SendGrid sends email. MultiMail makes agent email accountable.

SendGrid is built for human senders at scale. MultiMail is built for AI agents that need cryptographic identity, graduated oversight, and EU AI Act compliance baked in.

The problem

Why this matters

SendGrid is a mature, reliable platform for transactional and marketing email. It handles billions of messages, has strong deliverability, and integrates with virtually everything. But it was designed for human-operated systems — marketing teams, SaaS apps, notification pipelines. When you put an AI agent behind a SendGrid account, you inherit every problem that comes with that mismatch. There is no concept of agent identity in SendGrid. An email sent by a GPT-4 agent looks identical to one sent by a human rep. There is no way to cryptographically sign the message to prove which model sent it, under which version, with which system prompt. Regulators in the EU are beginning to require AI disclosure on automated communications — SendGrid has no mechanism for this. There are no oversight modes. Either your agent can send, or it can't. There is no built-in approval queue, no gated-send flow, no way to let a human review outbound messages before delivery without building that infrastructure yourself. SendGrid will faithfully deliver whatever your agent tells it to, including mistakes. SendGrid also has no pre-send domain intelligence. Your agent can send to a bad address, a role account, a disposable inbox, or a honeypot — and the first signal you get is a bounce or a spam complaint that damages your sender reputation. There is no layer between compose and deliver. For teams that already run SendGrid for human-authored email, adding an AI agent to that same account creates accountability gaps that are increasingly difficult to defend — to your users, your legal team, and regulators.

The solution

How MultiMail solves this

MultiMail provides the infrastructure layer that SendGrid does not: cryptographic agent identity, graduated human oversight, pre-send intelligence, and EU AI Act compliance — all exposed through a REST API, MCP server, and Python SDK designed around how agents actually work. Every message sent through MultiMail carries a cryptographic signature linking it to a specific agent identity — model, version, system prompt hash. Recipients and regulators can verify who sent what. The `gated_send` oversight mode lets your agent compose and read autonomously while routing all outbound sends to a human approval queue. You can tighten or loosen oversight per mailbox, per agent, or per action type without rebuilding your pipeline. Migrating from SendGrid means replacing `sgMail.send()` with a single `POST /send_email` call. The API surface is comparable in complexity; the accountability guarantees are not.

1

Create a mailbox with agent identity

Provision a mailbox via `POST /create_mailbox`. Each mailbox is bound to an agent identity — a cryptographic keypair that signs every outbound message. Recipients receive a verifiable header indicating the sending model and version. This replaces the anonymous 'sent from our platform' pattern that SendGrid allows.

2

Set oversight mode to gated_send

Configure the mailbox with `oversight_mode: gated_send`. Your agent can read the inbox and compose drafts autonomously. Any call to `send_email` or `reply_email` creates a pending approval item instead of delivering immediately. A human reviewer sees the composed message and approves or rejects it via the approval API or MCP tool.

3

Run pre-send domain intelligence

Before queueing a send, MultiMail checks the recipient domain and address against deliverability signals — disposable inbox detection, role account identification, domain reputation, and MX record validation. Sends to high-risk addresses are flagged or blocked before they can damage your sender reputation. This check runs automatically; you do not need to integrate a separate validation service.

4

Queue and monitor pending sends

Use `list_pending` to retrieve all messages awaiting approval. Each item includes the composed body, recipient, agent identity metadata, and a timestamp. Call `decide_email` with `approved: true` or `approved: false` to release or discard the message. Webhook events fire on approval, rejection, and delivery confirmation.

5

Attach EU AI Act disclosure headers

MultiMail automatically attaches the agent identity and disclosure metadata required under EU AI Act Article 50 for AI-generated communications. The header includes the model identifier, sending timestamp, and a content classification flag. This runs on every outbound message without additional configuration.

Code examples

Implementation

Send an email (MultiMail vs SendGrid)
python
"cm"># SendGrid — no identity, no oversight
import sendgrid
from sendgrid.helpers.mail import Mail

sg = sendgrid.SendGridAPIClient(api_key=&"cm">#039;SG.xxxx')
message = Mail(
    from_email=&"cm">#039;[email protected]',
    to_emails=&"cm">#039;[email protected]',
    subject=&"cm">#039;Follow-up from your account review',
    plain_text_content=&"cm">#039;Hi, your account review is complete.'
)
sg.client.mail.send.post(request_body=message.get())
"cm"># Delivered immediately, no identity, no approval gate

"cm"># MultiMail — identity signed, gated_send oversight
import requests

response = requests.post(
    &"cm">#039;https://api.multimail.dev/send_email',
    headers={&"cm">#039;Authorization': 'Bearer $MULTIMAIL_API_KEY'},
    json={
        &"cm">#039;mailbox': '[email protected]',
        &"cm">#039;to': '[email protected]',
        &"cm">#039;subject': 'Follow-up from your account review',
        &"cm">#039;body': 'Hi, your account review is complete.',
        &"cm">#039;oversight_mode': 'gated_send'
    }
)
# Returns pending approval item ID — not delivered until human approves
print(response.json())
# {'status': 'pending', 'approval_id': 'apr_01HZ...', 'agent_identity': 'agt_01HZ...'}

Direct comparison of the send call. MultiMail's API surface is similar in complexity to SendGrid's Node.js library, with identity and oversight built in.

