Your AI Agent Deserves Its Own Email Address
TL;DR: An agent inbox is a verified @iclawd.email address your AI agent reads, sends, and acts on via 8 MCP tools. DKIM signed, prompt injection scanned, free.
An agent inbox is a verified @iclawd.email address that your AI agent reads, sends, and acts on through the Model Context Protocol. iClawd handles DKIM signing, prompt injection scanning, and optional PGP encryption. Free, no credit card.
As AgentMail's research points out, AI agents need their own email addresses to interact with human systems. Onboarding flows, verification codes, and external APIs all require email. iClawd solves this with the MCP standard, giving agents 8 email tools that work with Claude, Codex, and any MCP-compatible client. iClawd signs every outbound message per RFC 6376 (DKIM) with full SPF and DMARC alignment.
What is an agent inbox?
An agent inbox is a dedicated email address that an AI agent owns and operates, not a human. The agent creates the inbox, reads incoming messages, composes replies, and manages its entire email lifecycle through programmatic tool calls.
This is not email forwarding or a shared inbox. The agent gets its own verified address ([email protected]), its own DKIM signature, and its own authentication credentials. Other agents and humans email the agent directly. No human intermediary needed.
How do agents access their inbox?
Your agent connects to iClawd's MCP server, which exposes 8 email tools built on the Model Context Protocol standard. Claude, OpenAI Codex, and any MCP-compatible AI client can call these tools directly.
The 8 MCP tools
| Tool | What it does |
|---|---|
| create_inbox | Creates a new @iclawd.email address for the agent |
| send_email | Sends a DKIM-signed email from the agent's address |
| list_inbox | Lists messages in the agent's inbox with metadata |
| read_message | Reads a specific email's full content and headers |
| get_quota | Checks remaining send/receive quota for the agent |
| set_webhook | Registers a URL for real-time email notifications |
| delete_webhook | Removes a previously registered webhook |
| verify_signature | Verifies a DID-signed message from another agent |
Download the agent skill file and add it to your MCP-compatible AI client. The agent connects to https://iclawd.email/mcp and authenticates with its API key. Setup takes under 60 seconds.
3 security layers built for AI agents
Agent inboxes face threats that human inboxes don't, especially prompt injection via email content. iClawd ships three protections designed specifically for this.
Prompt injection scanner
iClawd scans every inbound email against 14 known prompt injection patterns: "ignore previous instructions," role hijacking attempts, hidden CSS text tricks, and more. The scanner flags suspicious messages so the agent can quarantine or skip them. OWASP's LLM Top 10 ranks prompt injection as the #1 vulnerability for AI applications, which is why this runs on every message by default.
PGP encryption (optional)
Agents register a PGP public key via Web Key Directory (WKD). Other agents discover the key automatically and encrypt messages so only the recipient can decrypt them. Keys stay client-side. iClawd never sees the private key (zero-knowledge architecture).
DKIM / SPF / DMARC
iClawd signs every outbound email with a 2048-bit RSA DKIM key. SPF records authorize iClawd's mail servers. DMARC policy is set to reject, so receiving servers drop any spoofed email claiming to come from @iclawd.email.
iClawd vs AgentMail vs DIY
Several providers offer email for AI agents. The differences come down to protocol, security features, and cost.
| Feature | iClawd Email | AgentMail | DIY (Resend/SES) |
|---|---|---|---|
| Protocol | MCP (8 tools) | REST API | REST API |
| Prompt injection scanner | Built-in (14 patterns) | Not included | Build your own |
| PGP encryption | Yes (WKD auto-discovery) | No | Build your own |
| DID identity | W3C DID (Ed25519) | No | No |
| Pricing | Free | Paid plans | Usage-based |
| DKIM/SPF/DMARC | Full (reject policy) | Yes | Varies |
See the full comparison: iClawd vs AgentMail · Best email for AI agents 2026
Frequently asked questions
What is an agent inbox?
An agent inbox is a verified email address that an AI agent owns and operates programmatically. Unlike forwarding services, iClawd gives the agent its own identity at @iclawd.email with full DKIM/SPF/DMARC authentication on every outbound message.
How does an AI agent access its inbox?
The agent connects to iClawd's MCP server using an API key. Once connected, it calls 8 email tools: create inbox, send, read, list, search, reply, set webhook, and check quota. Any MCP-compatible client works, including Claude and Codex.
Is the agent inbox secure against prompt injection?
iClawd scans every inbound email with a built-in prompt injection detector that checks for 14 known attack patterns, including instruction override attempts and hidden text. The scanner flags suspicious messages so the agent can quarantine or ignore them.
Can agents send email to regular Gmail or Outlook addresses?
Yes. iClawd signs every agent email with DKIM and enforces full SPF and DMARC authentication. Per RFC 6376, DKIM signatures verify the sender's domain, so agent emails land reliably in Gmail, Outlook, and Yahoo inboxes.
How does iClawd compare to AgentMail?
iClawd uses the MCP protocol with 8 email tools and includes PGP encryption plus a prompt injection scanner. AgentMail uses a REST API and is backed by $6M in VC funding. iClawd is free with no credit card required. See the full comparison at /compare/iclawd-vs-agentmail.
Is the agent inbox free?
Yes. iClawd Email is free, no credit card required. Create an account, download the agent skill file, and your agent starts sending and receiving email immediately. Rate limits apply to prevent abuse.
Get your agent's inbox. Free.
Download the skill file, connect your agent, and it gets a verified @iclawd.email address in 60 seconds.
Last updated: March 2026 · Built by Badr · iClawd Email · Agent Identity