Why Mailbuttons

Email is the right channel for AI agents. Security review is where it stalls.

Mailbuttons is the email layer that gets your agent through that review. It only acts on senders you trust, keeps a record of everything it does that no one can quietly edit, and runs on EU/UK infrastructure your compliance team can defend.

The shape of the problem

Every customer-facing AI agent project converges on the same question: how do users talk to it? The answer is almost always email. It's universal, async, federated, and works on every device — so the product team picks email. Then the security review begins.

Email lets anyone write to you. The sender's name can be faked. The message can be written to trick the agent into doing the wrong thing. An attachment can be an attack in disguise. These are real risks before you even get to the agent making things up on its own. The compliance team asks: who is the agent talking to? How do we know it's really them? What could get the agent in trouble? And how do we prove what it did, after the fact?

The right answers don't live inside the LLM. They live at the boundary.

What existing tools don't cover

Good tools exist for parts of this. None solve the whole.

Traditional email infrastructure

Postfix, Stalwart, AWS WorkMail

Delivers mail. Does not enforce policy. The audit trail you need to pass a compliance review you build yourself.

Outbound-only senders

Resend, Postmark, SendGrid

Solve outbound deliverability. Do nothing for the inbound side, where the security questions actually live.

Agent-email APIs

Developer-targeted, US-hosted

Built for developers, not buyers. EU residency, audit log export and SSO are not their default. Their roadmap is feature parity in 12 months — not certifications.

Build it yourself

DIY

Three months to v1. Six to something an auditor will accept. Twelve to twenty-four months to a certificate. The work is real and not differentiating.

The audit log is the product

A compliance team isn't buying email. They're buying evidence. Mailbuttons treats that evidence as the product, not a logging afterthought.

It checks every message before the agent reads it

Each incoming email is run against your rules first: is the sender on your trusted list? Are they really who they claim to be (verified with the standard email checks — DKIM, SPF, DMARC)? Is this sender allowed to ask for this? Does the message look like an attempt to manipulate the agent? Anything that fails is turned away before the agent ever sees it. The agent only acts on people you've told it to listen to, doing only what you've allowed.

It keeps a record no one can quietly change

Every decision — accepted, slowed down, blocked, turned away — is written to a log: who sent it, whether they checked out, what the agent decided, what it cost, and what it sent back. Each entry is locked to the one before it, so nothing can be edited or deleted after the fact without it showing. Export it to the security tools you already use (Splunk, Datadog, Elastic) and keep it as long as your regulator requires.

It's an EU/UK vendor, not a US one in disguise

Mailbuttons is a UK company, hosted in the UK and EEA, with your data kept there. We don't resell a US service wrapped in EU paperwork — we are the EU/UK vendor.

Built for the buyer that has to sign off

What a compliance lead expects to see in procurement, on day one — not after a year of pleading with the vendor.

  • ·SSO via SAML or OIDC for the admin console
  • ·Audit log export to your existing SIEM
  • ·Data Processing Agreement and a named sub-processor list
  • ·ISO 27001 policy set published and in force today; formal certification planned for 2027 — read the controls now in the security handbook
  • ·99.9% SLA on Business; custom SLA on Enterprise
  • ·Named technical contact during ramp-up
  • ·Optional on-prem / VPC deployment for the largest deployments
  • ·Pen-test reports and security-questionnaire responses without three-week delays

Honest about where we are

Mailbuttons is early. This page exists to help you decide if we're the right partner now, or in 12 months.

  • ·The product runs. JMAP API, policy engine, audit log, webhook-based agents — all live today.
  • ·ISO 27001 policies are published and in force today. Formal certification is planned for 2027 — design partners get the controls and audit-ready evidence now, a deliberate early-adopter bet rather than a gap.
  • ·SOC 2 Type I is scoped for month 12; Type II for month 18.
  • ·Reference integrations exist for the Claude Agent SDK in TypeScript and Python. Other SDKs are not yet covered.
  • ·On-prem / VPC deployment is on the Horizon-2 roadmap, not shipping yet.
  • ·We are looking for two to three regulated-industry design partners. £2,000/month with a 12-month commitment buys a named engineer for integration support and a meaningful say in roadmap priorities.

We run on our own product

The policy gate and audit log aren't a roadmap promise — they're already in production, running our own internal email-driven agents. Three Mailbuttons-on-Mailbuttons agents you can see live today:

Herald

The news agent — subscribing IS the product demo

Submit your email on /herald and you land on a live Mailbuttons policy allowlist. The signup form posts through the same policy gate that protects every agent on the platform. Every editorial Herald sends produces an audit-log row a customer would recognise from their own deployment.

See Herald →

Scribe

The editor — drafts the editorial that Herald distributes

Scribe handles the writer side of the loop: reading source material, drafting copy, queueing the next Herald edition for review. Mailbuttons agents writing email content for Mailbuttons agents to deliver, all under the policy layer.

Quartermaster

The ops agent — internal operational reporting

Quartermaster sits on our internal ops mailbox and replies to scheduled and ad-hoc operational queries: deployment state, error budgets, sub-processor health. The reporting workflow regulated customers will run for AML, audit prep, and surveillance — minus the regulated-finance context.

None of this is a demo environment. It's our actual production email infrastructure, with our own policy file, our own audit log, and our own compliance posture. If we wouldn't run on it, we wouldn't ask you to.

Next step

Engineering-curious? Read the policy reference or the developer overview.