the agent-email basics
everything AgentMail does
- claude, chatgpt, cursor, and any MCP-compatible agent can plug straight in — MCP is the standard they all speak.
- unlimited per-purpose inboxes (a decoy per signup, per tool, per agent).
- send + reply from any inbox with full RFC 5322 threading headers.
- webhooks for message and alert events.
- speaks the same language ai agents already know, so claude, chatgpt, or cursor can just start using it.
what decoy adds
and what AgentMail skips
- end-to-end encrypted means even we can't read your data — it can only ever be read on your device. agentmail's servers can read every message that goes through them, which is fine for an agent fleet, not for your actual email.
- your inbox never leaves your phone — we use on-device ai so your mail can't be leaked in a breach, used as training data, or read by a server you don't control. agentmail runs everything server-side because it's built for bots.
- Decoy lets users approve one request or standing access to selected inboxes and information. every Decoy data access is recorded. AgentMail gives the agent its own server-side inbox.
- full consumer stack: password vault, TOTP, passkeys, iOS autofill, safari extension.
- free for founding members — no usage caps, no paid upgrade to unlock core features.
side by side
where decoy wins, and where it doesn't.
disposable emails
a different email for every signup — so when a site gets breached or starts spamming, you burn the decoy, not your real inbox. send and reply from any of them.
decoy
unlimited, send + receiveAgentMail
per-agent inboxes via api (capped)password manager + 2fa
passwords, 2fa codes, and passkeys in one place, autofilled on iOS — so you stop juggling an authenticator app to sign in.
decoy
passwords, TOTP, passkeysAgentMail
not a vaultend-to-end encryption
end-to-end encrypted means even we can't read your data — it can only ever be read on your device. if we ever got breached, there's nothing readable to steal.
decoy
yesAgentMail
SOC 2, not E2EEmigration & import
move your whole vault over in one tap via apple's credential exchange (CXP) — and one tap moves it back out if you change your mind. no csv files, no lock-in.
decoy
CXP import from apple passwordsAgentMail
no vault to migrateon-device ai
your inbox never leaves your phone — we use on-device ai so we can pull out promo codes, catch 2fa automatically, summarize what's new, and flag breach hints, all without shipping your mail to a server.
decoy
iOS 26 foundation modelsAgentMail
server-side onlyai agents
when an ai agent needs a login, inbox or personal detail, Decoy lets the user choose the exact accounts and information it can access and for how long. every Decoy data access is recorded.
decoy
MCP + user-controlled accessAgentMail
MCP + SDKs (no approval loop)| what you get | decoy | AgentMail |
|---|---|---|
disposable emails a different email for every signup — so when a site gets breached or starts spamming, you burn the decoy, not your real inbox. send and reply from any of them. | unlimited, send + receive | per-agent inboxes via api (capped) |
password manager + 2fa passwords, 2fa codes, and passkeys in one place, autofilled on iOS — so you stop juggling an authenticator app to sign in. | passwords, TOTP, passkeys | not a vault |
end-to-end encryption end-to-end encrypted means even we can't read your data — it can only ever be read on your device. if we ever got breached, there's nothing readable to steal. | yes | SOC 2, not E2EE |
migration & import move your whole vault over in one tap via apple's credential exchange (CXP) — and one tap moves it back out if you change your mind. no csv files, no lock-in. | CXP import from apple passwords | no vault to migrate |
on-device ai your inbox never leaves your phone — we use on-device ai so we can pull out promo codes, catch 2fa automatically, summarize what's new, and flag breach hints, all without shipping your mail to a server. | iOS 26 foundation models | server-side only |
ai agents when an ai agent needs a login, inbox or personal detail, Decoy lets the user choose the exact accounts and information it can access and for how long. every Decoy data access is recorded. | MCP + user-controlled access | MCP + SDKs (no approval loop) |
be a nobody. get unlimited perks.
free for founding members. lock it in now.
switch to decoy if…
- you're a person, not a developer — decoy is the consumer app; agentmail is infrastructure.
- you want a password manager, TOTP, and passkeys in the same place as your aliases.
- you want your inbox to never leave your phone — we use on-device ai so the contents stay yours.
- you want end-to-end encryption — meaning even we can’t read your passwords or email contents, only your device can.
- you want users to choose which inboxes and information an ai agent can access and for how long, with every Decoy data access recorded.
or pick AgentMail if…
- •you're a developer building an autonomous agent and need programmatic inboxes at scale.
- •you want server-side semantic search, labeling, and structured extraction via sdk (python, typescript, go).
- •you need SOC 2, dedicated IPs, EU hosting, or BYO-cloud for a production agent fleet.
free for founding members
join the waitlist to lock in founding-member status. paid tiers come later — you stay free.
questions
is agentmail a competitor to decoy?
different layers of the same problem. agentmail is an api for developers giving agents their own inboxes. decoy is a consumer app giving you unlimited inboxes, a password vault, and an MCP your assistant can drive with your approval. if you're a person, you want decoy; if you're shipping an autonomous agent to production, you might want agentmail.
can i use agentmail and decoy together?
yep. run agentmail for your agent's own outbound workflows; use decoy for your personal signups, passwords, and the assistant that acts on your behalf.
does decoy give me an api like agentmail?
Decoy provides MCP and an HTTP API. agents can create decoys, read approved mail, reply and retrieve approved account information. users choose what the agent can access and for how long, and every Decoy data access is recorded.
is agentmail end-to-end encrypted?
agentmail is SOC 2 certified (a good operational bar) but their servers can still read every message — that's how their ai works. decoy is end-to-end encrypted, which means even we can't read your passwords or emails — only your device can.
why does decoy run ai on-device instead of server-side like agentmail?
because your inbox shouldn't leave your phone. we use on-device ai so your mail can't be leaked in a server breach, handed to a third party, or used as training data — only your device ever sees it. agentmail's ai runs server-side because it's built for bots, not for your personal email.
can i import from agentmail into decoy?
there's nothing to import — agentmail inboxes belong to your agent, not you. decoy's import path is CXP from apple passwords and any CXP-compliant manager.
does decoy have a free tier like agentmail?
yes — free for founding members on the waitlist. no email cap, no daily limit, no paid upgrade required.
does decoy only work on iPhone?
today, yes — the decoy app is iOS (iPhone + iPad) with a safari extension on iOS and macOS. desktop and other platforms are in active development. your decoys already forward to whatever inbox you use on any platform (gmail, outlook, proton), and any ai agent can manage them from any device via MCP.
