reporting (rua/ruf)?
Yes. When you configure your domain, you can specify a DMARC aggregate report address (rua) and a forensic report address (ruf). MultiMail sets the correct DMARC TXT record values. You receive DMARC reports from receiving mail servers directly — they go to your address, not through MultiMail.
What happens to authentication when emails are forwarded?
MultiMail adds ARC (Authenticated Received Chain) headers on every outbound message. When a message is forwarded through a mailing list or email alias, the ARC seal preserves the original authentication state so receiving servers can still determine the message passed SPF and DKIM at origin, even if the forwarded envelope breaks SPF alignment.
How does the EU AI Act apply to AI-sent email?
The EU AI Act's transparency obligations (Articles 50 and 52) require that recipients be informed when they are interacting with an AI system, and that AI-generated content be traceable. For email, this means disclosure that the message was generated by an AI agent and the ability to identify which system sent it. MultiMail's identity headers and audit log provide the traceability artifact; you are still responsible for including appropriate disclosure text in the message body.
Can I use my own DKIM keypair instead of the one MultiMail generates?
Yes. You can supply an existing Ed25519 or RSA-2048 private key during domain configuration. MultiMail will use your key for DKIM signing rather than generating a new one. This is useful if you have an existing key rotation process or if your security team requires key custody to remain internal.
How do I verify the agent identity header on a message I receive?
The X-MultiMail-Identity header contains the agent_id, oversight mode, and an Ed25519 signature. You can fetch the corresponding public key from the MultiMail identity endpoint (GET /v1/identity/pubkey/{agent_id}) and verify the signature without any API credentials — the public key endpoint is unauthenticated. This lets recipients verify agent provenance without needing access to your MultiMail account.
Related

Explore more use cases

AI Disclosure Headers

legal

View guide →

Email Deliverability Optimization

operations

View guide →

DKIM for AI Agents

developer

View guide →
Get started

The only agent email with a verifiable sender

Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a 50-tool MCP server. Formally verified in Lean 4.

Read the Docs See Pricing