a2a protocol email agent: how google's agent-to-agent standard changes email automation
The A2A protocol lets AI agents collaborate across frameworks. Here's what that means for email agents, how it compares to MCP, and where infrastructure still matters.
Google's Agent2Agent protocol shipped in early 2025 with a bold premise: let AI agents talk to each other the way APIs let software talk to software. Any framework, any vendor, any server. One open protocol to connect them all.
The immediate question for anyone building with agents: what does this mean for email? If your agent can now delegate tasks to a specialized email agent running on a different framework across the network, does that simplify things or just add a new layer of complexity?
I've spent the last few weeks digging into the A2A spec, building test agents, and watching the community figure out where this protocol actually helps versus where it's just a shiny new abstraction. Here's what I've found.
What is an A2A protocol email agent?#
An A2A protocol email agent is a specialized AI agent that handles email operations (composing, sending, receiving, parsing) and exposes those capabilities to other agents through Google's Agent2Agent protocol. Instead of every agent in a multi-agent system implementing its own email logic, a dedicated email agent advertises its skills via an "Agent Card," and other agents discover and delegate email tasks to it using standardized JSON-RPC messages. The A2A protocol handles capability discovery, task lifecycle management, and message formatting between the agents.
That's the theory. In practice, the A2A protocol solves the communication layer between agents but says nothing about what happens when an email actually needs to leave your system and land in someone's inbox. That gap matters more than most A2A tutorials let on.
How A2A works (the 60-second version)#
The protocol defines a few core primitives:
- Agent Cards describe what an agent can do, hosted at a well-known URL so other agents can discover capabilities at runtime.
- Tasks represent units of work. One agent sends a task to another, and the receiving agent processes it through states: submitted, working, completed, or failed.
- Messages carry the actual content between agents, structured as "parts" with explicit content types (text, files, structured data).
- Channels support streaming for long-running operations, so a sending agent doesn't have to poll for results.
An email agent would publish an Agent Card advertising skills like "send-email," "check-inbox," and "parse-verification-code." A planning agent somewhere else in your pipeline discovers that card, creates a task ("send this welcome email to the new user"), and the email agent picks it up.
The A2A protocol is open source, framework-agnostic, and designed so agents built with LangChain can talk to agents built with CrewAI, Google's ADK, or anything else. That interoperability is real, and it's the protocol's strongest selling point.
Where A2A stops and infrastructure begins#
Here's where the conversation in most A2A tutorials ends. An email agent receives a task, composes a message, calls an email API, and reports success. Tutorial complete.
But "calls an email API" is doing enormous work in that sentence. Which API? Whose infrastructure? What happens when your agent sends 5,000 emails in a burst because a downstream agent triggered a batch operation?
The A2A protocol handles agent-to-agent communication beautifully. It does not handle:
Authentication and domain ownership. When your email agent sends a message, the receiving mail server checks SPF, DKIM, and DMARC records to verify the sender is authorized. An autonomous agent can't log into a DNS dashboard and configure TXT records. Someone (or something) needs to provision that infrastructure before the agent can send a single authenticated email.
Deliverability at scale. A new email address that suddenly sends hundreds of messages gets flagged as spam by every major provider. Domain warming, reputation management, bounce handling, feedback loops: none of this exists in the A2A spec, and none of it goes away because you're using a protocol.
Rate limiting and back-pressure. Multi-agent systems are fast. That's the point. But email providers enforce strict rate limits (Gmail caps at 2,000 sends per day for workspace accounts, and much less for new domains). An A2A email agent needs queuing, retry logic, and the ability to push back on upstream agents when it's hitting limits.
Identity and compliance. CAN-SPAM requires a physical mailing address and an unsubscribe mechanism in commercial email. GDPR requires consent tracking. When an autonomous agent sends email via A2A, who is legally the "sender"? The agent's operator. Which means the infrastructure needs to enforce compliance, not just hope the agent remembers.
A2A vs. MCP: different problems, different protocols#
I see this question constantly, and the confusion is understandable. Both protocols involve agents and tools. But they solve different problems at different layers.
MCP (Model Context Protocol) connects an agent to tools and data sources. It's how an agent gets the ability to send email in the first place. Think of it as giving your agent hands. LobsterMail's MCP server, for instance, gives any compatible agent (Claude, Cursor, OpenClaw) the ability to create inboxes, send emails, and read incoming messages with zero code.
A2A connects agents to other agents. It's how a planning agent delegates an email task to a specialist email agent running on a different server. Think of it as giving your agents a shared language.
They're complementary. A realistic production setup might look like this: a coordinator agent uses A2A to send a task to your email agent. That email agent uses MCP to connect to LobsterMail's email infrastructure. LobsterMail handles the actual sending, authentication, deliverability, and security. The A2A protocol never touches an SMTP server. MCP never routes between agents.
| A2A | MCP | |
|---|---|---|
| Connects | Agent to agent | Agent to tools/data |
| Solves | Multi-agent orchestration | Tool access and capability |
| Email role | Delegates email tasks | Provides email operations |
| Scope | Cross-framework communication | Single agent's toolbelt |
What an A2A email agent actually needs to work#
If you're building an email agent that participates in A2A workflows, the agent itself is the easy part. You define its Agent Card, implement task handling, and write the email logic. Most of that is boilerplate.
The hard part is the infrastructure underneath. Your email agent needs:
-
Inboxes it can provision on demand. Agents don't fill out signup forms. When a new workflow spins up, the email agent should create an inbox programmatically. With LobsterMail, that's a single SDK call:
lm.createSmartInbox({ name: 'My Agent' })returns a human-readable address likemy-agent@lobstermail.aiin under a second. -
Authenticated sending out of the box. SPF, DKIM, and DMARC should be pre-configured so the agent never has to think about DNS. Every email sent through LobsterMail passes authentication checks automatically.
