Magic links and OTP emails are high-trust, time-sensitive messages. MultiMail delivers them fast and keeps every send observable so agent-driven auth flows stay auditable.
Authentication emails sit on the critical path of user login. A 30-second delivery delay kills a 10-minute magic link. A poorly formatted message or a spoofable sender domain drops user confidence and completion rates. When an AI agent triggers these sends — as part of a self-service onboarding flow, an automated access request, or a session refresh — the stakes are higher: the agent cannot manually verify delivery or respond to a failed send the way a human operator would. You need infrastructure that is fast, observable, and correct by construction.
MultiMail's mailbox send endpoint handles authentication emails as first-class transactional messages. Sends return an id immediately, and delivery confirmation fires a webhook to your endpoint so your agent knows whether the token reached the inbox before proceeding. The gated_send oversight mode lets agents read inboxes and monitor delivery autonomously — low risk — while routing outbound authentication sends through a lightweight approval step. This keeps high-trust sends auditable without adding latency to the happy path.
Your backend or agent generates a cryptographically secure token — HMAC-SHA256, TOTP, or random bytes — and stores it with an expiry timestamp. MultiMail does not generate or store tokens. You own the secret material, expiry logic, and single-use enforcement.
Pass the token embedded in a magic link URL, or as a standalone OTP code, to the mailbox send endpoint (POST /v1/mailboxes/{mailbox_id}/send). The sender is the mailbox in the path plus your bearer key — there is no from field. MultiMail signs the outbound message with DKIM on your verified domain.
MultiMail routes the message through hardened sending infrastructure and fires a delivery webhook to your endpoint when the message is handed off to the recipient's MX. Your agent correlates the id from the send response to the webhook event, confirming the token reached the inbox before the expiry window closes.
Bounced or deferred messages trigger a failure webhook with a status code and error detail. Your agent can act on this — retry with a secondary address, fall back to an alternative channel, or surface the failure to a human approver via the gated approval queue. MultiMail does not silently drop bounces.
If the recipient mailbox is a MultiMail address, read it via GET /v1/mailboxes/{mailbox_id}/emails/{email_id} and set tags via PUT /v1/mailboxes/{mailbox_id}/emails/{email_id}/tags to mark the authentication thread as consumed once login completes. This gives you a clean audit trail: sent, delivered, consumed — or expired without use.
Pick your platform, copy the prompt, and paste it to your AI agent — it sets up MultiMail and builds the whole flow. Nothing to fill in.
Authentication tokens are typically valid for 10 minutes. MultiMail's fast transactional send path with webhook delivery confirmation gives your agent a confirmed delivery signal within seconds — not after the token has already expired.
Authentication emails are high-phishing-target messages. MultiMail signs every send with DKIM on your verified sender domain, improving deliverability and giving recipients a cryptographic signal that the message is legitimate, not a spoofed clone.
Every authentication email is logged with sender, recipient, timestamp, and delivery status. Under gated_send mode, outbound sends are also visible to a human reviewer, giving you an auditable trail for SOC 2 compliance and incident response.
Bounced or deferred messages trigger webhooks with actionable status codes. Your agent can retry, fall back to an alternative channel, or escalate to a human approver. MultiMail does not silently discard delivery failures.
Dedicate a mailbox (e.g., [email protected]) to authentication sends to isolate reputation from marketing or notification traffic. A spam complaint on a newsletter cannot affect delivery rates for your login flows.
Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a hosted MCP server. Formally verified in Lean 4.