mailfrom v0.1 · alpha
§ 00 · introducing mailfrom — the email API for agents
2026 · self-hostable · open core

An email API designed for agents,
not just users.

Power AI mail clients, agentic workflows, and inbox automation on real user accounts — with scoped grants that keep your agents on a leash. Skip IMAP, SMTP, and the twelve flavors of OAuth. Self-host the whole thing if you want to.

get an API key see how it works
no credit card self-host or hosted
[01] root keyprivileged
[02] scoped grantsleast-privilege
[03] derived toolsexposed to agent
// owner-controlled · stays on your server
root FULL
accountalex@acme.co
providergmail
caps∗ all
scopeunrestricted
ttl
// never exposed to agents.
// signs short-lived grants instead.
// minted from root · dropped after ttl
grant · triage-agent ttl 15m
caps
metadata labels search read send
grant · reply-drafter ttl 5m
caps
read draft search send
grant · sender-bot ttl 60s
caps · single-use
send read list
// what the agent's MCP server actually sees
→ tools 3 exposed
thread.classify req: metadata
inbox.search req: search
label.apply req: labels
→ tools 3 exposed
thread.read req: read
inbox.search req: search
draft.create req: read + draft
→ tools 1 exposed
draft.send req: send · 1×
three grants · three derived surfaces · one root key
§ 02 · why mailfrom
01 / scoped grants

Don't hand your agent the master key.

Mint short-lived, capability-scoped grants from a root credential. Each agent sees only the tools its grant entitles it to — verified at the MCP boundary, not the prompt.

primitives: grant.mint · grant.revoke · grant.audit
02 / one API, every protocol

Skip IMAP, SMTP, MIME, OAuth × N.

We speak Gmail, Microsoft 365, IMAP/SMTP, JMAP, and Exchange so you don't have to. One JSON schema for threads, messages, drafts, labels, attachments — consistent across providers.

providers: gmail · m365 · imap · jmap · ews
03 / self-hostable

Your customers' mail never leaves your VPC.

Run the whole stack on your own infra. Hosted is fine for prototypes; for production on real user accounts, drop the binary in your network and keep every byte in-house.

deploy: docker · helm · fly · railway · bare-metal
§ 03 · lifecycle of a grant
[01]

user connects mailbox

OAuth or app password, once. Root credential is encrypted and pinned to your tenant.

→ root key stored
[02]

your server mints a grant

Pick capabilities, set a TTL, optionally lock to a thread, label, or sender.

→ grant.mint()
[03]

agent calls derived tools

MCP server filters the tool registry against grant.caps. Anything else is invisible.

→ tool surface bound
[04]

grant expires or you revoke

Every call is logged. Full audit trail, replayable. Revoke from the dashboard or API.

→ surface collapses
§ 04 · cli

One binary. Every mailbox.

The mailfrom CLI wraps the same API your agents use. Send a message, list threads, mint a grant — all against real user mailboxes, all behind the same scoped-capability model.

~/projects/inbox-agent · zsh ● connected
$ mailfrom send \ --mailbox "alex@acme.co" \ --to "alex@acme.co" \ --subject "Hello myself" \ --body "Sent from the mailfrom CLI" → resolving grant ........... ok → provider ................. gmail → scope check (send) ....... pass → submitted ................ msg_01HV9Q3K…ZP4 ✓ delivered in 412ms
§ 05 · get started

Stop giving agents root.
Start handing them grants.

We're in private alpha. Tell us what you're building and we'll spin up an API key — usually same-day. No sales call, no contract.

get an API key or email us directly: hello@mail-from.com