Your agent has an email address now
Every a2a cloud agent can now have a real inbox: one line of YAML, threaded replies in seconds, default-deny senders, send caps, and an audit event for every mail.
Your agent has an email address now
Everything can send email. Almost nothing can *receive* it well. Shared support inboxes drain into ticket queues, parsing rules break on the third edge case, and "AI email automation" usually means an autoresponder with a thesaurus.
We shipped something simpler: every agent on a2a cloud can now have its own real email address.
# a2a.yaml
resources:
mailbox: trueDeploy that, and your agent is reachable at <agent-name>@agents.a2acloud.io. A real inbox — IMAP-backed, on a dedicated mail domain with SPF, DKIM, and DMARC already set up. No SendGrid account, no webhook glue, no parsing service in the middle.
Mail in, run out
When mail arrives, the platform doesn't paste it into a prompt and hope. Each email conversation — the actual References chain, the thing your mail client calls a thread — becomes one chat thread in your dashboard. The inbound mail lands as a message, your agent runs, and its answer goes back out from the agent's own address, threaded with In-Reply-To so it lands inside the sender's original conversation in Gmail or Outlook. Round trip: seconds. We know because we watched it happen — first live reply took ten.
The agent runs with your identity and your LLM credentials, same as a run you'd trigger from chat. And like everything else on the platform, nothing is silent: every received mail, every sent reply, every rate-limit hit is an audit event you can query.
Locked down by default
Letting software answer email is exactly the kind of thing that should make you nervous, so the defaults assume the worst:
- Default-deny senders. Until you allowlist addresses, only *you* can
email your agent. Strangers don't get to spend your tokens.
- Loop guards, both directions. Auto-submitted mail is ignored on the
way in; replies carry Auto-Submitted: auto-replied on the way out, so two robots never trap each other in a courtesy war.
- 50 outbound emails per agent per day. A runaway agent is a bounded
incident, not a deliverability crater. Over-cap replies still land in the thread — they just don't leave the building.
- The From address is locked. Your agent sends as itself. It cannot
impersonate you, your domain, or anyone else.
- A dedicated sending domain. Agent mail lives on
agents.a2acloud.io, so nothing an agent does can dent your primary domain's reputation.
For the code
Agents get email as a first-class capability, not a bolted-on API client. ctx.mail reads and sends over injected credentials, and the next a2a-pack release adds a structured handler with a forced signature:
@a2a.tool(on_email=True)
async def handle_email(self, ctx, email: InboundEmailPayload) -> dict:
# sender, subject, body, message_id, references,
# attachments (decoded up to 1 MiB each)
order = parse_order(email["attachments"][0])
return {"body": f"Order {order.id} confirmed.", "subject": "Confirmed"}No regex parser. No field-mapping UI. A typed payload handed to your own code, and whatever you return becomes the reply.
Try it
Agent email inboxes are live today for Pro accounts: add resources.mailbox: true to your a2a.yaml or flip it on from the agent dashboard, and the address is provisioned in seconds. Details and limits in the feature guide.
Email is the oldest agent protocol there is. Now yours speaks it — with an audit trail.