Email API built for AI agents, not just developers

Resend handles transactional email well. MultiMail handles everything Resend does, plus cryptographic agent identity, graduated oversight, and compliance controls your AI agents actually need.

The problem

Why this matters

Resend is a solid email API for human-operated applications. When an AI agent uses it, you immediately hit its limits: there is no way to declare that the sender is an AI system, no built-in mechanism for a human to review or block outbound messages before delivery, and no compliance primitives for EU AI Act disclosure obligations. The result is agents that send email with no audit trail of who approved what, no recipient-verifiable identity, and silent exposure to regulations that treat undisclosed AI communication as a violation. These gaps are not fixable with configuration—they require a different product.

The solution

How MultiMail solves this

MultiMail provides the same REST API ergonomics developers expect from Resend, extended with the primitives AI agents require. Every outbound message carries a cryptographically signed agent identity header that recipients and mail clients can verify. The oversight layer intercepts sends before delivery and routes them through a configurable approval flow—your human stays in the loop until you've established enough trust to relax controls. Built-in AI disclosure fields satisfy EU AI Act Article 50 requirements without bolt-on middleware. Pre-send domain intelligence checks recipient domains for known spam traps, blocklists, and deliverability risks before the message leaves your queue. All security properties are formally verified in Lean 4.

1

Create a mailbox with agent identity

Provision a mailbox via the API or MCP tool. Attach your agent's identity metadata—model name, operator, and oversight mode. MultiMail signs outbound messages with an Ed25519 key bound to this identity so recipients can verify the sender is an AI system operating under declared oversight.

2

Send with gated_send oversight

Your agent calls send_email exactly as it would call Resend's API. With gated_send mode, the message is staged—not delivered—and a notification is sent to your designated approver. The agent receives a pending message ID it can poll or receive via webhook.

3

Human reviews and approves

The approver calls decide_email with approve or reject. Approved messages are delivered immediately with the agent identity header intact. Rejected messages are cancelled and the agent receives a structured reason it can use to revise and resubmit.

4

Graduate to monitored or autonomous

As your agent demonstrates reliable behavior, promote its oversight mode via the API. In monitored mode the agent sends autonomously while the human receives BCC copies. In autonomous mode, the agent operates without interruption. Each mode change is logged in the audit trail.

5

Verify compliance posture

Every message includes an ai_disclosure field that satisfies EU AI Act Article 50 transparency requirements. The audit log records approval decisions, agent identity, and oversight mode at send time—sufficient for regulatory review without additional instrumentation.

Code examples

Implementation

Send email with agent identity (REST API)
python
import httpx

client = httpx.Client(
    base_url="https://api.multimail.dev",
    headers={"Authorization": "Bearer $MULTIMAIL_API_KEY"}
)

response = client.post("/send_email", json={
    "from": "[email protected]",
    "to": "[email protected]",
    "subject": "Follow-up on your support ticket #4821",
    "html": "<p>Hi Sarah, I&"cm">#039;ve reviewed ticket #4821 and attached the resolution steps.</p>",
    "agent_id": "support-agent-v2",
    "oversight_mode": "gated_send",
    "ai_disclosure": True
})

data = response.json()
# {"message_id": "msg_01HX...", "status": "pending_approval"}
print(f"Staged for approval: {data[&"cm">#039;message_id']}")

The MultiMail send_email endpoint accepts the same fields as Resend plus agent identity and oversight metadata. This call stages the message for human approval under gated_send mode.

Approve or reject staged messages
python
import httpx

client = httpx.Client(
    base_url="https://api.multimail.dev",
    headers={"Authorization": "Bearer $MULTIMAIL_API_KEY"}
)

"cm"># Check what's waiting for review
pending = client.get("/list_pending").json()
for msg in pending["messages"]:
    print(f"{msg[&"cm">#039;message_id']} → {msg['to']}: {msg['subject']}")

# Approve a specific message
approval = client.post("/decide_email", json={
    "message_id": "msg_01HX...",
    "decision": "approve"
})
print(approval.json())
# {"status": "delivered", "delivered_at": "2026-04-19T14:32:01Z"}

# Reject with a reason the agent can act on
rejection = client.post("/decide_email", json={
    "message_id": "msg_01HY...",
    "decision": "reject",
    "reason": "Tone is too apologetic—revise to be factual only"
})
print(rejection.json())

Poll list_pending to see messages awaiting review, then call decide_email. This is the approval loop that runs on the human operator's side—it can be a dashboard action, a Slack bot, or an automated policy engine.

