Email API Built for AI Agents, Not Just Developers

Mailgun handles email delivery. MultiMail adds the agent identity layer, graduated oversight controls, and compliance tooling that AI agents require in production.


Why this matters

Mailgun is a well-engineered transactional email API built for human-authored messages. When an AI agent sends email through Mailgun, there is no mechanism to declare the sending identity as an AI system, no way to require human approval before high-stakes messages are delivered, and no built-in path to EU AI Act compliance. Developers building agent systems on Mailgun end up bolting on approval queues, audit logs, and disclosure headers manually — and those homegrown solutions rarely hold up under compliance review. The missing layer is not deliverability; it is agent-aware infrastructure.


How MultiMail solves this

MultiMail provides the same high-volume email delivery developers expect from Mailgun, with an additional layer designed specifically for AI agents: a cryptographically signed identity claim that proves which agent sent a message, graduated oversight modes that let you gate sends on human approval without rebuilding your webhook stack, pre-send domain intelligence to catch reputation problems before delivery, and EU AI Act disclosure compliance out of the box. Migrating from Mailgun is a single endpoint swap to `POST /v1/mailboxes/{mailbox_id}/send`. What you gain is the agent trust and compliance infrastructure that Mailgun does not provide.

1

Swap the endpoint, point at the mailbox

Replace your Mailgun API calls with POST https://api.multimail.dev/v1/mailboxes/{mailbox_id}/send. The sender is the mailbox in the path plus your bearer key — there is no `from` field. Map your message into `to`, `subject`, and `markdown` (MultiMail converts markdown to formatted HTML on delivery).

2

Identity rides on every send automatically

You do not add an identity field — MultiMail signs every outbound message with an X-MultiMail-Identity claim: an ECDSA P-256 signed payload covering the oversight mode, capabilities, the AI-generated flag, and the operator plus mailbox identity. Recipients and compliance auditors can verify which agent sent the message without trusting the From address alone.

3

Configure oversight mode

Set oversight_mode: gated_send on your mailbox to hold all outbound sends in a pending queue until a human approves them. Use list_pending to surface queued messages and decide_email to approve or reject. Reads and replies to inbound mail proceed autonomously.

4

Receive inbound with webhooks

Point your inbound MX or forwarding rules at MultiMail. Inbound messages fire a webhook to your endpoint with parsed headers, body, and attachments. Use check_inbox and read_email to pull messages programmatically from your agent loop.

5

Run compliance checks pre-send

MultiMail evaluates recipient domain reputation, DMARC alignment, and EU AI Act disclosure requirements before each send. Messages that would damage deliverability or violate disclosure rules are flagged before they leave the queue, not after a bounce.


Try it with your agent

Pick your platform, copy the prompt, and paste it to your AI agent — it sets up MultiMail and builds the whole flow. Nothing to fill in.

1. Get MultiMail ready: read https://multimail.dev/llms.txt, connect the MCP server, create a free inbox, and set up a verified sender. 2. In Zapier, use Webhooks by Zapier with Catch Hook to receive the event that your AI agent or app currently routes to Mailgun. 3. Add the AI step that writes the transactional message, using the webhook payload for recipient, account, order, ticket, or workflow context. 4. Send or schedule the email through MultiMail in gated_send mode so a human approves each high-stakes agent-authored message before delivery. 5. Prepare everything in draft mode and ask me only for Zapier access, MultiMail credentials, sender/domain approval, and brand voice before going live.

What you get

Agent identity that survives forwarding

Every message sent through MultiMail carries an X-MultiMail-Identity header: an ECDSA P-256 signed claim over the oversight mode, capabilities, AI-generated flag, and operator plus mailbox identity. Unlike a custom From address, this claim is verifiable by recipients and auditors even after the message passes through forwarding rules or mailing list processors.

Graduated oversight without custom webhooks

Mailgun delivers messages immediately. MultiMail's gated_send mode holds outbound sends in a queue that a human reviews via POST /v1/oversight/decide or the decide_email MCP tool — no approval webhook infrastructure to build and maintain. Switch modes per mailbox as your deployment matures.

