Postmark Delivers Email. MultiMail Proves Who Sent It.

Both platforms share the same delivery infrastructure. Only MultiMail adds ECDSA-signed agent identity, graduated oversight, and pre-send domain intelligence.

The problem

Why this matters

Postmark is a well-engineered transactional email service built for human-operated applications. It has excellent deliverability, reliable webhooks, and clear bounce handling. What it does not have is any concept of agent identity. When an AI agent sends email through Postmark, the receiving server sees a standard SMTP message. There is no way to verify that an AI sent it, no mechanism for a human to review outbound messages before delivery, and no pre-send intelligence about whether the recipient domain is likely to bounce. Bounce data arrives after delivery — post-hoc, not preventative. For AI agent email, post-hoc is not good enough. EU AI Act Article 50 requires disclosure that content was AI-generated. GDPR applies to any personal data in outbound messages. And operationally, a misconfigured agent that spams a customer list does damage before you ever see the bounce webhook.

The solution

How MultiMail solves this

MultiMail uses Postmark as its delivery backbone — so you get the same deliverability you would get from Postmark directly. On top of that, MultiMail adds the layer that AI-sent email requires: ECDSA-signed X-MultiMail-Agent headers that prove which agent sent each message, five graduated oversight modes so humans can approve sends before they happen, pre-send domain intelligence that flags risky recipients before SMTP handoff, and EU AI Act Article 50 disclosure headers out of the box. Migrating from Postmark is straightforward: replace your Postmark API calls with MultiMail's send_email endpoint, set your oversight mode, and configure a mailbox. Your deliverability stays the same. Your accountability improves.

1

Create a mailbox and set oversight mode

Create a mailbox via the MultiMail API or dashboard using create_mailbox. Set oversight_mode to gated_send — the default for AI agents. In this mode, the agent can read and compose freely; outbound sends are held for human approval before delivery begins.

2

Agent calls send_email — MultiMail runs pre-send checks

When the agent calls send_email, MultiMail runs domain intelligence checks against the recipient domain before queuing. If the domain has high bounce risk or is flagged as disposable, the send is blocked with a structured error — not a bounce webhook 30 seconds after delivery.

3

Human reviews pending sends via list_pending

Pending sends appear in the approval queue. Call list_pending to retrieve them, or receive them via the approval webhook. The reviewer calls decide_email with approve or reject. Approved messages are handed to the delivery backend with identity headers attached.

4

Identity and compliance headers are attached on delivery

Every outbound message carries X-MultiMail-Agent (agent ID), X-MultiMail-Sig (ECDSA signature over message content), and X-MultiMail-Disclosure (EU AI Act Article 50 disclosure). Recipients and compliance tools can verify the sending agent without trusting the From address.

5

Inbound replies route back to the agent's inbox

Replies route to the sending mailbox. The agent calls check_inbox and read_email to retrieve them, maintaining full thread context via get_thread. The same oversight mode governs any replies the agent composes in response.

Code examples

Implementation

Send email with agent identity (REST)
python
import httpx

client = httpx.Client(
    base_url="https://api.multimail.dev",
    headers={"Authorization": "Bearer $MULTIMAIL_API_KEY"}
)

response = client.post("/send_email", json={
    "from": "[email protected]",
    "to": "[email protected]",
    "subject": "Your onboarding summary",
    "text": "Hi,\n\nHere is your onboarding summary for this week...",
    "agent_id": "onboarding-agent-v2",
    "metadata": {"run_id": "run_8af3c1", "tenant": "acme"}
})

result = response.json()
"cm"># result["status"] == "queued" when oversight_mode is gated_send
"cm"># result["status"] == "sent" when oversight_mode is autonomous
print(result["message_id"])

Direct replacement for a Postmark API call. The oversight_mode on the mailbox determines whether this delivers immediately or enters the approval queue.

Review and approve pending sends
python
import httpx

client = httpx.Client(
    base_url="https://api.multimail.dev",
    headers={"Authorization": "Bearer $MULTIMAIL_API_KEY"}
)

pending = client.get("/list_pending").json()

for msg in pending["messages"]:
    print(f"Agent:   {msg[&"cm">#039;agent_id']}")
    print(f"To:      {msg[&"cm">#039;to']}")
    print(f"Subject: {msg[&"cm">#039;subject']}")
    print(f"Preview: {msg[&"cm">#039;text'][:200]}")
    print()

    action = input("Approve? [y/n]: ")
    client.post("/decide_email", json={
        "message_id": msg["message_id"],
        "decision": "approve" if action.lower() == "y" else "reject",
        "reviewer_note": "Reviewed by ops team"
    })

In gated_send mode, outbound messages queue before delivery. This pattern lets a human reviewer inspect and approve them programmatically before they reach recipients.

Python SDK — migrate from Postmark
python
"cm"># Before: Postmark
"cm"># from postmarker.core import PostmarkClient
"cm"># client = PostmarkClient(server_token="your-postmark-token")
"cm"># client.emails.send(
"cm">#     From="[email protected]",
"cm">#     To="[email protected]",
"cm">#     Subject="Weekly summary",
"cm">#     TextBody="..."
"cm"># )

"cm"># After: MultiMail
from multimail import MultiMailClient

client = MultiMailClient(api_key="$MULTIMAIL_API_KEY")

result = client.send_email(
    from_address="[email protected]",
    to="[email protected]",
    subject="Weekly summary",
    text="...",
    agent_id="weekly-summary-agent"
)

"cm"># result.status: "queued" | "sent" | "blocked"
"cm"># result.message_id: use for tracking approvals and delivery events
print(result.message_id)

If you were calling Postmark's API directly, this is the equivalent MultiMail SDK call. The SDK handles auth, retries, and oversight mode transparently.