List and approve pending sends
python
import requests

BASE = &"cm">#039;https://api.multimail.dev'
HEADERS = {&"cm">#039;Authorization': 'Bearer $MULTIMAIL_API_KEY'}

"cm"># Fetch all messages awaiting human approval
pending = requests.get(f&"cm">#039;{BASE}/list_pending', headers=HEADERS).json()

for item in pending[&"cm">#039;items']:
    print(f"From: {item[&"cm">#039;mailbox']}")
    print(f"To:   {item[&"cm">#039;to']}")
    print(f"Subj: {item[&"cm">#039;subject']}")
    print(f"Body: {item[&"cm">#039;body_preview']}")
    print(f"Agent: {item[&"cm">#039;agent_identity']['model']} v{item['agent_identity']['version']}")
    print()

    "cm"># Human reviews and approves
    decision = requests.post(
        f&"cm">#039;{BASE}/decide_email',
        headers=HEADERS,
        json={
            &"cm">#039;approval_id': item['approval_id'],
            &"cm">#039;approved': True,
            &"cm">#039;note': 'Reviewed — accurate and on-brand'
        }
    )
    print(f"Decision: {decision.json()[&"cm">#039;status']}")  # 'delivered'

The approval loop that SendGrid requires you to build yourself. MultiMail provides it as a first-class API.

MCP tool usage from Claude Desktop
typescript
"cm">// In your MCP-connected agent (Claude Desktop, Cursor, Windsurf, etc.)
"cm">// MultiMail exposes these tools natively — no wrapper code required

"cm">// Tool: send_email
"cm">// The MCP server handles auth, identity signing, and oversight routing
const draft = await mcp.call('send_email', {
  mailbox: '[email protected]',
  to: '[email protected]',
  subject: 'Your onboarding checklist is ready',
  body: 'Hi David, your onboarding checklist is ready to review.\n\nStep 1: Connect your domain...',
  "cm">// oversight_mode inherited from mailbox config (gated_send)
});
"cm">// Returns: { status: 'pending', approval_id: 'apr_01HZ...', delivery_eta: null }

"cm">// Tool: list_pending — check what's waiting for approval
const queue = await mcp.call('list_pending', {
  mailbox: '[email protected]',
  limit: 10
});

// Tool: decide_email — approve or reject
const result = await mcp.call('decide_email', {
  approval_id: queue.items[0].approval_id,
  approved: true
});
// result.status === 'delivered'

When your agent runs inside an MCP-compatible client, use MultiMail's 43 MCP tools directly — no HTTP client needed.

Inbound email processing via webhook
python
"cm"># Webhook handler — receives inbound email events
from flask import Flask, request, jsonify
import requests

app = Flask(__name__)
BASE = &"cm">#039;https://api.multimail.dev'
HEADERS = {&"cm">#039;Authorization': 'Bearer $MULTIMAIL_API_KEY'}

@app.route(&"cm">#039;/webhooks/multimail', methods=['POST'])
def handle_inbound():
    event = request.json

    if event[&"cm">#039;type'] == 'email.received':
        email_id = event[&"cm">#039;email_id']

        "cm"># Read full email content
        email = requests.get(
            f&"cm">#039;{BASE}/read_email',
            headers=HEADERS,
            params={&"cm">#039;email_id': email_id}
        ).json()

        "cm"># Get full thread for context
        thread = requests.get(
            f&"cm">#039;{BASE}/get_thread',
            headers=HEADERS,
            params={&"cm">#039;thread_id': email['thread_id']}
        ).json()

        "cm"># Agent processes and composes reply
        "cm"># (your LLM call here, passing thread context)
        reply_body = agent_compose_reply(thread)

        "cm"># Send reply — routes to gated_send approval queue
        requests.post(
            f&"cm">#039;{BASE}/reply_email',
            headers=HEADERS,
            json={
                &"cm">#039;email_id': email_id,
                &"cm">#039;body': reply_body
            }
        )

    return jsonify({&"cm">#039;ok': True})

Reading replies and routing them to your agent. MultiMail delivers inbound events to your webhook endpoint with full thread context.

Benefits

What you get

Cryptographic agent identity on every message

Every email MultiMail sends carries a verifiable signature tied to the agent that composed it — model name, version, and system prompt hash. SendGrid has no equivalent. When a recipient or regulator asks 'did an AI write this?', you have a cryptographic answer, not a policy statement.

Graduated oversight without custom infrastructure

SendGrid delivers what you tell it to. MultiMail gives you five oversight modes — from read-only to fully autonomous — that you configure per mailbox. The `gated_send` default lets agents compose freely while humans review before delivery. No approval queue to build, no webhook plumbing to maintain.