EU AI Act disclosure built in

EU AI Act Article 50 requires that AI-generated communications be disclosed to recipients. Every agent-originated message carries an X-AI-Generated: true header plus a human-readable disclosure footer. This is gateway-enforced per mailbox — the ai_disclosure setting is locked on and cannot be disabled. Mailgun has no equivalent.

Pre-send domain intelligence

Before a message leaves the queue, MultiMail checks recipient domain reputation, DMARC alignment, and known spam-trap patterns. Problems surface as warnings on the pending record before delivery, giving the oversight reviewer or the agent itself a chance to cancel rather than absorb a bounce.

Single endpoint migration path

Migration is a swap to POST /v1/mailboxes/{mailbox_id}/send. Mailgun's to and subject map directly; the sender becomes the mailbox in the path (no from field), and the body becomes a single markdown field that MultiMail renders to HTML on delivery. Identity is signed on automatically, so there is no agent_id to add.


Recommended oversight mode

Recommended
gated_send
High-volume agent email systems benefit from gated_send as the default: agents can autonomously read and classify inbound messages, but outbound sends wait for human review before delivery. This contains the blast radius of agent errors — a hallucinated fact or wrong recipient is caught in the queue rather than delivered to thousands of addresses. As the deployment accumulates a clean track record, individual mailboxes can be promoted to monitored or autonomous without changing the overall system architecture.

Common questions

Does switching from Mailgun require rewriting my message construction code?
Mostly not. MultiMail's send route (POST /v1/mailboxes/{mailbox_id}/send) takes to, subject, and a single markdown body, plus optional cc, bcc, and attachments. The differences from Mailgun: the sender is the mailbox in the path rather than a from field, the body is markdown (rendered to HTML on delivery) rather than separate body_text/body_html, and identity is signed on automatically rather than passed as a field. Oversight behavior is configured on the mailbox, not per-send.
What happens to Mailgun webhooks I have set up for delivery events?
MultiMail fires equivalent webhooks for delivery, bounce, and inbound events. The payload schema differs from Mailgun's, so webhook handlers that parse event fields will need updating. The webhook endpoint URL and authentication model are documented in the MultiMail API reference.
Can I run MultiMail alongside Mailgun during migration?
Yes. MultiMail mailboxes are independent of your Mailgun sending domains. You can route specific mailboxes or agent workflows through MultiMail while keeping other transactional flows on Mailgun until you're ready to cut over fully.
Does MultiMail match Mailgun's deliverability infrastructure?
MultiMail runs on a high-deliverability delivery backbone for transactional sends, which has industry-leading deliverability rates. Dedicated sending domains, DKIM signing, and SPF alignment are configured per mailbox at account setup.
How does agent identity verification work for recipients?
Outbound messages carry an X-MultiMail-Identity header: an ECDSA P-256 signed claim — a base64url payload plus a base64url signature — covering the oversight mode, capabilities, AI-generated flag, and operator plus mailbox identity. The signing public key is served from https://api.multimail.dev/.well-known/multimail-signing-key, and any recipient can verify the claim at https://multimail.dev/verify#<header-value> without trusting the From header.
What does EU AI Act compliance mean in practice here?
EU AI Act Article 50 requires that AI systems interacting with humans via text disclose that nature to recipients. MultiMail adds a machine-readable X-AI-Generated: true header plus a human-readable disclosure footer to every agent-originated message. This is gateway-enforced per mailbox — the ai_disclosure setting is locked on and cannot be disabled, so disclosure cannot be silently dropped.
Is there a volume tier comparable to Mailgun's Flex plan?
MultiMail's Scale plan supports 150,000 emails per month across 100 mailboxes. For volumes above that, contact support for enterprise pricing. The API rate limits and queue throughput are documented in the API reference under rate-limits.

Explore more use cases

The only agent email with a verifiable sender

Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a hosted MCP server. Formally verified in Lean 4.