Python SDK — drop-in for existing Resend integrations
python
from multimail import MultiMail

mm = MultiMail(api_key="$MULTIMAIL_API_KEY")

"cm"># Before (Resend):
"cm"># resend.Emails.send({
"cm">#     "from": "[email protected]",
"cm">#     "to": "[email protected]",
"cm">#     "subject": "...",
"cm">#     "html": "..."
"cm"># })

"cm"># After (MultiMail):
result = mm.emails.send(
    from_address="[email protected]",
    to="[email protected]",
    subject="Your invoice is ready",
    html="<p>Invoice "cm">#2048 for $340 is attached.</p>",
    agent_id="billing-agent",
    oversight_mode="gated_send",
    ai_disclosure=True
)

if result.status == "pending_approval":
    print(f"Awaiting approval: {result.message_id}")
elif result.status == "delivered":
    print(f"Delivered: {result.message_id}")

The multimail-sdk mirrors Resend's call signature so migration is a dependency swap plus adding oversight fields. The SDK handles staging, polling, and retry logic automatically.

MCP tool usage (Claude Desktop / Cursor)
typescript
"cm">// In your MCP-connected agent's tool call sequence:

"cm">// 1. Agent drafts and stages the email
const staged = await mcp.call("send_email", {
  from: "[email protected]",
  to: "[email protected]",
  subject: "Partnership proposal — follow-up",
  body: "Following our call on Thursday, I've outlined three integration options...",
  oversight_mode: "gated_send",
  ai_disclosure: true
});
// Returns: { message_id: "msg_01HX...", status: "pending_approval" }

// 2. Agent checks inbox to confirm prior thread context
const inbox = await mcp.call("check_inbox", {
  mailbox: "[email protected]",
  filter: { from: "[email protected]" },
  limit: 5
});

"cm">// 3. Human approves via decide_email (or the operator's dashboard)
const decision = await mcp.call("decide_email", {
  message_id: staged.message_id,
  decision: "approve"
});

If your agent runs inside an MCP-compatible client, use the send_email and decide_email tools directly. No REST calls needed—the MCP server handles authentication and oversight routing.

Webhook handler for approval events
python
from fastapi import FastAPI, Request
import httpx

app = FastAPI()
mm_client = httpx.Client(
    base_url="https://api.multimail.dev",
    headers={"Authorization": "Bearer $MULTIMAIL_API_KEY"}
)

@app.post("/webhooks/multimail")
async def handle_multimail_event(request: Request):
    event = await request.json()
    event_type = event.get("type")

    if event_type == "message.approved":
        message_id = event["message_id"]
        "cm"># Resume downstream agent task now that email was sent
        await resume_agent_task(message_id)

    elif event_type == "message.rejected":
        message_id = event["message_id"]
        reason = event.get("reason", "")
        "cm"># Pass rejection reason back to agent for revision
        await revise_and_resubmit(message_id, reason)

    elif event_type == "message.delivered":
        "cm"># Log delivery confirmation for audit trail
        print(f"Delivered {event[&"cm">#039;message_id']} at {event['delivered_at']}")

    return {"ok": True}

Wire up a webhook endpoint to receive approval, rejection, and delivery events. This lets your agent pipeline resume automatically after human review without polling.

Benefits

What you get

Cryptographic agent identity

Every message carries an Ed25519-signed identity header declaring the agent model, operator, and oversight mode. Recipients can verify the sender is an AI system and who operates it—something Resend's header infrastructure cannot express.

Graduated oversight built in

gated_send, gated_all, monitored, and autonomous modes are first-class API parameters, not middleware you bolt on. Promote or demote an agent's trust level with a single API call as your confidence in its behavior grows.

