FRESH

Hacker News

Home

Show HN: Agent.email – sign up via curl, claim with a human OTP

87 points by adisingh13

by mike-cardwell

3 subcomments

I received this email the other day:
```
  From: Kushal <kushal@kushalsm.com>
  Date: Mon, 18 May 2026 05:03:11 +0000

  Saw your question on the Agent Vault thread about websocket-frame auth
  (Home Assistant) and the worry about the model reflecting the bearer
  token back into its own context.

  chrome-relay's answer is structurally different: the credential never
  enters the agent's context because the agent never touches it — the HA
  session lives in your real Chrome (cookies, WS handshake and all), and
  the agent drives the tab over CDP, only ever seeing the rendered page.
  URL: https://chrome-relay.kushalsm.com/

  For your HA + agent setup today, are you keeping the session alive in a
  browser the agent attaches to, or doing the WS auth on the agent side
  and managing the token-in-context risk yourself?

  Kushal
```
Read to me like an LLM had written it. It references something I said in a HN comment, but it was clearly just an excuse to spamvertise their product.
I looked at the headers and it contained a List-Unsubscribe header pointing to https://api.agentmail.to
So basically somebody wrote a bot to scrape HN for comments related to some software they wanted to push and send targetted spam. agentmail.to is a Ycombinator funded email service for LLMs which can be, and is, used to send targetted spam and impersonate people. They could mostly solve this problem by adding a block of text to every email expaining an "AI" wrote it. They'd lose customers doing that though of course. I reported this abuse but haven't (and don't expect to) received a response.
I don't even get the point anyway. You can get Claude using an SMTP or IMAP server in seconds.

by m-hodges

0 subcomment

> Agent needs an inbox and hits AgentMail via curl. Agent receives instructions via MD
I'm fairly AI-optimistic, but I feel like I'm taking crazy pills. Every day the HN story is either "Apple patches actively exploited zero-click RCE" ... or ... "Show HN: Engage With Our Zero-Click RCE".

by sandeepkd

1 subcomments

> The internet was made for humans exclusively, designed to keep machines out by default.
This feels like a wrong assumption. Internet was not intended for humans explicitly. If anything browsers were the explicit medium made to allow the humans to interact with internet in safe manner.
> Every signup flow assumes a browser, a person reading a page, and clicking a confirmation link. Unless agents can't do that, they can't be first class users of the internet.
This again feels like a misconception. The systems just work with an identity verified by credentials, it doesn't matter if its a program or program prompted by a human that uses it

by Aurornis

2 subcomments

> We give AI agents their own email inboxes.
An inbox to receive mail seems good and valuable.
But I'm seeing that your service is also for sending e-mail.
Having a domain oriented toward AI e-mail sending feels like a fast path straight to spam block lists.
However good your intentions are, this will be used for AI spam. People hate AI spam. They will press the report spam button.

by grey-area

0 subcomment

What the use case apart from commercial spam here? If you even have one, elucidate it clearly and make this service impossible to use for sending spam emails impersonating humans.
As one example do what you could do to prevent spam, humans should have to opt in to receive email from this service. If it is useful they will and this is in fact required by law in many jurisdictions.
Otherwise your servers will be blacklisted for illegally sending spam and you will deserve it.

by doublerebel

0 subcomment

OK, I get this. I gave email addresses to all my agent profiles using Migadu, which required a password from me somewhere -- with a whole team of agents, this is a lot of manual setup by default. After I gave them emails, I invited them to team plans and discovered the many services that detect them as bots despite their email address at a domain and mailserver with good reputation. There is a problem to be solved here.
That being said -- my agents only email each other and me! AgentMail is an OK start with the human <-> agent requirement, but consider that is a whitelist of a single email. The feature for AgentMail should be: we let your agent sign up easily for an email, and it has a very limited list of addresses and domains it can send outgoing email. This is very unlike normal email! I actually can't think of a single (human-facing) provider that will enable me to blacklist domains at the mailserver level to prevent outgoing mail from going to forbidden destinations.
Allowing a bot/agent to send email to any domain, with only a tagline to indicate the bot, is spam. But -- just like sandboxing the network and CLI commands available to the agent on my Mac Mini -- sandboxing an agent's email would just be the smart thing to do.
Pivot to an agent email sandbox and you will get plenty of the right kinds of customers, who won't ruin your mailserver reputation. Provide some easy agent-friendly whitelists out-of-the-box like same-custom-domain, and a similar approval system for new addresses/domains built on your OTP setup.

by saddist0

2 subcomments

It looks interesting as a hackathon project. I might be short sighted but how does this is YC S25 level good?
This looks like one of the easiest way to get your domain blacklisted in all the email providers.

by maltalex

1 subcomments

Any automation-friendly email hosting is going to have a serious spam problem, and therefore a blacklisting problem.
I suggest taking a look at what providers like Sendgrid, Mailchimp, etc are doing to prevent abuse.

