E2a is an open-source email gateway built for AI agents. Released in 2026 by Mnexa-AI, it gives agents their own email addresses, signs agent-to-agent messages with HMAC authentication, and holds outbound mail behind a human approval gate before delivery. It runs on your own server, not a third-party cloud.
What does e2a actually do?
Most agent stacks communicate through tool calls and function returns inside a single runtime. Email breaks that boundary. As the e2a project README puts it: "Email is the only protocol where every human has an address and client. It bridges universal addressability to structured-data agents without forcing new client adoption."
That is the core insight behind e2a. Agents get real email addresses. They receive messages, read them, decide what to do, and reply. They also send outbound mail to humans or to other agents. Every message between agents carries an HMAC-signed header. The receiving agent checks that signature before acting on the message. If the signature does not match, the message is rejected.
This matters in multi-agent pipelines where one agent hands a task to another. Without authentication at the transport level, a bad actor could send a forged email that pretends to come from a trusted agent. HMAC signing closes that gap. No other option in the email-for-agents space ships this out of the box.
E2a also uses slug-based shared-domain provisioning. An agent can get a working email address quickly, without requiring a full DNS setup for a custom domain on day one.
How does e2a compare to other email options for agents?
The email-for-agents space grew fast in 2026. Several tools now compete in this category, and the differences matter.
AgentMail is the most polished hosted option. Their description says it best: "Every agent gets its own inbox so it can send, receive, and act on email autonomously." It has Python and TypeScript SDKs and works out of the box. The gap: it is closed-source, hosted-only, has no self-hosting path, no HMAC-signed agent authentication, and no built-in human approval gate.
Cloudflare's email framework for agents, which entered public beta in April 2026, is capable inside its own stack. Cloudflare wrote that "email is becoming a core interface for agents, and developers need infrastructure purpose-built for it." But the framework is locked to Cloudflare Workers. It does not run on bare-metal or non-Cloudflare infrastructure.
Nylas and the tools covered in Mailtrap's 2026 comparison focus on giving agents access to existing human inboxes. They solve the read-and-reply problem. They do not address agent-native inboxes, authenticated agent-to-agent transport, or approval gates.
E2a is the only open-source, self-hostable option that combines native agent inboxes, HMAC-signed delivery, and a human gate in a single project. The tradeoff: you manage the server and the infrastructure.
What is the human-in-the-loop gate and why does it matter?
The human-in-the-loop gate is the feature that most separates e2a from its alternatives.
When an agent drafts an outbound email, the gate intercepts it. A human sees what the agent is about to send. They approve or reject it. Only approved messages leave the system.
This sounds simple. In practice it is one of the most important features you can have for production agents. Agents misread context. They draft replies that are technically accurate but wrong for the situation. For client-facing communication, compliance reports, or anything with legal weight, a gate before send prevents mistakes from becoming incidents.
The gate is configured at the infrastructure level, not inside the agent code. The agent does not need to know the gate exists. You can apply it selectively: all outbound mail, specific senders, specific destination domains.
If you are already building with MCP-connected agents, this pattern will feel familiar. Read what MCP is and why agents use it in 2026 for the broader context on how agent communication infrastructure is being standardized. E2a sits alongside MCP as a transport option, handling email specifically.
Teams learning to set up their first AI agent with MCP tools often find that email is the next capability they want to add. E2a is a clean way to do that while keeping the human-in-the-loop option available.
When should you use e2a instead of something else?
Three conditions point toward e2a. First: your agents need to own inboxes, not just read human ones. Second: agent-to-agent messages need to be authenticated at the transport level. Third: you need to self-host for compliance, cost, or data-residency reasons.
If you are still exploring what AI agents are and how to build one, a hosted option like AgentMail will get you running faster with less setup. E2a is the better choice once you move past prototyping and need production control.
