Email API built for AI agents, not just developers

Resend handles transactional email well. MultiMail handles everything Resend does, plus cryptographic agent identity, graduated oversight, and compliance controls your AI agents actually need.


Why this matters

Resend is a solid email API for human-operated applications. When an AI agent uses it, you immediately hit its limits: there is no way to declare that the sender is an AI system, no built-in mechanism for a human to review or block outbound messages before delivery, and no compliance primitives for EU AI Act disclosure obligations. The result is agents that send email with no audit trail of who approved what, no recipient-verifiable identity, and silent exposure to regulations that treat undisclosed AI communication as a violation. These gaps are not fixable with configuration—they require a different product.


How MultiMail solves this

MultiMail provides the same REST API ergonomics developers expect from Resend, extended with the primitives AI agents require. Every outbound message carries a cryptographically signed X-MultiMail-Identity claim that recipients and mail clients can verify. The oversight layer intercepts sends before delivery and routes them through a configurable approval flow—your human stays in the loop until you've established enough trust to relax controls. A gateway-enforced X-AI-Generated disclosure on every agent-originated message satisfies EU AI Act Article 50 requirements without bolt-on middleware. Pre-send domain intelligence checks recipient domains for known spam traps, blocklists, and deliverability risks before the message leaves your queue. All security properties are formally verified in Lean 4.

1

Create a mailbox with agent identity

Provision a mailbox via the API (POST /v1/mailboxes) or the create_mailbox MCP tool. The mailbox is bound to the operator's signing identity and oversight mode. MultiMail signs every outbound message with an ECDSA P-256 key, producing an X-MultiMail-Identity claim over the oversight mode, capabilities, AI-generated flag, and operator plus mailbox identity, so recipients can verify the sender is an AI system operating under declared oversight.

2

Send with gated_send oversight

Your agent calls the send_email tool (or POST /v1/mailboxes/{mailbox_id}/send) much as it would call Resend's API. With gated_send mode, the 202 response returns status pending_scan and a notification is sent to your designated approver—the message is held, not delivered. The agent receives the email id it can poll or watch for via webhook.

3

Human reviews and approves

The approver calls decide_email with approve or reject. Approved messages are delivered immediately with the agent identity header intact. Rejected messages are cancelled and the agent receives a structured reason it can use to revise and resubmit.

4

Graduate to monitored or autonomous

As your agent demonstrates reliable behavior, promote its oversight mode via the API. In monitored mode the agent sends autonomously while the human receives BCC copies. In autonomous mode, the agent operates without interruption. Each mode change is logged in the audit trail.

5

Verify compliance posture

Every agent-originated message carries an X-AI-Generated: true header plus a human-readable disclosure footer that satisfies EU AI Act Article 50 transparency requirements. This is gateway-enforced per mailbox—the ai_disclosure setting is locked on and cannot be disabled. The audit log records approval decisions, agent identity, and oversight mode at send time—sufficient for regulatory review without additional instrumentation.


Try it with your agent

Pick your platform, copy the prompt, and paste it to your AI agent — it sets up MultiMail and builds the whole flow. Nothing to fill in.

1. Read https://multimail.dev/llms.txt, connect the MultiMail MCP server, create a free inbox, and set up a verified sender. 2. In HubSpot, use workflow enrollment triggers for the records this agent should email, such as new contact, deal stage change, form submission, or lifecycle stage change, and add a webhook or custom code action to notify the agent with the relevant record ID. 3. For each enrolled record, have the agent read the contact, company, deal, recent activity, consent status, and owner details from HubSpot, then draft the appropriate email with clear AI disclosure, brand voice, and record-specific personalization. 4. Compose and schedule the message through MultiMail in gated_send mode so a human can approve, edit, or block every outbound email before delivery. 5. Ask me only for HubSpot credentials, the sending brand details, approval owner, and the verified sender information needed to go live.

What you get

Cryptographic agent identity

Every message carries an ECDSA P-256 signed X-MultiMail-Identity claim declaring the oversight mode, capabilities, AI-generated flag, and operator plus mailbox identity. Recipients can verify the sender is an AI system and who operates it—something Resend's header infrastructure cannot express.

Graduated oversight built in

gated_send, gated_all, monitored, and autonomous modes are first-class API parameters, not middleware you bolt on. Promote or demote an agent's trust level with a single API call as your confidence in its behavior grows.