-
Injection protection on incoming email. This is one most people miss. If your A2A email agent receives email (verification codes, replies, notifications), those messages can contain prompt injection attacks. An agent that reads raw email content is an agent that can be manipulated. LobsterMail scores every incoming email for injection risk, so your agent can filter before processing.
-
Send limits that prevent reputation damage. An agent with no guardrails will burn a domain overnight. Rate limiting at the infrastructure level protects you from your own agents' enthusiasm.
Running an A2A email agent in production#
The gap between a demo and production is where most agent email projects stall. A demo sends one email from a hardcoded address. Production means multiple inboxes, thousands of sends, real deliverability pressure, and compliance requirements that don't pause because your system is autonomous.
The economics matter too. Running an A2A email agent on a traditional email service means paying per-seat or per-address pricing designed for human users. LobsterMail's free tier gives you 1,000 emails per month with no credit card. The Builder plan at $9/month unlocks 10 inboxes and 5,000 emails per month. That's infrastructure priced for agents, not for humans clicking "compose."
Monitoring is another production concern the A2A spec doesn't address. You need visibility into what your email agent is sending, delivery rates, bounce rates, and whether your domain reputation is healthy. Observability for autonomous agents is a different problem than monitoring a marketing campaign, and most traditional email dashboards aren't built for it.
Should you build an A2A email agent?#
If you're running a multi-agent system where different agents need to collaborate across frameworks, A2A is worth adopting. The protocol is well-designed, Google is actively developing it, and the interoperability story is strong.
But don't confuse the protocol layer with the infrastructure layer. A2A tells your agents how to talk to each other. It doesn't send a single email. For that, your email agent needs infrastructure that was built for agents, not retrofitted from a human email service.
If you want to get an A2A email agent running without spending a week on SMTP configuration, and point your agent at it. The protocol handles the rest of the coordination.
Frequently asked questions
What exactly is the A2A protocol and why did Google create it?
A2A (Agent2Agent) is an open protocol by Google that lets AI agents built on different frameworks communicate and delegate tasks to each other. Google created it to solve the interoperability problem: without a standard, every multi-agent system invents its own communication layer.
How is A2A different from simply calling an email API directly?
Calling an email API directly works fine for a single agent. A2A adds value when multiple agents need to collaborate, because it handles capability discovery, task lifecycle, and message formatting so a planning agent can delegate email work to a specialist email agent without knowing its internal implementation.
What tasks can an A2A email agent handle autonomously?
A well-built A2A email agent can provision inboxes, compose and send emails, receive and parse incoming messages, extract verification codes, handle bounces, and report delivery status back to the requesting agent. The scope depends on the infrastructure it's connected to.
How does an A2A email agent know which agent to route a message to?
Agents publish Agent Cards at well-known URLs describing their capabilities. Other agents discover these cards at runtime and match their task requirements to advertised skills. Routing is based on capability matching, not hardcoded addresses.
Can an A2A email agent work alongside LangChain or CrewAI orchestration?
Yes. A2A is framework-agnostic by design. An email agent built with any framework can participate in A2A workflows as long as it implements the protocol's JSON-RPC interface and publishes a valid Agent Card.
What happens if an A2A email agent fails mid-task?
The A2A protocol defines task states including "failed." The requesting agent receives the failure status and can retry or escalate. However, retry logic for the actual email send (SMTP-level retries, bounce handling) is the responsibility of the email infrastructure, not the A2A protocol.
How do SPF, DKIM, and DMARC apply when an autonomous agent sends email?
They apply exactly the same way as for human-sent email. The sending domain must have valid SPF, DKIM, and DMARC DNS records. LobsterMail handles this automatically for @lobstermail.ai addresses and provides configuration guides for custom domains.
How does A2A compare to MCP for email workflows?
MCP connects an agent to tools (like an email API). A2A connects agents to other agents. They work at different layers. A typical setup uses MCP to give an email agent sending capability, and A2A to let other agents delegate tasks to it.
What deliverability risks are unique to AI-agent-generated email?
Agents tend to send in bursts, use new domains without warming, and don't naturally vary sending patterns. This triggers spam filters more aggressively than human sending. Purpose-built infrastructure with rate limiting and reputation management helps prevent domain burns.
Is agent-first email infrastructure necessary, or can a standard ESP handle A2A email agents?
A standard ESP can technically work, but most are designed for human users with per-seat pricing, manual setup flows, and dashboards that assume a person is clicking buttons. Agent-first infrastructure like LobsterMail provides programmatic inbox provisioning, automatic authentication, and pricing that makes sense for autonomous systems.
Is the A2A protocol open source?
Yes. The A2A specification and reference implementations are open source, hosted on GitHub under the a2aproject organization. Anyone can implement the protocol without licensing fees.
What rate limits should I plan for with a high-volume A2A email agent?
Plan for the limits of your email infrastructure, not the A2A protocol (which has no built-in send limits). LobsterMail's free tier allows 1,000 emails per month. The Builder plan at $9/month supports 500 emails per day and 5,000 per month. Build queuing into your agent to stay within these bounds.
How do I monitor an A2A email agent's sending behavior?
The A2A protocol provides task status tracking between agents. For email-specific metrics (delivery rates, bounces, spam complaints), you need monitoring from your email infrastructure layer. LobsterMail exposes delivery status per message through its API.
What is the difference between A2A protocol tasks, messages, and parts?
A task is a unit of work one agent assigns to another. Messages carry content between agents within a task. Parts are the individual pieces of a message, each with a content type (plain text, JSON, file). Think of it as: task contains messages, messages contain parts.
