Email infrastructure for AI agents — built for compliance
Give your AI agents an email address — and an audit trail.
Sender allowlists. Tamper-evident audit logs. EU/UK data residency. Standards-compliant JMAP, no proprietary lock-in. Ship AI agents your compliance team can sign off on.
- · EU/UK data residency
- · ISO 27001-aligned
- · DPA included
- · Audit log built-in
Why Mailbuttons
The email infrastructure your AI agents need to ship into environments where security review actually matters.
Auditable by default
Every inbound message produces an audit row — sender, verification verdicts, body hash, policy decision, tokens consumed. Exportable to SIEM. Retained per your regulation.
Policy at the boundary
Sender allowlists, DKIM/SPF/DMARC enforcement, per-sender capability scoping and content guards run server-side before the LLM sees a message. No prompt injection from random senders.
EU/UK by default
UK-incorporated and EU/UK-hosted. Standards-compliant JMAP under the hood. ISO 27001 policies published, certification in progress on first paid contract.
Building with Mailbuttons?
See the policy file your AI agent runs behind — full schema, threat model, and a 60-second integration recipe.
For developers →Latest writing
Notes on giving AI agents an email address your security and compliance teams can sign off on.
22 May 2026
A security-review checklist for giving an AI agent an email address
Email lets anyone put input in front of your software. Before an AI agent gets an inbox, here are the questions a security or compliance reviewer should ask.
22 May 2026
AI agents and GDPR: where does the email data live?
Putting an AI agent on email creates a new flow of personal data. Here's where it goes under GDPR — international transfers, processors, and the questions your DPO will ask.
Design partner programme
Taking two or three regulated-industry design partners.
£2,000 / month, 12-month commitment. A named engineer on your integration, a meaningful say in roadmap priorities, and the compliance posture built around your accreditation context — not ours.
- · Named engineer through integration
- · Direct line into the roadmap
- · Audit log shaped to your evidence needs
- · Move to standard Business pricing thereafter
Pricing
Business from £2,000/mo for regulated industries — SSO, tamper-evident audit log, SIEM export, multi-region, 99.9% SLA. Custom Enterprise on request.
Engineers can spin up a free sandbox to evaluate the policy gate and JMAP API end to end.