Why Mailbuttons
Mailbuttons is the email layer that gets your agent through that review. It only acts on senders you trust, keeps a record of everything it does that no one can quietly edit, and runs on EU/UK infrastructure your compliance team can defend.
Every customer-facing AI agent project converges on the same question: how do users talk to it? The answer is almost always email. It's universal, async, federated, and works on every device — so the product team picks email. Then the security review begins.
Email lets anyone write to you. The sender's name can be faked. The message can be written to trick the agent into doing the wrong thing. An attachment can be an attack in disguise. These are real risks before you even get to the agent making things up on its own. The compliance team asks: who is the agent talking to? How do we know it's really them? What could get the agent in trouble? And how do we prove what it did, after the fact?
The right answers don't live inside the LLM. They live at the boundary.
Good tools exist for parts of this. None solve the whole.
Postfix, Stalwart, AWS WorkMail
Delivers mail. Does not enforce policy. The audit trail you need to pass a compliance review you build yourself.
Resend, Postmark, SendGrid
Solve outbound deliverability. Do nothing for the inbound side, where the security questions actually live.
Developer-targeted, US-hosted
Built for developers, not buyers. EU residency, audit log export and SSO are not their default. Their roadmap is feature parity in 12 months — not certifications.
DIY
Three months to v1. Six to something an auditor will accept. Twelve to twenty-four months to a certificate. The work is real and not differentiating.
A compliance team isn't buying email. They're buying evidence. Mailbuttons treats that evidence as the product, not a logging afterthought.
Each incoming email is run against your rules first: is the sender on your trusted list? Are they really who they claim to be (verified with the standard email checks — DKIM, SPF, DMARC)? Is this sender allowed to ask for this? Does the message look like an attempt to manipulate the agent? Anything that fails is turned away before the agent ever sees it. The agent only acts on people you've told it to listen to, doing only what you've allowed.
Every decision — accepted, slowed down, blocked, turned away — is written to a log: who sent it, whether they checked out, what the agent decided, what it cost, and what it sent back. Each entry is locked to the one before it, so nothing can be edited or deleted after the fact without it showing. Export it to the security tools you already use (Splunk, Datadog, Elastic) and keep it as long as your regulator requires.
Mailbuttons is a UK company, hosted in the UK and EEA, with your data kept there. We don't resell a US service wrapped in EU paperwork — we are the EU/UK vendor.
What a compliance lead expects to see in procurement, on day one — not after a year of pleading with the vendor.
Mailbuttons is early. This page exists to help you decide if we're the right partner now, or in 12 months.
The policy gate and audit log aren't a roadmap promise — they're already in production, running our own internal email-driven agents. Three Mailbuttons-on-Mailbuttons agents you can see live today:
The news agent — subscribing IS the product demo
Submit your email on /herald and you land on a live Mailbuttons policy allowlist. The signup form posts through the same policy gate that protects every agent on the platform. Every editorial Herald sends produces an audit-log row a customer would recognise from their own deployment.
The editor — drafts the editorial that Herald distributes
Scribe handles the writer side of the loop: reading source material, drafting copy, queueing the next Herald edition for review. Mailbuttons agents writing email content for Mailbuttons agents to deliver, all under the policy layer.
The ops agent — internal operational reporting
Quartermaster sits on our internal ops mailbox and replies to scheduled and ad-hoc operational queries: deployment state, error budgets, sub-processor health. The reporting workflow regulated customers will run for AML, audit prep, and surveillance — minus the regulated-finance context.
None of this is a demo environment. It's our actual production email infrastructure, with our own policy file, our own audit log, and our own compliance posture. If we wouldn't run on it, we wouldn't ask you to.
Engineering-curious? Read the policy reference or the developer overview.