Six states now require AI chatbot disclosure. When your AI agent emails consumers, those laws apply. MultiMail adds signed disclosure headers and body text automatically.
US states are passing AI chatbot disclosure laws faster than Congress can act. Maine LD 1727 (effective September 24, 2025) requires disclosure when AI chatbots communicate with consumers. New York S-3008C (effective November 5, 2025) mandates disclosure at first contact and every three hours. California SB 243 (effective January 1, 2026) adds minor protections on top of disclosure. Illinois and Colorado have their own requirements for AI in employment and consequential decisions. No state law explicitly mentions email, but the language is broad: Maine covers any 'AI chatbot used to communicate with consumers.' When your AI agent sends email to a consumer in Maine, that is an AI chatbot communicating with a consumer. Compliance teams face a patchwork of effective dates, disclosure intervals, and scope definitions that change by state and update frequently.
MultiMail provides three layers of AI disclosure on every outbound email: the AI-generated flag inside the cryptographically signed X-MultiMail-Identity claim (tamper-proof), the X-AI-Generated: true convenience header (machine-readable), and a human-readable disclosure footer injected into the message body. All three are enforced at the send gateway and locked on for every mailbox — disclosure cannot be disabled or omitted. The audit log records that disclosure was present on every message, giving compliance teams evidence for regulatory inquiries.
Create a dedicated mailbox for each email program. AI disclosure is enforced at the send gateway and locked on for every mailbox, so every message — to a Maine, New York, or California recipient — automatically carries the signed AI-generated claim, the X-AI-Generated: true header, and a human-readable disclosure footer. Use separate mailboxes per program to keep audit trails cleanly scoped for state-by-state evidence.
Your AI agent drafts outbound emails as usual. MultiMail automatically attaches the X-MultiMail-Identity header — an ECDSA P-256 signed claim whose payload includes the AI-generated flag — plus the X-AI-Generated: true convenience header, to every message. Both are gateway-enforced; no per-mailbox or per-send configuration is required.
MultiMail injects a human-readable AI disclosure footer into the body of every outbound message at the send gateway. Because the footer is added on every send — not once per conversation — each email in a thread carries the disclosure independently, which covers re-disclosure expectations such as New York's repeated-disclosure requirement without relying on the agent to remember.
Under gated_send oversight, a compliance officer or legal reviewer approves each email before delivery, verifying that the correct state-specific disclosure is present and the content meets regulatory requirements.
Every sent email is logged with its disclosure status, headers, and body text. When a state regulator asks for evidence of compliance, you export the audit log filtered by date range and recipient state.
Pick your platform, copy the prompt, and paste it to your AI agent — it sets up MultiMail and builds the whole flow. Nothing to fill in.
The AI-generated flag lives inside the cryptographically signed X-MultiMail-Identity claim, providing tamper-proof evidence that disclosure was present. Unlike a plain-text disclaimer, the signed claim cannot be stripped or altered after sending without invalidating the signature.
Run a dedicated mailbox per state program, each with its own sender identity (display_name and signature_block), so audit trails are cleanly separable when a state regulator asks for evidence. The AI disclosure itself is identical and enforced on every mailbox — the per-state separation is organizational, for clean reporting.
Every outbound email is logged with its disclosure status, headers, and delivery timestamp. When a state attorney general or regulatory body requests evidence of compliance, the audit log provides it.
Gated send ensures a compliance officer reviews each email before it reaches a consumer. This catches edge cases where AI-generated content might trigger additional state-specific requirements.
As additional states pass AI disclosure laws, you add a new mailbox scoped to that program. Because disclosure is enforced at the gateway on every mailbox, new mailboxes are compliant the moment they exist — the signed claim, X-AI-Generated header, disclosure footer, and audit trail already cover any state's disclosure requirement.
Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a hosted MCP server. Formally verified in Lean 4.