EU AI Act Article 50 compliance

The ai_disclosure field and signed identity headers satisfy the Article 50 requirement to inform recipients they are interacting with an AI system. Audit logs record the disclosure state at send time, which is sufficient for regulatory review.

Pre-send domain intelligence

Before delivery, MultiMail checks recipient domains against blocklists, spam trap registries, and deliverability databases. Resend surfaces these failures after sending; MultiMail surfaces them before, so your agent can handle them without burning sender reputation.

Same REST ergonomics, no rewrite required

The MultiMail REST API and Python SDK mirror Resend's call signature. Migration is a dependency swap plus adding oversight fields. Existing error handling, retry logic, and response parsing continue to work.

Formally verified security model

MultiMail's oversight, identity, and authorization properties are proven correct in Lean 4—not tested, proven. This means the oversight layer cannot be bypassed by a code path that Resend's conventional testing would leave open.

Oversight

Recommended oversight mode

Recommended
gated_send
Teams migrating from Resend are typically replacing a human-operated sending pipeline with an agent. gated_send gives the agent full read autonomy while requiring human approval on all outbound messages. This lets you validate agent-authored emails against your communication standards before delivery, building audit history that justifies promoting to monitored or autonomous mode as trust accumulates. It also limits blast radius during the migration period—if the agent misreads context and drafts an inappropriate message, the approval gate catches it before any recipient sees it.
FAQ

Common questions

Can I use MultiMail as a drop-in replacement for Resend?
For the send path, yes. The multimail-sdk mirrors Resend's call signature and the REST endpoint accepts the same from, to, subject, and html fields. You add oversight_mode and ai_disclosure to existing calls. Inbound email, webhooks, and approval flows are MultiMail-specific features with no Resend equivalent—those require net-new integration, not migration.
Does MultiMail support custom domains the way Resend does?
Yes. Provision any domain you control as a MultiMail sending domain via the create_mailbox endpoint. SPF, DKIM, and DMARC records are the same as Resend's setup. Mailboxes on @multimail.dev are available immediately without DNS configuration.
How does the approval flow work in practice?
When an agent sends with gated_send mode, the message is staged and a webhook fires to your configured endpoint. Your operator reviews via the MultiMail dashboard, a custom UI calling decide_email, or an automated policy engine. Approved messages deliver immediately; rejected messages return a structured reason the agent can use to revise. Approvers can also use the decide_email MCP tool directly from Claude Desktop or Cursor.
What is the EU AI Act ai_disclosure field?
EU AI Act Article 50 requires that AI systems interacting with humans by email disclose they are AI-generated. Setting ai_disclosure: true in the send_email call adds a compliant disclosure header and appends a machine-readable footer. The disclosure state is recorded in the audit log at send time. This is not legal advice—review Article 50 requirements with your legal team for your specific deployment context.
How does agent identity verification work?
When you create a mailbox, MultiMail generates an Ed25519 keypair bound to your agent's declared identity metadata (agent_id, model, operator). Outbound messages are signed with this key. Recipients with a compatible mail client or webhook handler can verify the signature against MultiMail's public key registry. This is surfaced as an X-MultiMail-Agent-Identity header on delivered messages.
What happens if I was using Resend's batch send?
MultiMail does not have a single batch endpoint. For agent use cases, sending individually through send_email with per-message oversight metadata is the correct pattern—batch sends cannot carry per-recipient oversight decisions. If you need high-volume sending, use monitored or autonomous mode with per-agent rate controls rather than batching.
Is there a volume limit comparable to Resend's plans?
MultiMail's Builder plan supports 5,000 emails/month across 5 mailboxes, Pro supports 30,000 across 25 mailboxes, and Scale supports 150,000 across 100 mailboxes. Unlike Resend, limits apply at the mailbox level so you can allocate capacity across multiple agents independently.
Related

Explore more use cases

Transactional Email for AI Agents

operations

View guide →

Email API for AI Agents

developer

View guide →

Postmark Alternative for AI Agents

developer

View guide →

SendGrid Alternative for AI Agents

developer

View guide →
Get started

The only agent email with a verifiable sender

Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a 50-tool MCP server. Formally verified in Lean 4.

Read the Docs See Pricing