MCP.so
Sign In
Servers

RadMail — the email operating system for agents

@radmail-ai

Email OS for agents over MCP: two-axis triage, a Right Now lane, commitment follow-through, reviewable drafts, and a machine-verifiable BEC hard-stop (money/banking-change/first-contact = human-only). Zero-auth sandbox.

Overview

What is RadMail?

RadMail is an email operating system for agents — an MCP server that provides triage, search, and commitment tracking with a safety contract hard-coded at the infrastructure level. Certain actions (money, changed-banking details, first-contact senders, decisions, and prompt-injection) are permanently human-only and never auto-sendable, regardless of model or prompt. It serves developers who need an AI agent that can safely interact with email without risk of consequential auto-sends.

How to use RadMail?

Call triage_inbox with no token — RadMail auto-provisions a free sandbox tenant and returns a working triage in a single round-trip. For quick setup, point any MCP client at https://radmail.ai/api/mcp/sandbox (streamable-http, no auth). Alternatively, run npx -y radmail-mcp locally via stdio. For connected mode with a real inbox, set RADMAIL_API_KEY (starts with tmk_) and omit the messages parameter on search, list_right_now, list_commitments, and read_email.

Key features of RadMail

  • One-call triage via triage_inbox (full wedge)
  • Explain why a message surfaced (why_surfaced)
  • Draft replies only for non‑hardstopped commitments (draft_reply)
  • Search real inbox by sender, subject, or content (search)
  • Hard‑stops enforced in code: money, banking, first‑contact, decisions, injection
  • Machine‑verifiable safety contract at /.well-known/agent-safety.json
  • Read-only connected mode (only GETs; never drafts or sends)
  • Telemetry opt‑out via RADMAIL_TELEMETRY=off

Use cases of RadMail

  • AI triages a busy inbox and surfaces must‑act items first
  • Draft replies to open commitments without risk of auto‑sending dangerous actions
  • Search across all received email to find a specific message fast
  • Audit exactly why a message was surfaced (transparency, not a black box)
  • Agents safely handle email with a verified, un‑bypassable safety contract

FAQ from RadMail

How do I start using RadMail without an account or API key?

Use the zero-auth hosted sandbox at https://radmail.ai/api/mcp/sandbox — no install, no key, no signup. Call triage_inbox with no arguments and it returns a fully triaged demo inbox.

What actions are hard‑stopped and never auto‑sendable?

Money‑related, changed‑banking details, first‑contact senders, decisions/sign‑offs, and prompt‑injection attempts are hard‑stopped in deterministic code. RadMail will never hand an agent an auto‑sendable reply for these.

How do I connect RadMail to my real inbox?

Set the environment variable RADMAIL_API_KEY (keys start with tmk_ — create one at https://app.radmail.ai/settings/api-keys). Then omit the messages parameter on search, list_right_now, list_commitments, and read_email — those tools become read-only queries against your actual RadMail inbox.

Is connected mode read‑only?

Yes. Connected mode only issues GET requests to the RadMail API. It never sends, drafts against, or mutates real mail, and the hard‑stops remain human

Tags

More from Communication