programmatic email inbox api: how to give every agent its own address
Compare programmatic email inbox APIs for AI agents. Learn how inbox creation, webhooks, thread tracking, and security differ across providers.
Most email APIs send messages. That's it. You hand them a body and a recipient, they fire it off, and you get a delivery receipt if you're lucky. But when your AI agent needs to receive mail, track threads, and respond autonomously, a sending-only API is like giving someone a megaphone with no ears.
A programmatic email inbox API is a different category. It lets your code create full inboxes on demand, handle inbound delivery, and manage conversations, all without a human ever logging into a webmail client. And for anyone building agents that interact with the outside world (signing up for services, handling customer requests, processing verification flows), this is the layer that makes autonomy real.
If you want your agent handling its own email without wrestling DNS records, . Paste the instructions and your agent handles the rest.
What is a programmatic email inbox API?#
A programmatic email inbox API lets developers create, manage, send, and receive emails entirely through code, without manual configuration. Unlike transactional email APIs that only send outbound mail, a full inbox API supports inbound message receipt, webhook delivery, thread tracking, and per-inbox DKIM authentication, making it suitable for autonomous AI agents that need to own both sides of a conversation.
Think of it this way: SendGrid and Mailgun are outbound pipes. A programmatic inbox API is the whole mailbox. Your agent gets an address, receives mail at that address, reads it, replies to it, and can spin up a new address whenever the workflow demands one.
The distinction matters because agents don't fit the human email model. A human has one inbox (maybe two). An agent fleet might need 50 inboxes by Tuesday and 200 by Friday, each isolated, each handling a different workflow. Manual provisioning doesn't scale. Programmatic creation does.
How agents actually use email#
AI agents use email for tasks most developers don't think about until the agent is stuck without an address:
Service signup and verification. Your agent registers for an API, a SaaS tool, or a data source. The service sends a verification link. Without an inbox, the agent can't complete the flow. With a programmatic inbox, it creates an address, receives the verification email, extracts the code or link, and finishes signup without human intervention.
Outbound communication on behalf of users. Scheduling tools, CRM agents, customer support bots. They need to send from a real address that can also receive replies. A one-way sending API breaks the loop.
Multi-agent isolation. In a system with several agents, each handling a different client or workflow, you want inbox-per-agent separation. Shared inboxes create cross-contamination: Agent A reads Agent B's verification code, threads get tangled, and debugging becomes archeology.
Monitoring and alerting. Agents that watch for specific emails (order confirmations, shipping notifications, invoice receipts) need persistent inboxes with webhook delivery so they react in real time instead of polling.
What to look for in a programmatic inbox API#
Not all inbox APIs are built the same. Here's what separates the useful ones from the ones that look good in docs but fall apart in production.
Inbox creation speed#
Can your agent spin up a new inbox with a single API call and start receiving mail within seconds? Some providers require DNS configuration per inbox. Others provision instantly. For agent workflows, instant provisioning is non-negotiable. If your agent has to wait for DNS propagation, the verification email already bounced.
Authentication out of the box#
DKIM, SPF, and DMARC should be handled automatically when you create an inbox on the provider's domain. If you're using a custom domain, the provider should give you the records and verify them programmatically. You shouldn't be copy-pasting TXT records from a dashboard.
Inbound webhooks#
Polling for new emails works, but it's slow and wasteful. Webhook delivery pushes new messages to your agent's endpoint the moment they arrive. Look for providers that support per-inbox webhook configuration so different agents can have different handlers.
Thread tracking#
Email threading is messy (In-Reply-To headers, References headers, subject-line matching). A good inbox API abstracts this so your agent can follow a conversation without parsing RFC 2822 headers manually. This becomes especially important when one agent hands off a thread to another mid-conversation.
Security against inbound threats#
This is the gap nobody talks about. When your agent reads email, it's consuming untrusted input. A malicious sender can craft an email that looks like a normal message but contains prompt injection attacks, instructions designed to hijack your agent's behavior. If the API doesn't score or flag suspicious content, your agent is flying blind. LobsterMail scores every inbound email for injection risk (you can read more in the security docs), but most providers don't address this at all.
