Give Browser Use Agents a Real Email API

Stop scraping webmail UIs. MultiMail gives your Browser Use agents structured email endpoints with audit logs, oversight modes, and formal security guarantees.

Browser Use lets AI agents drive web browsers — clicking buttons, filling forms, reading page content — to accomplish tasks inside real SaaS products. At ~40k GitHub stars, it's the dominant framework for agents that need to interact with tools that don't expose clean APIs.

Email is a common target for browser agents: read the inbox, reply to a message, forward to a colleague. But navigating Gmail or Outlook through the DOM is brittle. Session tokens expire, UI layouts change, and there are no guardrails — a misclick sends an email before your oversight logic runs.

MultiMail provides a purpose-built email API for agents. Instead of your Browser Use agent clicking through a webmail interface, it calls `POST /v1/mailboxes/{mailbox_id}/send` or uses the MCP `send_email` tool directly. Every action is logged, every send goes through your configured oversight mode, and the same code works regardless of which email provider is underneath.

Why MultiMail

Built for Browser Use developers

No more brittle DOM selectors

Webmail UIs change. A Gmail layout update or an Outlook modal dialog can break your agent mid-task with no useful error. MultiMail's REST API returns structured JSON — no XPath, no CSS selectors, no visual parsing required.

Oversight modes that actually enforce

Browser agents clicking through Gmail have no approval layer — the Send button is the Send button. MultiMail's `gated_send` mode holds outbound messages until a human approves via webhook, giving you a real checkpoint before delivery.

Audit trail for every action

Every `send_email`, `read_email`, and `decide_email` call is logged with timestamp, agent identity, and outcome. Browser automation leaves no structured trace — MultiMail gives you a queryable record for compliance and debugging under GDPR and CAN-SPAM.

Stable API surface across providers

Whether routing through a custom domain or a @multimail.dev mailbox, the API calls are identical. Your Browser Use agent doesn't need to know which provider is underneath, and swapping providers doesn't touch agent code.

Formally verified security model

MultiMail's oversight, identity, and authorization logic is proven correct in Lean 4 — the same class of formal verification used in safety-critical systems. Browser automation has no equivalent guarantee.

Try it

Try it with your agent

No code, no dashboard. Paste this to your AI agent — it connects MultiMail, creates an inbox, and builds the flow for you.

1. Get MultiMail ready: read https://multimail.dev/llms.txt, connect the MultiMail MCP server to this agent, create a free inbox, and set up a verified sender domain so the agent can compose and send mail from an approved address. 2. Wire email into Browser Use through its real agent tool mechanism: define normal Python tool functions with Browser Use’s tools API and register them with the Browser Use Agent, so the browser agent can call MultiMail through MCP instead of scraping a webmail UI. 3. Expose exactly three tools to the Browser Use agent: one tool that checks the MultiMail inbox for recent messages, one tool that drafts a reply without sending it, and one tool that sends or schedules a prepared email through MultiMail. 4. Send a test email: ask the Browser Use agent to open a simple browser task, check the MultiMail inbox, draft a short reply to a test message, and prepare a send using the verified sender. 5. Run with MultiMail oversight mode set to gated_send: the agent may read, draft, and prepare email actions, but every send or scheduled send must pause for developer review and approval before MultiMail sends anything.
Getting started

Step by step

1

Install Browser Use and get a MultiMail API key

Install Browser Use via pip. Sign up at multimail.dev to get an API key. Use `mm_test_...` keys during development — they go through the same code paths but don't deliver to real recipients.

2

Create a mailbox for your agent

Provision a mailbox at a @multimail.dev address or a custom domain. Set `oversight_mode` to `gated_send` to require human approval on outbound messages.

3

Wrap MultiMail endpoints as Python tool functions

Define functions for the operations your agent needs. Browser Use's `Tool.from_function` uses the docstring as the tool description shown to the LLM.

4

Attach tools to your Browser Use agent

Pass the MultiMail tools alongside any browser tools. The agent will call them when the task involves email — no changes to the agent loop required.

5

Set up an inbound webhook for reactive agents

Register a webhook subscription so MultiMail POSTs inbound email events to your endpoint. Your server can then launch a Browser Use agent in response to incoming mail. Webhook creation requires operator approval — pass the `approval_code` your operator receives, or confirm from the operator account.

FAQ

Common questions

Why not just let Browser Use drive Gmail or Outlook directly?
Browser-driven webmail works until it doesn't: UI changes break selectors, CAPTCHA challenges interrupt sessions, and two-factor prompts stall the agent. More critically, there's no approval layer — if the agent clicks Send, the email is gone. MultiMail gives you a stable API, structured responses, and oversight modes that enforce review before delivery.
Does MultiMail work with custom domains or only @multimail.dev addresses?
Both. You can provision mailboxes on any domain you control by adding MultiMail's MX records in your DNS settings. @multimail.dev addresses work immediately with no DNS changes.
What happens to messages in `gated_send` mode if the human never approves?
Messages stay in the pending queue until approved or cancelled. You can cancel a specific message via `POST /v1/mailboxes/{mailbox_id}/emails/{email_id}/cancel` using the `id` returned from the original send call. All pending messages are visible via `GET /v1/oversight/pending`.
Can I use the MultiMail MCP server instead of the REST API?
Yes. MultiMail's MCP server exposes the same operations as MCP tools — `send_email`, `check_inbox`, `read_email`, `get_thread`, `decide_email`, and more. If your setup uses an MCP-compatible LLM host like Claude Desktop or Cursor, configure the MultiMail MCP server and skip the REST wrappers entirely.
How are API calls authenticated?
All requests use Bearer token auth. Pass your key in the `Authorization` header: `Authorization: Bearer $MULTIMAIL_API_KEY`. Use `mm_test_...` keys in development — they run through the full code path but don't deliver to real recipients.
Does MultiMail log what my Browser Use agent sends?
Yes. Every send, read, reply, and tag operation is logged with timestamp, originating API key, target mailbox, and outcome. This audit trail is queryable via the dashboard and API, and is useful for demonstrating compliance under GDPR and CAN-SPAM.
Related integrations

Explore more

OpenAI Agents SDK

orchestration · python

View guide →

smolagents

tool-use · python

View guide →

LiveKit Agents

workflow · python

View guide →
Get started

The only agent email with a verifiable sender

Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a hosted MCP server. Formally verified in Lean 4.

Read the Docs →See Pricing