Resend handles transactional email well. MultiMail handles everything Resend does, plus cryptographic agent identity, graduated oversight, and compliance controls your AI agents actually need.
Resend is a solid email API for human-operated applications. When an AI agent uses it, you immediately hit its limits: there is no way to declare that the sender is an AI system, no built-in mechanism for a human to review or block outbound messages before delivery, and no compliance primitives for EU AI Act disclosure obligations. The result is agents that send email with no audit trail of who approved what, no recipient-verifiable identity, and silent exposure to regulations that treat undisclosed AI communication as a violation. These gaps are not fixable with configuration—they require a different product.
MultiMail provides the same REST API ergonomics developers expect from Resend, extended with the primitives AI agents require. Every outbound message carries a cryptographically signed X-MultiMail-Identity claim that recipients and mail clients can verify. The oversight layer intercepts sends before delivery and routes them through a configurable approval flow—your human stays in the loop until you've established enough trust to relax controls. A gateway-enforced X-AI-Generated disclosure on every agent-originated message satisfies EU AI Act Article 50 requirements without bolt-on middleware. Pre-send domain intelligence checks recipient domains for known spam traps, blocklists, and deliverability risks before the message leaves your queue. All security properties are formally verified in Lean 4.
Provision a mailbox via the API (POST /v1/mailboxes) or the create_mailbox MCP tool. The mailbox is bound to the operator's signing identity and oversight mode. MultiMail signs every outbound message with an ECDSA P-256 key, producing an X-MultiMail-Identity claim over the oversight mode, capabilities, AI-generated flag, and operator plus mailbox identity, so recipients can verify the sender is an AI system operating under declared oversight.
Your agent calls the send_email tool (or POST /v1/mailboxes/{mailbox_id}/send) much as it would call Resend's API. With gated_send mode, the 202 response returns status pending_scan and a notification is sent to your designated approver—the message is held, not delivered. The agent receives the email id it can poll or watch for via webhook.
The approver calls decide_email with approve or reject. Approved messages are delivered immediately with the agent identity header intact. Rejected messages are cancelled and the agent receives a structured reason it can use to revise and resubmit.
As your agent demonstrates reliable behavior, promote its oversight mode via the API. In monitored mode the agent sends autonomously while the human receives BCC copies. In autonomous mode, the agent operates without interruption. Each mode change is logged in the audit trail.
Every agent-originated message carries an X-AI-Generated: true header plus a human-readable disclosure footer that satisfies EU AI Act Article 50 transparency requirements. This is gateway-enforced per mailbox—the ai_disclosure setting is locked on and cannot be disabled. The audit log records approval decisions, agent identity, and oversight mode at send time—sufficient for regulatory review without additional instrumentation.
Pick your platform, copy the prompt, and paste it to your AI agent — it sets up MultiMail and builds the whole flow. Nothing to fill in.
Every message carries an ECDSA P-256 signed X-MultiMail-Identity claim declaring the oversight mode, capabilities, AI-generated flag, and operator plus mailbox identity. Recipients can verify the sender is an AI system and who operates it—something Resend's header infrastructure cannot express.
gated_send, gated_all, monitored, and autonomous modes are first-class API parameters, not middleware you bolt on. Promote or demote an agent's trust level with a single API call as your confidence in its behavior grows.
The gateway-enforced X-AI-Generated: true header (locked on per mailbox) plus the signed identity claim satisfy the Article 50 requirement to inform recipients they are interacting with an AI system. Audit logs record identity and oversight mode at send time, which is sufficient for regulatory review.
Before delivery, MultiMail checks recipient domains against blocklists, spam trap registries, and deliverability databases. Resend surfaces these failures after sending; MultiMail surfaces them before, so your agent can handle them without burning sender reputation.
The MultiMail REST API mirrors Resend's call signature—call it directly with requests or httpx, no SDK to install. Migration is mapping the send body onto { to, subject, markdown } plus configuring oversight on the mailbox. Existing error handling, retry logic, and response parsing continue to work.
MultiMail's oversight, identity, and authorization properties are proven correct in Lean 4—not tested, proven. This means the oversight layer cannot be bypassed by a code path that Resend's conventional testing would leave open.
Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a hosted MCP server. Formally verified in Lean 4.