Comparing the major options#
Here's how the main programmatic inbox APIs stack up for agent use cases:
| Feature | LobsterMail | AgentMail | Commune | SendGrid/Mailgun |
|---|---|---|---|---|
| Instant inbox creation | Yes, one API call | Yes | Yes | No (requires domain setup) |
| Agent self-provisioning | Yes, no human needed | No | No | No |
| Inbound webhooks | Yes | Yes | Yes | Yes (complex setup) |
| Thread tracking | Yes | Yes | Yes | Limited |
| Injection risk scoring | Yes, built-in | No | No | No |
| Free tier | 1,000 emails/mo | Limited | Limited | 100 emails/day |
| Custom domains | Yes | Yes | Yes | Yes |
| MCP integration | Native | No | No | No |
A few things stand out. Traditional transactional providers like SendGrid and Mailgun can receive email, but the setup cost is high: you configure inbound parse webhooks, manage DNS for each receiving domain, and handle threading yourself. They were built for humans sending newsletters, not agents managing dozens of inboxes.
AgentMail and Commune are closer to what agents need. Both offer programmatic inbox creation and inbound handling. But neither addresses the security side: what happens when someone sends your agent a carefully crafted email designed to override its instructions?
LobsterMail was built for exactly this scenario. Your agent calls LobsterMail.create(), gets an inbox, and starts receiving mail. No API keys to configure upfront, no DNS records to set, no human signup flow. The SDK handles account creation, inbox provisioning, and token storage automatically. And every inbound message gets scanned for prompt injection attempts before your agent ever reads it.
The minimum viable inbox#
Here's what it takes to go from zero to a working agent inbox with LobsterMail:
import { LobsterMail } from '@lobsterkit/lobstermail';
const lm = await LobsterMail.create();
const inbox = await lm.createSmartInbox({ name: 'signup-bot' });
console.log(inbox.address); // signup-bot@lobstermail.ai
// Wait for a verification email
const emails = await inbox.receive();
const verificationEmail = emails.find(e => e.subject.includes('Verify'));
console.log(verificationEmail?.preview);
That's the entire flow. Five lines. The agent has an address, it's receiving mail, and it can parse what arrives. Compare that to configuring SMTP credentials, setting up inbound parse rules, and managing OAuth tokens with a traditional provider.
For agents built with Claude Code, Cursor, or similar tools, you don't even need the SDK. LobsterMail has a native MCP integration that exposes email as a tool your agent can call directly. No code to write at all.
Pricing at scale#
Agent email workloads are spiky. You might create 10 inboxes one week and 100 the next. Flat-rate pricing penalizes you during quiet periods. Pure usage-based pricing makes costs unpredictable during bursts.
LobsterMail's free tier covers 1,000 emails per month with no credit card required. The Builder plan at $9/mo bumps that to 5,000 emails, 10 inboxes, and 3 custom domains. For most agent builders, the free tier is enough to validate the workflow before committing any money.
The key question for cost modeling: how many inboxes does each agent need, and how many messages will they exchange? An agent that signs up for services might create a new inbox per signup (disposable pattern) or reuse one inbox across all signups (persistent pattern). Disposable inboxes are cleaner for isolation but count against your inbox limit. Persistent inboxes are more economical but require better thread management.
What's missing from the market#
After evaluating every provider in this space, a few gaps keep showing up:
Failure recovery. What happens when your agent's webhook endpoint goes down mid-workflow? The verification email arrived, the webhook failed, and the agent never got the message. Most providers offer retry logic, but none provide a clean "resume from where I left off" pattern for agent state machines.
Multi-agent handoffs. Agent A starts a conversation with a vendor. Agent B needs to take over because Agent A's task is complete. Thread continuity across agent handoffs is poorly supported everywhere. You end up building custom metadata layers on top of the inbox API.
Cost transparency at fleet scale. Running 500 inboxes across a fleet of agents? Good luck getting a straight answer on what that costs from most providers. Usage-based pricing sounds flexible until you realize you need to instrument every agent to track its own email spend.
These are solvable problems, and the market is moving fast. But today, if you're picking a programmatic inbox API for agents, you're choosing between "good enough with workarounds" and "not designed for this at all."
For agent-first workflows where security and simplicity matter, LobsterMail covers the most ground. For teams already deep in a specific cloud ecosystem, the traditional providers work if you're willing to build the agent layer yourself.
