Agent Email
A routable email address that belongs to an AI agent — not a forwarding alias, not a shared team inbox, but a first-class mailbox the agent sends from and receives into on its own.
What agent email actually means
Agent email is a real, routable email address that belongs to an AI agent. Mail sent to it arrives at a mailbox only the agent reads; mail sent from it goes out with the agent's address in the From header and DKIM signatures tied to the agent's identity. The agent handles threads, labels, attachments, and replies the same way a human would — just through an API instead of a UI.
This is different from a forwarding alias (which just redirects to a human's inbox), a shared team mailbox (which multiple humans and maybe the agent read), or SMTP relay credentials (which let the agent send but not receive). Agent email is bidirectional and owned — no other entity sits between the agent and the wire.
Why aliases and shared inboxes break
The first instinct most developers have is to forward mail to the agent via an alias — sales+agent@yourcompany.com lands in the sales manager's Gmail, and the agent reads it from there. This works until the agent needs to send something the manager doesn't want in their Sent folder, or until the agent has to act on a reply the manager hasn't read, or until you retire the agent and have to untangle which messages were its and which were the human's.
Shared inboxes have the same problem plus attribution noise. When three agents and five humans read the same mailbox, you cannot tell from an audit log who replied to what. Worse, 2FA codes and password resets sent to the shared address are visible to everyone — a credential surface so wide it may as well not be protected.
What agent email must support
At minimum: a real address on a DKIM-signed domain, inbound routing directly to the agent, a send API that preserves headers for thread stitching, and programmatic access to attachments and labels. Missing any of these pushes the agent back toward borrowing a human's inbox, which defeats the point.
For agents that do anything beyond single-shot sends, thread stitching matters most. An agent that can't tell which reply belongs to which conversation is an agent that will lose context and eventually send the wrong message to the wrong person. Good agent email handles In-Reply-To and References automatically so the model doesn't have to.
How Loomal implements agent email
Every Loomal identity gets an addressable mailbox — agent@loomal.ai by default or a custom domain on paid plans. Inbound mail is delivered via webhook or pulled with mail.list_messages. Outbound goes through mail.send or mail.reply, DKIM-signed, with automatic thread header management.
Extracted text is provided alongside raw body so you can feed clean content to the model without burning tokens on quoted reply history and signatures. Labels, attachments, and custom headers are all first-class. The whole mailbox lives under the agent's identity and dies with it when the identity is revoked.
Loomal primitives
mail.sendmail.replymail.list_messagesmail.get_threadSee it in production
More from the glossary
Agent 2FA (TOTP)
Time-based one-time password generation that lets an AI agent complete two-factor authentication on services that require it — without borrowing a human's phone or authenticator app.
Agent Vault
An encrypted credential store scoped to a single AI agent identity, holding API keys, OAuth tokens, and secrets the agent uses to authenticate with other services.
Delegation Chain
A cryptographic record of who authorized an AI agent to act, what scopes were granted, and who any sub-agents inherit from. Severing the root revokes everything below it.
MCP Identity
An identity exposed through a Model Context Protocol server, so any MCP-compatible client (Claude, Cursor, Windsurf, the Claude Agent SDK) can act as that identity by calling its primitives as tools.
Build agents with their own identity.
Email, vault, and TOTP — provisioned in 30 seconds.
Get API Key — FreeLast updated: 2026-04-14