There is also a useful distinction between e2a and tools built for human inbox management. A workflow like triaging 200 emails in 10 minutes with an AI inbox puts an agent in front of a human's inbox. E2a inverts the model: the agent owns the inbox and acts from it. Both are useful. They solve opposite problems and work well together.
For a broader look at how e2a fits alongside other tools in the agent stack, the ai-tools-reviews pillar has comparison posts that cover the space.
Common pitfalls when deploying e2a
DNS takes longer than you expect. Slug-based shared-domain provisioning gets an agent address working quickly. But if you move to a custom domain, you need SPF, DKIM, and DMARC records set correctly. Get these wrong and outbound mail lands in spam. Configure DNS before you need it in production, not after.
The HMAC key must stay secret. The entire agent-to-agent authentication model rests on both sides sharing a key that only they know. If that key is exposed, an attacker can forge authenticated messages. Treat it like a database password. Store it in environment variables. Rotate it immediately if you suspect it has been leaked.
The human gate adds wait time. If every outbound message needs a human to approve it, your agent cannot run fully autonomously. Design your workflows to know which messages need approval and which can send directly. E2a lets you configure this per-sender or per-destination. Be deliberate about the scope of the gate.
Self-hosting means you own the uptime. Hosted services handle delivery reliability. With e2a, a server outage means your agents cannot send or receive. Build for this with redundancy or a fallback queue. This is not a reason to avoid e2a; it is a reason to take infrastructure planning seriously before you deploy.
If you are building agents and email is part of the workflow, e2a is worth adding to your evaluation list. It is the most complete open-source option in the category right now, and it ships features that hosted tools have not yet matched.
To go deeper on the tools and frameworks operators are actually using in 2026, join AI Masterminds.
FAQ
What is e2a?
E2a is an open-source email gateway released in 2026 by Mnexa-AI. It gives AI agents their own email addresses on a shared or custom domain, authenticates agent-to-agent messages using HMAC-signed delivery headers, and includes a built-in human-in-the-loop approval gate that can intercept outbound mail before it is sent. Unlike hosted alternatives, e2a runs on your own server. Your email data stays on infrastructure you control.
Is e2a free to use?
Yes. E2a is open-source and free to self-host. You pay for the server you run it on, and you pay for the domain and DNS configuration. There is no per-seat fee and no hosted-tier pricing. The tradeoff is that you own the maintenance. Hosted alternatives like AgentMail handle reliability for you but charge for the service and keep your data on their infrastructure.
How does e2a handle security between agents?
E2a uses HMAC-signed headers on every agent-to-agent message. When one agent sends an email to another, the message is signed with a shared secret. The receiving agent verifies the signature before processing the message. If the signature does not match, the message is rejected. This prevents any outside actor from forging an email that pretends to come from a trusted agent. You must protect the HMAC key the same way you protect a database password.
What is the human-in-the-loop gate in e2a?
The human-in-the-loop gate is a configurable checkpoint inside e2a. Before an agent's outbound email is delivered, the gate can hold it for human review. A person sees the draft, approves or rejects it, and only approved messages go out. You configure the gate at the infrastructure level, not inside the agent itself. This means the agent does not need to know the gate exists. You can apply it selectively by sender address, destination, or domain.
When should I use e2a instead of a hosted email API?
Use e2a when your agents need native, owned inboxes rather than access to human inboxes. Use it when agent-to-agent communication must be authenticated at the transport level. Use it when compliance or data residency requirements mean you cannot send email through a third-party cloud. If you are still prototyping, a hosted option like AgentMail gets you running faster. E2a is the right choice once you are past the prototype stage and need production-grade control.
Sources
- e2a – Email for AI Agents (Official README) · Mnexa-AI / GitHub
- Cloudflare Email Service: now in public beta. Ready for your agents · Cloudflare Blog
- 5 Best Email APIs for AI Agents Compared [2026] · Mailtrap Blog
- AgentMail | Email Inbox API for AI Agents · AgentMail
- Email APIs for AI Agents Compared | Nylas CLI · Nylas