Smart Alerts That Cut Through the Noise

AI filters, prioritizes, and enriches system alerts before sending. Your team gets actionable notifications, not alert fatigue.

The problem

Why this matters

Alert fatigue is a real operational risk. Monitoring systems generate hundreds of notifications daily, and teams learn to ignore them. When a genuinely critical alert fires, it gets buried in the noise. The root cause isn't too many alerts — it's that alerts lack prioritization, context, and intelligent filtering.

The solution

How MultiMail solves this

MultiMail's AI agent sits between your monitoring systems and your team's inbox. It evaluates each alert's severity, enriches it with contextual data (recent deployments, related metrics, historical patterns), and sends only actionable notifications. Autonomous oversight ensures zero delay on critical alerts.

1

Receive Metric Events

Your monitoring system (Datadog, Prometheus, CloudWatch, etc.) sends metric threshold events to the AI agent via webhook when values exceed configured limits.

2

Evaluate and Prioritize

The AI evaluates each alert's severity based on the metric, threshold breach magnitude, duration, and whether related metrics are also anomalous. It filters transient spikes from sustained issues.

3

Enrich with Context

The agent adds context: recent deployments, correlated metrics, historical patterns for this metric, and suggested investigation steps. This turns a raw alert into an actionable notification.

4

Send Prioritized Alert

Critical alerts are sent immediately via send_email. Lower-priority alerts are batched into digest emails. The agent adjusts recipients based on severity and on-call schedule.

Code examples

Implementation

Process and Enrich Alert
python
import requests

API = "https://api.multimail.dev/v1"
HEADERS = {"Authorization": "Bearer mm_live_xxx"}

def process_alert(alert: dict):
    "cm"># Evaluate severity
    severity = evaluate_severity(alert)
    if severity == "noise":
        return  "cm"># Filter transient spikes

    "cm"># Enrich with context
    context = {
        "recent_deploys": get_recent_deployments(),
        "related_metrics": get_correlated_metrics(alert["metric"]),
        "history": get_metric_history(alert["metric"], days=7)
    }

    body = (
        f"[{severity.upper()}] {alert[&"cm">#039;metric']} on {alert['host']}\n\n"
        f"Current value: {alert[&"cm">#039;value']}\n"
        f"Threshold: {alert[&"cm">#039;threshold']}\n"
        f"Duration: {alert[&"cm">#039;duration']}\n\n"
        f"Context:\n"
        f"  Recent deploys: {context[&"cm">#039;recent_deploys']}\n"
        f"  Related metrics: {context[&"cm">#039;related_metrics']}\n\n"
        f"Suggested actions:\n{suggest_actions(alert, context)}"
    )

    recipient = get_oncall_email(severity)
    requests.post(
        f"{API}/send",
        headers=HEADERS,
        json={
            "from": "[email protected]",
            "to": recipient,
            "subject": f"[{severity.upper()}] {alert[&"cm">#039;metric']} at {alert['value']} - {alert['host']}",
            "text_body": body
        }
    )

Receive monitoring alerts, add context, and send enriched notifications.

Batch Low-Priority Alerts into Digest
python
import requests

API = "https://api.multimail.dev/v1"
HEADERS = {"Authorization": "Bearer mm_live_xxx"}

def send_alert_digest(alerts: list):
    """Send a digest of low-priority alerts every 30 minutes."""
    if not alerts:
        return

    summary = f"Alert Digest: {len(alerts)} notifications\n\n"
    for alert in alerts:
        summary += (
            f"- [{alert[&"cm">#039;severity']}] {alert['metric']} = {alert['value']} "
            f"on {alert[&"cm">#039;host']} ({alert['duration']})\n"
        )

    summary += f"\n{len(alerts)} alerts in the last 30 minutes."

    requests.post(
        f"{API}/send",
        headers=HEADERS,
        json={
            "from": "[email protected]",
            "to": "[email protected]",
            "subject": f"Alert Digest: {len(alerts)} notifications",
            "text_body": summary,
            "html_body": build_digest_html(alerts)
        }
    )

Consolidate non-critical alerts into a periodic digest email.

MCP Tool Integration
typescript
"cm">// Using MultiMail MCP tools for system alerts

async function processAlert(alert: MetricAlert) {
  const severity = evaluateSeverity(alert);
  if (severity === "noise") return;

  const context = await gatherContext(alert);
  const recipient = getOncallEmail(severity);

  "cm">// Send enriched alert
  await mcp.send_email({
    to: recipient,
    subject: `[${severity.toUpperCase()}] ${alert.metric} at ${alert.value} - ${alert.host}`,
    text_body: [
      `${alert.metric} on ${alert.host}`,
      `Current: ${alert.value} | Threshold: ${alert.threshold}`,
      `Duration: ${alert.duration}`,
      ``,
      `Context:`,
      `  Recent deploys: ${context.recentDeploys.join(", ")}`,
      `  Related anomalies: ${context.relatedMetrics.join(", ")}`,
      ``,
      `Suggested actions:`,
      ...context.suggestedActions.map(a => `  - ${a}`)
    ].join("\n")
  });
}

Process system alerts using MultiMail MCP tools.

Benefits

What you get

Eliminate Alert Fatigue

AI filters transient spikes and noise, sending only actionable alerts. Your team trusts their inbox again because every alert they receive matters.

Context-Rich Notifications

Every alert includes recent deployments, correlated metrics, and suggested actions. Engineers start investigating immediately instead of spending 10 minutes gathering context.

Intelligent Routing

Critical alerts go to on-call engineers immediately. Lower-priority alerts are batched into digests. The right person gets the right alert at the right time.

Zero-Delay Critical Alerts

Autonomous mode ensures critical system alerts are delivered instantly. When your database CPU is at 95%, there's no time for an approval queue.

Oversight

Recommended oversight mode

Recommended
autonomous
System alerts are time-critical, data-driven, and internal. Delaying a critical alert for human approval defeats the purpose of alerting. Autonomous mode ensures instant delivery while the AI's filtering logic prevents alert fatigue.
FAQ

Common questions

How does the AI filter noise from real alerts?
The AI evaluates multiple factors: duration of the threshold breach (transient spikes vs. sustained issues), magnitude of the breach, correlation with other metrics, and historical patterns. A brief CPU spike during a deployment is noise; a sustained CPU increase with growing error rates is actionable. You configure the filtering rules.
Can I route alerts to different teams based on the metric?
Yes. Configure routing rules that send database alerts to the DBA team, application errors to backend engineering, and infrastructure alerts to the SRE team. The AI agent applies these rules automatically and adjusts for on-call schedules.
How do I avoid duplicate alerts for the same issue?
The agent tracks active alert states and suppresses duplicate notifications for the same metric/host combination. It sends a new notification only when the severity changes (e.g., warning to critical) or when the issue resolves.
Why email instead of Slack or PagerDuty?
Email is a durable channel that's harder to miss than a Slack message and provides a permanent record. Use email as a complement to your existing alerting tools, not a replacement. Many teams use PagerDuty for paging and MultiMail for enriched email summaries that provide investigation context.
Related

Explore more use cases

Incident Reports

operations

View guide →

Deployment Alerts

developer

View guide →
Get started

The only agent email with a verifiable sender

Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a 38-tool MCP server. Formally verified in Lean 4.

Read the Docs See Pricing