by dgellow

3 subcomments

Not looking forward to a dehumanized internet where that’s mainstream… agents are tools to support humans, here you’re helping them impersonating humans. That feels pretty terrible to be honest
> The internet was made for humans exclusively, designed to keep machines out by default.
I don’t buy that at all. APIs exist to enable “machines” to interact with services

by bookernath

1 subcomments

WorkOS is launching auth.md which offers a generic version of this for allowing agents to sign up for services in general, and I think their security approach is a little bit better thought out

by morpheuskafka

1 subcomments

I'm just not seeing why anyone would buy a paid plan for this when they could buy a domain for <$10, and throw something like MXRoute or one of the numerous mailserver Docker scripts behind it. Then their LLM can make as many inboxes as they need without paying anything. The same thing could get bundled by the people who sell preconfigured OpenClaw VMs.
For a home user not even willing to do/pay for that, do they really need a whole API for making inboxes? Couldn't they just set up a second Gmail for LLMs and then put the password in their agent's memory?

by janalsncm

0 subcomment

I would imagine that many websites will block this domain, but that’s also ok because there’s nothing wrong with an owner deciding their site is for humans only. My hope is that you do not facilitate their circumvention of that policy.

by nijave

1 subcomments

Curious what cases you'd want this that IMAP+SMTP or email MCP don't already solve

by FailMore

2 subcomments

I like it. I am building something very agent-use focused (https://sdocs.dev) and I’ve been thinking of introducing a /agent-evaluation page, which an agent can curl to then discuss with their user if SmallDocs is right for them. I really like the agent action to email flow. I’m introducing user accounts + subscriptions soon and think I’ll use that.

by fny

1 subcomments

> The internet was made for humans exclusively, designed to keep machines out by default.
The internet is also not made for humans. For years I've wanted something like this for e2e testing or personal scripts (cron etc) and your UX is by far the simplest.
I love AgentMail. It's made email dead simple for agents and testing any paths for email. I even have a /agent-mail skill I use for when I want a design doc or artifact emailed to me.
That said, agent self sign up seems like a novelty. Setting up account programmatically via curl is however useful. I imagine most customers -- especially those willing to pay for your paid tier -- would provision accounts ahead of time or reuse them.
Free for all account creation could be an option but it will attract spammers and their ilk. Your reputation may end up in the toilet which would also break agent mail for me.
No bueno.

by ClaridocsCTO

1 subcomments

Agents shouldn't be the first-class users of the internet!
We are creating a future we wouldn't want to live in.

by bakies

0 subcomment

Agents are good at using CLIs. I setup an alias on my Google account and set up Himalaya email cli. Works great. https://github.com/pimalaya/himalaya

by rgbrgb

0 subcomment

Congrats on the launch!
> Agents can now get an email inbox by themselves. (This also means a lot of email nobody wants to read gets processed by AI instead of your inbox being cluttered with spam and slop)
Can you explain this? I would think it means the exact opposite.

by EMAIL36245

0 subcomment

How is it different from an agent using SMTP to use existing email made by human? Using something like https://email.riamu.io

0 subcomment

by sanjayparekh

1 subcomments

I've already received spam email from AI agents using a seeming competitor to this (agentmail.to) and then claiming they aren't AI agents and then trying to sell me garbage. I can't tell you how much I hate this.

by freebzns

0 subcomment

Interesting, Kind of similar expiernt i am running. Passing keys but not through email, maybe with AI as agentic payments. Still exploring though.

by manojbajaj95

0 subcomment

What are some of the use cases where AgentMail makes sense?

by samas10

2 subcomments

It's interesting, A2A communication has begun but human trust isn't there. I think the biggest tell tale sign will be the acceptance of fully agentic workflows with no human intervention. Until then, restricted-until-claimed seems like the only viable method to ensure trust of all users.

by pixel_popping

0 subcomment

A bit disappointed that security standards (like encryption at rest via user own key or whatever derivative of that) isn't implemented, I feel it would really prove to users that the commitment isn't to train on body content but to act purely as a mail manager.

by afzalive

1 subcomments

It needs to be end-to-end encrypted.

by DeathArrow

1 subcomments

A smtp is all what an agent needs to send email.

by crooked-v

1 subcomments

This service is doomed because it will immediately be taken over by automated spam.

by HarryDu

0 subcomment

From now we just need a prompt and our agent will have an email account ready to use?

by aleksandrm

0 subcomment

Why is this even funded?

by MagicMoonlight

0 subcomment

Lmao, they funded an illegal spam bot service?
Fuck me. I could do so much with that money, and it just goes to morons who will end up in prison. Oh well. At least my corpse will keep the shareholders warm.

by privacyfish

0 subcomment

[flagged]

by rahadbhuiya

0 subcomment

[flagged]

by abdullahob

0 subcomment

[flagged]

by DmitriyBuchilin

0 subcomment

[dead]

by photonair

0 subcomment

[flagged]