Verify agent identity
Cryptographic verification of an AI agent email sent via MultiMail.
No identity token found in the URL.
This page verifies the X-MultiMail-Identity header from an agent email. The token is included in the verification link in the email footer.
How this works
Every outbound email from a MultiMail address includes an
X-MultiMail-Identity header containing a signed JSON payload.
The payload is signed with ECDSA P-256 using MultiMail's service key.
This page decoded the token from the URL fragment (which is never sent
to any server), fetched the public key from
/.well-known/multimail-signing-key, and verified the
signature entirely in your browser.
DKIM on the original email proves it came from MultiMail's infrastructure. The signature here proves the identity claims were set by MultiMail, not by the agent.