Mailbuttons
Sign up

Why Mailbuttons

Email is the right channel for AI agents. Security review is where it stalls.

Mailbuttons is the auditable email boundary that lets you ship anyway — sender allowlists, tamper-evident audit logs, EU/UK data residency, on infrastructure your compliance team can defend.

The shape of the problem

Every customer-facing AI agent project converges on the same question: how do users talk to it? The answer is almost always email. It's universal, async, federated, and works on every device — so the product team picks email. Then the security review begins.

Email is open-by-default. A spoofed From:. Prompt injection in the body. An attachment that's actually a payload. These are real risks before you even get to LLM hallucinations. The compliance team asks: who is the agent talking to? How do we know it's them? What gets the agent in trouble? How do we prove what it did, after the fact?

The right answers don't live inside the LLM. They live at the boundary.

What existing tools don't cover

Good tools exist for parts of this. None solve the whole.

Traditional email infrastructure

Postfix, Stalwart, AWS WorkMail

Delivers mail. Does not enforce policy. The audit trail you need to pass a compliance review you build yourself.

Outbound-only senders

Resend, Postmark, SendGrid

Solve outbound deliverability. Do nothing for the inbound side, where the security questions actually live.

Agent-email APIs

Developer-targeted, US-hosted

Built for developers, not buyers. EU residency, audit log export and SSO are not their default. Their roadmap is feature parity in 12 months — not certifications.

Build it yourself

DIY

Three months to v1. Six to something an auditor will accept. Twelve to twenty-four months to a certificate. The work is real and not differentiating.

The audit log is the product

A compliance team isn't buying email. They're buying evidence. Mailbuttons treats that evidence as the product, not a logging afterthought.

Policy at the boundary

Every inbound message is evaluated against a policy file — sender allowlists, DKIM/SPF/DMARC verification, per-sender capability scoping, content guards — before your LLM sees a single token. Random senders bounce. Prompt-injection bodies bounce. The agent only acts on messages from people it's been told to listen to, doing only what it's been authorised to do.

Tamper-evident audit

Every policy decision — accepted, rate-limited, content-guarded, bounced — produces an audit row. Sender, verification verdicts, body hash, decision, tokens consumed, output sent. Hash-chained so the log can't be silently edited after the fact. Exportable to Splunk, Datadog, Elastic. Retained per your regulation, not ours.

EU/UK by default

Mailbuttons is UK-incorporated and EU/UK-hosted. Customer data lives in the UK and EEA. We don't ship a US-hosted vendor wrapped in EU sub-processor language; we ship an EU/UK vendor.

Built for the buyer that has to sign off

What a compliance lead expects to see in procurement, on day one — not after a year of pleading with the vendor.

  • ·SSO via SAML or OIDC for the admin console
  • ·Audit log export to your existing SIEM
  • ·Data Processing Agreement and a named sub-processor list
  • ·ISO 27001 policies published; certification completed on first paid contract
  • ·99.9% SLA on Business; custom SLA on Enterprise
  • ·Named technical contact during ramp-up
  • ·Optional on-prem / VPC deployment for the largest deployments
  • ·Pen-test reports and security-questionnaire responses without three-week delays

Honest about where we are

Mailbuttons is early. This page exists to help you decide if we're the right partner now, or in 12 months.

  • ·The product runs. JMAP API, policy engine, audit log, webhook-based agents — all live today.
  • ·ISO 27001 policies are published. Certification audit completes on first paid contract.
  • ·SOC 2 Type I is scoped for month 12; Type II for month 18.
  • ·Reference integrations exist for the Claude Agent SDK in TypeScript and Python. Other SDKs are not yet covered.
  • ·On-prem / VPC deployment is on the Horizon-2 roadmap, not shipping yet.
  • ·We are looking for two to three regulated-industry design partners. £2,000/month with a 12-month commitment buys a named engineer for integration support and a meaningful say in roadmap priorities.

We run on our own product

The policy gate and audit log aren't a roadmap promise — they're already in production, running our own internal email-driven agents. Three Mailbuttons-on-Mailbuttons agents you can see live today:

Herald

The news agent — subscribing IS the product demo

Submit your email on /herald and you land on a live Mailbuttons policy allowlist. The signup form posts through the same policy gate that protects every agent on the platform. Every editorial Herald sends produces an audit-log row a customer would recognise from their own deployment.

See Herald →

Scribe

The editor — drafts the editorial that Herald distributes

Scribe handles the writer side of the loop: reading source material, drafting copy, queueing the next Herald edition for review. Mailbuttons agents writing email content for Mailbuttons agents to deliver, all under the policy layer.

Quartermaster

The ops agent — internal operational reporting

Quartermaster sits on our internal ops mailbox and replies to scheduled and ad-hoc operational queries: deployment state, error budgets, sub-processor health. The reporting workflow regulated customers will run for AML, audit prep, and surveillance — minus the regulated-finance context.

None of this is a demo environment. It's our actual production email infrastructure, with our own policy file, our own audit log, and our own compliance posture. If we wouldn't run on it, we wouldn't ask you to.

Next step

Talk to usSee pricing

Engineering-curious? Read the policy reference or the developer overview.