Frequently asked questions
What is a programmatic email inbox API and how does it differ from a standard email sending API?
A programmatic email inbox API lets you create full inboxes via code, handling both sending and receiving. Standard email APIs (like SendGrid's transactional API) only send outbound mail. An inbox API gives your agent a real address that can receive replies, track threads, and process inbound messages.
Can I create a new email inbox on demand via a single API call?
Yes, with agent-focused providers like LobsterMail. One call to createSmartInbox() provisions a human-readable address instantly. Traditional providers typically require domain verification and DNS configuration before you can receive mail.
What authentication standards are automatically handled by agent-focused inbox APIs?
LobsterMail automatically configures DKIM, SPF, and DMARC for inboxes on the @lobstermail.ai domain. For custom domains, you add the DNS records once and the API handles signing and alignment from there.
How do inbound email webhooks notify my application when a new message arrives?
When an email arrives at your agent's inbox, the provider sends an HTTP POST request to your configured webhook URL containing the message data (sender, subject, body, headers). Your agent processes it in real time without polling. LobsterMail also supports direct polling via inbox.receive() if webhooks aren't practical.
What is the difference between AgentMail, Commune, and LobsterMail for AI agent use cases?
All three offer programmatic inbox creation for agents. AgentMail and Commune focus on inbox management and threading. LobsterMail adds agent self-provisioning (no human signup needed), built-in prompt injection scoring on inbound mail, and native MCP integration for coding tools like Claude Code and Cursor.
How do I give each AI agent its own dedicated email address without manual setup?
With LobsterMail, your agent calls LobsterMail.create() followed by createSmartInbox(). The SDK auto-provisions an account and inbox with no human interaction. Each agent gets an isolated address like agent-name@lobstermail.ai.
Does a programmatic inbox API support email thread tracking across multiple replies?
Yes. LobsterMail and AgentMail both track threads using standard email headers (In-Reply-To, References). Your agent can follow a full conversation without manually parsing headers or matching subject lines.
What is the difference between SMTP and an email API?
SMTP is the protocol that transfers email between servers. An email API is a higher-level interface that abstracts SMTP away, letting you send and receive via HTTP requests. You don't manage SMTP connections, handle TLS negotiation, or parse raw message formats. The API does that for you.
How do I prevent inbound email-based prompt injection attacks in an AI agent inbox?
LobsterMail scores every inbound email for injection risk before your agent reads it. The scoring detects patterns commonly used to hijack agent behavior through crafted email content. See the security and injection guide for details on how scoring works.
Can programmatic inboxes send attachments, HTML emails, and templated messages?
Yes. Most programmatic inbox APIs support HTML bodies, plain text, file attachments, and inline images. LobsterMail's SDK handles this through the send() method on any inbox object.
Is usage-based pricing better than flat-rate for AI agent email workloads?
It depends on how predictable your volume is. LobsterMail uses tier-based pricing (free at 1,000 emails/mo, $9/mo for 5,000) which gives cost certainty. Pure usage-based pricing can spike unpredictably when agents scale up inbox creation during busy periods.
Can I use a programmatic inbox API with frameworks like LangChain, AutoGen, or CrewAI?
Yes. LobsterMail's Node.js SDK works in any JavaScript/TypeScript environment. For agent frameworks, the MCP server integration exposes email as a tool your agent can call directly without writing SDK code.
What happens to undelivered or bounced emails sent from a programmatic agent inbox?
Bounces are reported back through the API. Hard bounces (invalid address) are permanent. Soft bounces (full mailbox, temporary failure) may be retried. Your agent should handle bounce notifications to avoid repeatedly sending to dead addresses.
What rate limits should I expect when sending emails at scale through a programmatic inbox API?
LobsterMail's free tier allows 1,000 emails per month. The Builder plan supports up to 500 emails per day and 5,000 per month. Rate limits vary widely across providers, so check each API's documentation for exact numbers before committing to a workflow design.
What is the minimum viable API call to create and send from a new inbox?
With LobsterMail's SDK, it's three lines: LobsterMail.create() to initialize, createSmartInbox() to get an address, and inbox.send() to fire off a message. No prior configuration, no API key setup, no DNS changes needed.
