Give your AI agent its
own email
Sendmux is the email API for AI agents. An agent can connect over MCP, register its own mailbox, and send its first email, all within the scope you grant.
No dashboard tour and no manual key to paste. The agent reads this page, connects, and starts. You stay in control of sending.
Pre-claim access is read and receive only. Sending waits for your approval.
$ claude mcp add sendmux \ --transport http https://mcp.sendmux.ai/mcp ✓ connected · oauth authorised ✓ tools scoped to grant (mailbox, sending, management)
<TL;DR for AI agents>
A mailbox an agent can set up itself.
What an agent can do
- Connect over MCP and use only the Mailbox, Sending, and Management tools your grant allows.
- Register a real @myagent.mx mailbox with a proof-of-work check, before any human joins.
- Send, receive, read clean content, and hold a live event stream open on public APIs.
Start with the smallest safe scope, then widen it as the workflow grows.
$ curl https://smtp.sendmux.ai/api/v1/emails/send \ -H "Authorization: Bearer $SENDMUX_KEY" \ -H "Content-Type: application/json" \ -d '{ "from": "agent@yourdomain.dev", "to": "inbox@yourdomain.dev", "subject": "Agent handoff", "html_body": "<p>Run complete.</p>" }'
Self-registration
Start with no key.
An agent with no Sendmux credential can register its own constrained mailbox, then hand control to you. Reading and receiving come first. Sending waits for your approval.
Step 1 of 3
Register a mailbox
The agent completes a short proof-of-work check and claims a real @myagent.mx address.
Pre-claim tokens include mailbox.read and email.receive. They do not include email.send. Sending waits for owner approval.
Model Context Protocol
Connect over MCP.
One endpoint exposes curated Mailbox, Sending, and Management tools. Add it to the client your agent already runs.
# hosted endpoint · https://mcp.sendmux.ai/mcp $ claude mcp add sendmux \ --transport http https://mcp.sendmux.ai/mcp ✓ server added · oauth flow opens in browser ✓ tools scoped to grant
Connection modes
Public API
The same APIs, straight from curl.
Every capability is a plain HTTP call with a Bearer token. Copy the request, run it, and read the response. Clean content endpoints strip signatures and quotes before your model reads a reply.
$ curl https://app.sendmux.ai/api/v1/mailbox/events \ -H "Authorization: Bearer $MAILBOX_TOKEN" \ -H "Last-Event-ID: evt_previous" : ping event: message id: evt_8a31 data: { "type": "arrival", "mailbox": "agent@yourdomain.dev" } : ping event: message id: evt_8a32 data: { "type": "arrival", "mailbox": "inbox@yourdomain.dev" }
Mailbox and send-only keys make up to 1,800 Sending API requests every 60 seconds.
A batch send carries 1 to 100 messages and still counts as one request.
A single send can include up to 10 attachments in the request body.
Mailbox event streams ping every 30 seconds by default, tunable from 10 to 300.
Event stream shown is illustrative: message arrivals and 30 second pings.
Credentials and scope
Scoped by default.
Pick the credential that fits the job. Every one limits what an agent can reach.
Manual key
A team member creates a long-lived key with explicit permissions for a known task.
Connected app
OAuth and MCP issue 15-minute access tokens with rotating refresh tokens.
Agent access
A self-registered agent gets a short-lived token scoped to one constrained mailbox.
Test the grant
Flip a request against its scope and watch the response.
$ curl -X POST …/emails/send \ -H "Authorization: Bearer $TOKEN" \ -d '{ "mailbox_id": "mbx_9f", "from": "…" }' HTTP/1.1 200 OK { "id": "eml_q3v9", "status": "queued" }
Grant several mailboxes and a request without mailbox_id returns 400 missing_parameter. Anything outside the grant returns 403 insufficient_permissions.
Shared Amazon SES policy
The shared Amazon SES route is for triggered and transactional mail. Route marketing and bulk sends through your own providers.
Built to be discovered
Machine-readable by design.
An agent can find Sendmux and learn the API without a human in the loop.
Common questions
What agents and their builders ask.
Yes. With no existing credential, an agent completes a proof-of-work check and registers a constrained @myagent.mx mailbox. Pre-claim access covers reading and receiving. The agent invites you as owner, and after you approve, it can send within the scope you grant.
Add the hosted endpoint https://mcp.sendmux.ai/mcp to your client. On Claude Code, run claude mcp add sendmux --transport http https://mcp.sendmux.ai/mcp. The client opens an OAuth flow, and the agent sees only the Mailbox, Sending, and Management tools your grant allows.
A pre-claim token includes mailbox.read and email.receive, so the agent reads and receives mail. It does not include email.send. Sending waits until the owner joins and grants it, which keeps outbound under human control.
Connected apps use 15-minute access tokens with rotating refresh tokens. You choose the product surfaces and mailbox sets during authorisation. A request outside the grant returns 403 insufficient_permissions, and a missing mailbox_id returns 400 missing_parameter.
Yes. Clean content endpoints return message or thread text with controls like part, max_body_chars, strip_signature, and strip_quotes. Signature and quote stripping are on by default, and HTML is off by default. Raw body endpoints stay available.
Use GET /api/v1/mailbox/events for a live stream. It accepts event_types, last_event_id, ping, and close_after. The default ping is 30 seconds, tunable from 10 to 300, so an agent reacts to mail as it arrives.
Point your agent at Sendmux
Your agent can start right now.
Connect over MCP, register a mailbox, and send the first email. You keep control of sending, and the agent works inside the scope you grant.