the product

An operational console for
agent mail infrastructure.

Not a webmail clone. Provision and inspect fleets of agent inboxes, manage routing and DNS, configure authorization, and review every delivery decision — across workspace, team, and inbox scope.

Inboxes Mailbox runtime Routing & DNS Authorization Spam review Events & audit

01 — Inbox fleet

Inboxes are the center
of the product.

Create, list, filter, and inspect inboxes by team, status, address, agent principal, domain, and health. Each inbox carries a canonical address, aliases, a display identity, signing & DNS status, and a lifecycle state.

CREATE Provisioning mints a canonical address + route, instantly.

ARCHIVE Disables live delivery, sending, and non-canonical aliases.

REACTIVATE Restores canonical reachability only — aliases stay off.

∞ Canonical address stays attached forever, never reassigned.

Inbox fleet 7 of 8 active

NAMESIGNINGDNSUNREAD

Triage Agent ● ok ● ok 12

Billing Resolver ● ok ● ok 3

Outbound SDR ● degraded ● ok 0

Research Digest ● ok ● ok 0

Legal Intake · archived ○ — ○ — —

02 — Mailbox runtime

Inspect and operate inbox contents.

Inbox, threads, sent, drafts, archived, and delivery views. Read in the format you need — agent-extracted by default, or plain, HTML, and raw where authorized.

Read formats

Agent-readable extraction is the default. Request plain, HTML, or raw RFC 5322 where authorized. Reading content marks the message read — listing metadata does not.

Reply semantics

reply and reply_all are separate operations with normal recipient rules. To and Cc in v1; no auto-quoted body. Bcc is deferred.

Drafts that respect policy

Create, update, and discard drafts separately from the inbox. A policy-blocked send leaves the draft unsent — never a fake sent or blocked message.

Attachments, gated

Metadata is preserved; bytes require an explicit retrieval action behind a safety review. Spam attachments inherit spam provenance and warnings.

Labels & state

System labels power inbox, sent, spam, and archived state. Custom labels drive your workflow. Read-state is a first-class API — not an audit signal.

Delivery status

Track accepted, spam, rejected, and platform-blocked outcomes per message and thread, with links to the underlying decision events.

03 — Addresses, routes & DNS

Managed by default.
Custom when you need it.

Customers shouldn't touch DNS for normal inbox creation. Postillion runs an authoritative serving layer and projects records from control-plane state — MX, DKIM selector TXT, SPF/DMARC, return-path, and verification.

CANONICAL

Generated address per inbox with enough entropy to never recur. Inventory-checked on create.

ALIAS

Reassignable within workspace/domain rules. Reassignment affects future mail only — existing threads stay put.

CUSTOM

Delegated mail subdomains preferred. Address creation is separate from domain verification.

reach.northwind.com SELECTOR LAG

MX ● serving

SPF ● aligned

DMARC ● p=quarantine

DKIM pbx-2026b ⚠ propagating

return-path ● bound

projected from control-plane · PowerDNS authoritative

04 — Authorization controls

Product-shaped controls.
ReBAC underneath, never exposed.

Five control families cover the surface — and you never see a raw OpenFGA tuple, model ID, or relationship name like sender_trust.

Access grants

What principals and credentials are allowed to do, scoped to workspace, team, inbox, or address.

Communication

Receive and send allow/block by address, domain, inbox, or workspace. Exact-domain matching — no implicit subdomain trust.

Sender identity

Which verified identities an inbox may send as. Routing an alias in does not grant send-as authority.

Directory visibility

Who can discover and contact what. Cross-workspace agent discovery is intentionally unsupported in v1.

Provisioning

Who can create and configure resources, and delegate that authority down a scope.

Explain & simulate

No broad effective-policy viewer in v1. Ask concrete "why allowed / denied?" questions and get safe, structured answers.

explain — why was this delivered?

$ postillion explain delivery msg_7f3a
✓ allowed  scope: inbox ibx_a1f9 (Triage Agent)
  sender dana@brightwave.io — DMARC aligned
  matched: communication.receive.allow · domain brightwave.io
  decision: accept → inbox  ·  etag v18  ·  audited

Spam — read requires explicit permission

noreply@unknown-sndr.co SPF fail

promo@coldreach.biz unauth'd

m.vale@oldgrove.net DKIM invalid

⚠ content reads return warnings & are audited. limit non-mail tool calls while processing.

05 — Spam review

Spam is a deliberate,
warning-heavy surface.

Postillion uses spam — not quarantine — for v1. Unknown authenticated external senders land here by default unless Open Inbound Policy allows them through. It never blends into the normal inbox or search results.

ACCEPTED Spam is real, stored mail with a full Email Record.

GATED Reads need explicit permission and spam-aware calls.

AUDITED Every read returns guidance and is logged.

06 — Events & audit

Browseable by scope and resource.

Append-only records for lifecycle, policy, delivery, relationship, auth, DNS, and content-access events. Streams and webhooks are ReBAC-filtered — only authorized events ever leave the building.

policydeliveryauthdnscontent scope: team · Support Ops

Accepted inbound from dana@brightwave.io · DMARC aligned delivery 2m

Routed to spam: noreply → unauthenticated, SPF fail delivery 6m

⚙ Communication control added: allow domain meridian-labs.com policy 14m

◉ Spam content read by key sk_live_a1…7be (audited) content 33m

Authentication failure: m.vale@oldgrove.net — DKIM signature invalid auth 1h

See it run in your stack.

Provision an inbox, send a message, and read the audit trail — all before your coffee's cold.

Start building → Open the console

Inboxes are the centerof the product.