EU AI Act compliance by default

EU AI Act Article 50 requires disclosure when AI generates communications to natural persons. MultiMail attaches compliant disclosure metadata to every outbound message automatically. SendGrid does not implement this. Teams shipping to EU users need this handled at the infrastructure layer, not bolted on later.

Pre-send domain intelligence

MultiMail checks recipient addresses for disposable inboxes, role accounts, MX record validity, and domain reputation before queuing a send. Bad sends damage deliverability. Catching them before delivery — not after the bounce — keeps your sender score intact. SendGrid has no equivalent pre-send gate.

API designed around agent workflows

SendGrid's API is designed for applications that know what they want to send. MultiMail's API is designed for agents that compose, read replies, classify threads, tag messages, and decide whether to send — with `check_inbox`, `read_email`, `get_thread`, `tag_email`, and `manage_contacts` as first-class operations alongside `send_email`.

Oversight

Recommended oversight mode

Recommended
gated_send
Teams migrating from SendGrid are often replacing an existing human-operated email workflow with an agent. The `gated_send` mode preserves the review step that humans previously performed: the agent handles reading, classification, and composition autonomously, but outbound sends land in an approval queue before delivery. This gives the team visibility into agent behavior during the migration period without blocking the agent from doing useful work. Once the team has built confidence in the agent's output quality — typically after two to four weeks of reviewing approvals — they can move to `monitored` mode, where sends go through but humans receive notifications. The move to `autonomous` should be deliberate and policy-driven, not a default.
FAQ

Common questions

Can I keep using SendGrid for human-authored email and use MultiMail only for agent email?
Yes. The two systems operate independently. Many teams run SendGrid for marketing and transactional email triggered by human actions, and route only agent-composed messages through MultiMail. You provision a separate mailbox on MultiMail for each agent, and your existing SendGrid setup is unaffected. The agent identity and oversight infrastructure applies only to messages sent through MultiMail.
What happens to emails the agent sends that are rejected in the approval queue?
Rejected messages are discarded and never delivered. The rejection event fires a webhook to your endpoint with the `approval_id`, the reviewer's note if one was provided, and the composed message body. Your agent can read this event via the `email.rejected` webhook type and decide whether to revise and requeue or abandon the send. Call `cancel_message` if you want to explicitly remove a pending item before it is reviewed.
Does MultiMail support custom sending domains, or do I have to use @multimail.dev addresses?
Both. You can provision mailboxes on your own domain (e.g., `[email protected]`) by adding the required DNS records — SPF, DKIM, and DMARC — that MultiMail provides during setup. You can also use `@multimail.dev` subdomains for testing or for agents where you prefer not to expose your primary domain. Agent identity signing works the same way regardless of which domain the mailbox sits on.
How does EU AI Act compliance work in practice? What exactly is attached to outbound messages?
MultiMail adds a machine-readable `X-AI-Agent` header to each outbound message containing the agent identity token, the model identifier (e.g., `claude-3-5-sonnet`), the send timestamp, and a content classification flag. For HTML email, MultiMail can optionally inject a visible disclosure footer. The header format follows the draft technical specification published alongside EU AI Act Article 50 guidance. You do not need to configure this — it is attached automatically to every message sent through a MultiMail mailbox.
How difficult is migration from SendGrid? Do I need to rewrite my email pipeline?
The core send operation is a single API call change. Replace `sgMail.send()` with `POST https://api.multimail.dev/send_email` using the same fields — `to`, `subject`, `body`, `from`. The main behavioral difference is that if your mailbox uses `gated_send`, the call returns a pending approval item rather than a delivery confirmation. If you need immediate delivery during migration, set `oversight_mode: autonomous` temporarily and tighten it once your team has validated the agent's output. The Python SDK (`multimail-sdk`) provides a drop-in `send_email` function if you prefer not to use raw HTTP.
Does MultiMail handle deliverability the way SendGrid does — dedicated IPs, warm-up, bounce handling?
MultiMail manages deliverability infrastructure including DKIM signing, SPF alignment, bounce processing, and unsubscribe handling. Dedicated IP pools are available on the Pro and Scale plans. The pre-send domain intelligence layer reduces bounce rates by catching bad addresses before delivery, which improves sender reputation over time. MultiMail is not a bulk marketing email platform — it is optimized for transactional and agent-to-human volumes, not newsletter-scale campaigns. If you are sending millions of marketing emails per month, you likely want to keep SendGrid for that workload and use MultiMail only for agent-originated messages.
Related

Explore more use cases

Transactional Email for AI Agents

operations

View guide →

Email API for AI Agents

developer

View guide →

Email Deliverability Optimization

operations

View guide →

Resend Alternative for AI Agents

developer

View guide →
Get started

The only agent email with a verifiable sender

Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a 50-tool MCP server. Formally verified in Lean 4.

Read the Docs See Pricing