EU AI Act Article 50 compliance

The gateway-enforced X-AI-Generated: true header (locked on per mailbox) plus the signed identity claim satisfy the Article 50 requirement to inform recipients they are interacting with an AI system. Audit logs record identity and oversight mode at send time, which is sufficient for regulatory review.

Pre-send domain intelligence

Before delivery, MultiMail checks recipient domains against blocklists, spam trap registries, and deliverability databases. Resend surfaces these failures after sending; MultiMail surfaces them before, so your agent can handle them without burning sender reputation.

Same REST ergonomics, no rewrite required

The MultiMail REST API mirrors Resend's call signature—call it directly with requests or httpx, no SDK to install. Migration is mapping the send body onto { to, subject, markdown } plus configuring oversight on the mailbox. Existing error handling, retry logic, and response parsing continue to work.

Formally verified security model

MultiMail's oversight, identity, and authorization properties are proven correct in Lean 4—not tested, proven. This means the oversight layer cannot be bypassed by a code path that Resend's conventional testing would leave open.


Recommended oversight mode

Recommended
gated_send
Teams migrating from Resend are typically replacing a human-operated sending pipeline with an agent. gated_send gives the agent full read autonomy while requiring human approval on all outbound messages. This lets you validate agent-authored emails against your communication standards before delivery, building audit history that justifies promoting to monitored or autonomous mode as trust accumulates. It also limits blast radius during the migration period—if the agent misreads context and drafts an inappropriate message, the approval gate catches it before any recipient sees it.

Common questions

Can I use MultiMail as a drop-in replacement for Resend?
For the send path, mostly. There is no SDK to install—you call the REST API directly—but MultiMail's send route maps Resend's to and subject onto { to, subject, markdown }: the sender is the mailbox in the path (no from field), the body is a single markdown field rather than html, and identity and AI disclosure are applied automatically rather than passed as fields. Oversight is configured on the mailbox. Inbound email, webhooks, and approval flows are MultiMail-specific features with no Resend equivalent—those require net-new integration, not migration.
Does MultiMail support custom domains the way Resend does?
Yes. Provision any domain you control as a MultiMail sending domain via the create_mailbox endpoint. SPF, DKIM, and DMARC records are the same as Resend's setup. Mailboxes on @multimail.dev are available immediately without DNS configuration.
How does the approval flow work in practice?
When an agent sends with gated_send mode, the message is staged and a webhook fires to your configured endpoint. Your operator reviews via the MultiMail dashboard, a custom UI calling decide_email, or an automated policy engine. Approved messages deliver immediately; rejected messages return a structured reason the agent can use to revise. Approvers can also use the decide_email MCP tool directly from Claude Desktop or Cursor.
How does MultiMail handle EU AI Act AI disclosure?
EU AI Act Article 50 requires that AI systems interacting with humans by email disclose they are AI-generated. MultiMail does this at the gateway: every agent-originated message gets an X-AI-Generated: true header plus a human-readable disclosure footer. It is enforced per mailbox—the ai_disclosure setting is locked on and cannot be disabled, so there is no per-send flag to set or forget. Identity and oversight mode are recorded in the audit log at send time. This is not legal advice—review Article 50 requirements with your legal team for your specific deployment context.
How does agent identity verification work?
Outbound messages are signed with an ECDSA P-256 key, producing an X-MultiMail-Identity header: a base64url payload plus signature covering the oversight mode, capabilities, AI-generated flag, and operator plus mailbox identity. Recipients fetch the one signing public key from https://api.multimail.dev/.well-known/multimail-signing-key and verify the claim themselves—or use the hosted verifier at https://multimail.dev/verify#<header-value>. There is no identity-lookup API; the claim is self-contained in the message.
What happens if I was using Resend's batch send?
MultiMail does not have a single batch endpoint. For agent use cases, sending individually with send_email is the correct pattern—each send is governed by the mailbox's oversight mode, and batch sends cannot carry per-recipient oversight decisions. If you need high-volume sending, use a mailbox in monitored or autonomous mode with per-agent rate controls rather than batching.
Is there a volume limit comparable to Resend's plans?
MultiMail's Builder plan supports 5,000 emails/month across 5 mailboxes, Pro supports 30,000 across 25 mailboxes, and Scale supports 150,000 across 100 mailboxes. Unlike Resend, limits apply at the mailbox level so you can allocate capacity across multiple agents independently.

Explore more use cases

The only agent email with a verifiable sender

Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a hosted MCP server. Formally verified in Lean 4.