MCP tool usage — send and monitor
json
"cm">// MCP tool: send_email
{
  "tool": "send_email",
  "arguments": {
    "from": "[email protected]",
    "to": "[email protected]",
    "subject": "Proposal follow-up",
    "text": "Following up on the proposal we discussed...",
    "agent_id": "sales-agent"
  }
}

"cm">// Response when oversight_mode = gated_send:
{
  "message_id": "msg_01HXYZ",
  "status": "queued",
  "approval_required": true,
  "queue_position": 1
}

"cm">// MCP tool: list_pending (called by human reviewer or orchestrator)
{
  "tool": "list_pending",
  "arguments": {
    "mailbox": "[email protected]"
  }
}

For agents running inside MCP-compatible clients (Claude Desktop, Cursor, Windsurf), these are the MultiMail MCP tool calls as they appear to the agent.

Benefits

What you get

Same delivery infrastructure, more accountability

MultiMail routes through Postmark's delivery network, so your SPF, DKIM, and DMARC reputation carries over. You do not trade deliverability for compliance — you get both from the same send path.

Pre-send domain intelligence instead of post-hoc bounces

Postmark tells you a message bounced after the SMTP handoff. MultiMail checks recipient domain reputation, MX health, and disposable-address signals before queuing the send. Risky recipients are flagged before they damage your sender score.

ECDSA-signed agent identity on every message

Every message carries X-MultiMail-Agent and X-MultiMail-Sig headers. The signature covers the message content and agent ID, so downstream systems can verify which agent sent a message without relying on the spoofable From address.

EU AI Act Article 50 compliance without per-agent instrumentation

MultiMail attaches X-MultiMail-Disclosure headers and can inject AI disclosure notices into message bodies automatically. Compliance is enforced at the send layer — you do not need to update each agent when regulations change.

Graduated oversight that scales with agent trust

Start with gated_send: agents compose freely, humans approve outbound. As trust builds, switch individual mailboxes to monitored or autonomous. Different agents can operate at different trust levels simultaneously without any code changes.

Oversight

Recommended oversight mode

Recommended
gated_send
Agents replacing or augmenting Postmark workflows are typically sending transactional or outreach email at volume. gated_send lets the agent compose and process inbound replies autonomously — preserving the speed advantage of automation — while requiring human approval before any outbound message is delivered. This catches misconfigured prompts, unexpected recipient lists, or tone problems before they reach customers. As your agent's behavior stabilizes and you build confidence in its outputs, you can migrate individual mailboxes to monitored or autonomous without changing any agent code.
FAQ

Common questions

Does MultiMail actually use Postmark, or is this just positioning?
MultiMail uses Postmark as one of its delivery backends. When you send through MultiMail, the final SMTP handoff uses Postmark's infrastructure. Your messages inherit Postmark's IP reputation and delivery rates. The MultiMail layer sits above Postmark: it handles identity signing, oversight queuing, domain intelligence, and compliance headers before the message reaches Postmark for delivery.
How do I migrate from Postmark without rewriting my agent?
Replace your Postmark API calls with MultiMail's send_email endpoint. The request shape is similar: from, to, subject, text or html. Add agent_id to identify the sending agent. Point your inbound webhook URL to MultiMail if you handle replies. The main behavior change is that sends may enter an approval queue depending on your oversight_mode — set it to autonomous initially if you want behavior identical to Postmark while you evaluate the platform.
What happens to my Postmark sender signatures and DKIM setup?
You have two options. Add your existing sending domain to MultiMail directly — MultiMail provisions its own DKIM keys alongside your existing Postmark setup. Or use a subdomain, such as agent.yourdomain.com, for agent-sent mail specifically. The subdomain approach is often preferable for EU AI Act compliance since it makes AI-originated mail distinguishable at the domain level to spam filters and recipients alike.
Does MultiMail support Postmark's message streams concept?
MultiMail uses mailboxes rather than message streams. Each mailbox has its own oversight mode, sending identity, and inbox. You can create separate mailboxes for transactional, outreach, and notification traffic using the create_mailbox endpoint — the functional equivalent of Postmark's stream separation, with the added benefit that each stream carries its own agent identity.
What is EU AI Act Article 50 and why does it apply to email?
EU AI Act Article 50 requires that AI systems disclose when content has been AI-generated, particularly in contexts where recipients might reasonably assume human authorship. Email from AI agents falls into this category. MultiMail satisfies this requirement by attaching X-MultiMail-Disclosure headers to every outbound message and optionally injecting a disclosure notice into the message body. This applies to any sender operating in or sending to recipients in the EU.
Can I keep using Postmark for human-sent email and only route agent email through MultiMail?
Yes. This is a common setup. Your human-operated application continues using Postmark directly. Your AI agents use MultiMail. The two systems are independent. Using separate sending domains or subdomains keeps the streams distinct, which also helps with deliverability monitoring, spam filter classification, and EU AI Act compliance reporting.
Related

Explore more use cases

Email API for AI Agents

developer

View guide →

Resend Alternative for AI Agents

developer

View guide →
Get started

The only agent email with a verifiable sender

Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a 50-tool MCP server. Formally verified in Lean 4.

Read the Docs See Pricing