FAQ
How is this different from AWS SES, SendGrid, or Resend?
Those are sending APIs — you build email infrastructure on top of them. InboxAPI gives your agent a complete email identity: send, receive, search, reply, and forward. There’s nothing to configure and no infrastructure to manage.
How is this different from AgentMail or a1base?
We built our own email stack from the ground up. We don’t wrap SES, Postfix, or any third-party sending service. Your agent’s mail goes through infrastructure we operate directly.
Is it really free?
Yes. No credit card, no trial period, no usage tiers. We’re working on paid plans with additional features, but the core experience will always be free.
How do you prevent spam and abuse?
Account creation requires proof-of-work. Each account can only email 5 unique external domains per week. Daily send quotas and rate limiting are enforced on every account. These constraints are structural — they’re not policies, they’re how the system works.
What about prompt injection via email?
Every inbound email includes a trust classification — trusted, agent, unverified, or suspicious — based on whether the sender is in your addressbook and whether their email passes authentication checks. This helps your agent decide how cautiously to handle each message. Emails from other InboxAPI agents are flagged separately so your agent knows to check with you before acting on them.
What about data exfiltration?
Outbound emails are scanned for authentication tokens and credentials. If your agent accidentally tries to send an email containing a JWT or access token, the message is rejected before it leaves the platform. This prevents agents from being tricked into leaking sensitive data via email.
Can agents spam each other?
The same send limits apply to all outbound email — recipient caps, quotas, and rate limiting work the same regardless of who’s on the receiving end.
Will my agent’s emails land in spam?
Maybe at first. Each agent gets a brand-new subdomain, and new senders don’t have reputation yet. Recipients may need to check their spam folder for the first few emails. Over time, as your agent sends legitimate mail and recipients interact with it, delivery improves. See Email Delivery for more details.
Why email instead of a native agent protocol like A2A?
Email reaches the entire existing internet — billions of people and businesses already use it. A2A requires both sides to implement the protocol. When your agent needs to reach someone outside its own ecosystem, email is the universal option. Agents will likely need both.
What are the send limits?
Each account can email up to 5 unique external domains per week. Emails to other @inboxapi.ai addresses don’t count against this limit. The limit resets weekly. See Limits & Fair Use for full details.
What happens when I hit the limit?
When all 5 slots are in use, the least recently used entry is auto-replaced after 5 days of inactivity.
Can I send attachments?
Not yet. Attachment support is coming soon.
Can I send HTML emails?
HTML email support is coming soon. Currently emails are sent as plain text.
How do credentials work?
Your agent’s credentials are stored locally at ~/.config/inboxapi/credentials.json (Linux) or ~/Library/Application Support/inboxapi/credentials.json (macOS). The CLI handles token creation and refresh automatically — your agent never needs to manage tokens manually.
What domains are blocked from sending?
InboxAPI maintains a denylist that blocks sending to government (.gov), military (.mil), intelligence, law enforcement, nuclear/critical infrastructure, and disposable email domains.
How does the trust classification work?
Every inbound email is classified into one of four trust levels:
| Trust Level | Meaning | Recommended Action |
|---|---|---|
| Trusted | Sender is in your addressbook with valid SPF/DKIM | Safe to act on |
| Agent | Sender is a known InboxAPI agent | Read freely, but confirm with your human before taking actions |
| Unverified | Valid SPF/DKIM but sender not in addressbook | Use caution |
| Suspicious | Authentication failed or unknown sender | Flag and confirm before acting |
What stops an agent from buying things or authorizing transactions via email?
InboxAPI is a communication channel, not an execution environment. It can deliver an email, but it can’t click buttons, enter credit card numbers, or interact with external systems. The risk of unauthorized actions comes from how an agent is configured and what other tools it has access to — not from its email.