TrekMail TrekMail
AI Agents & API

Business email infrastructure for AI agents

Your agents provision mailboxes, verify DNS, configure forwarding and filters, read and send email, manage contacts, calendar, drafts, and Drive files — through a REST API or MCP server, with safety rails at every step.

Provision a mailbox in one API call
Connect any AI agent via MCP in 5 minutes
Two-step deletes so agents can't break anything
Lock each token to specific domains
181 MCP tools — email, Drive files, DNS, contacts, calendar — all with safety gates
Inspect any agent inbox in TrekMail webmail — contacts, calendar, full history
Get Started

Nano plan — free for now, no card required. Paid plans include a 14-day trial.

# Create a mailbox (ops token)
curl -X POST https://trekmail.net/api/v1/mailboxes \
  -H "Authorization: Bearer tm_live_..." \
  -H "Content-Type: application/json" \
  -d '{"domain_id": 1, "local_part": "support"}'

# Read unread messages (message token)
curl https://trekmail.net/api/v1/messages?unread_only=true \
  -H "Authorization: Bearer tm_msg_..."

Connect an AI agent

MCP or API setup →

Automate with scripts

REST API examples →

Evaluate for your team

Use cases & pricing →

Your agents handle email setup — you review the results

AI agents can write code, manage projects, and talk to customers. But they still can't provision a mailbox or verify DNS without a human clicking through a dashboard.

Manual ~30 minutes per domain
1

Log into TrekMail dashboard

2

Add the domain, copy DNS records

3

Open registrar, paste records manually

4

Wait for propagation, click “Verify”

5

Create each mailbox one by one

6

Configure forwarding per mailbox

With API Under 2 minutes
1

Agent calls the API to add domain and retrieve DNS requirements

2

Agent updates DNS at registrar API, polls verification until it passes

3

Agent creates mailboxes and configures forwarding — done

Full domain setup in under 2 minutes, zero manual steps. You review the audit log.

What you can build with this

Automated domain onboarding

Your script adds a domain, retrieves required DNS records, updates them at the registrar API, then polls dns_recheck until verification passes. No more copying TXT records between dashboards.

Bulk team provisioning

HR fires a webhook when new employees join. Your automation calls create_invites_bulk with all new hires — each receives a personalized setup invite. The employee sets their own password.

AI-assisted DNS monitoring

Your AI agent reviews DNS health across all domains, identifies failing SPF/DKIM/DMARC checks, explains what needs to change, and triggers rechecks after you update records — conversationally.

Forwarding & Filters at scale

Your script reads forwarding configuration and mail filters across all mailboxes, identifies inconsistencies, updates rules, and manages auto-replies programmatically — what would take hours through the dashboard for a large account.

Agent identity on your domain

Give each AI agent its own agent@yourdomain.com address. Recipients see a real business sender, not a generic no-reply. One API call creates the mailbox with a generated password.

Compliance-friendly automation

Every API action is logged with token, IP, and timestamp. Delete intents create an explicit record of intent, risk evaluation, and confirmation — the paper trail you need when automation manages sensitive infrastructure.

Inbox monitoring & full email operations

Your agent polls unread messages, reads content, drafts and schedules replies, manages contacts, and organises the calendar — with dual safety gates on every send. Monitor support inboxes, triage mail, or build AI-powered workflows.

Spam protection monitoring

Pull spam metrics per domain — how many emails were filtered, what percentage was spam, which threats were blocked. Use get_spam_summary to check protection status across all your domains in one go.

Email list verification

Verify email lists programmatically — check single emails or submit bulk lists via API. Run up to 25 validation checks including syntax, MX, disposable detection, domain reputation scoring, SMTP mailbox verification, and catch-all detection. Choose Quick (1 credit) or Deep (2 credits) mode.

Document workflow automation

Your agent fetches PDFs from an external API, uploads them to a customer's Drive folder with drive_file_upload, creates a share link with 30-day expiry via drive_share_create, and emails the link automatically — no inline attachments hitting 25 MB limits.

AI-managed file archive

Your agent organizes incoming attachments — categorizes by sender into Drive folders with drive_folder_create, moves files via drive_file_move, generates audit reports. Soft-delete + 30-day trash means mistakes are reversible.

See it in action

An AI agent managing email infrastructure through MCP — in real time.

MCP Session — trekmail
▶ Agent: List my domains
Found 3 domains: acme.com verified · widgets.io pending · beta.dev verified
▶ Agent: Create support@acme.com
Mailbox created — support@acme.com (password auto-generated)
▶ Agent: Check DNS health for acme.com
✓ SPF ✓ DKIM ✓ DMARC — all records verified
▶ Agent: Read my unread messages
3 unread in INBOX — “Invoice #4021” · “Meeting tomorrow” · “Welcome to TrekMail”
▶ Agent: Upload Q1 report to /Documents and share it
Uploaded Report_Q1.pdf (2.4 MB) · Share link: /d/xK3a9F (30-day expiry)

Works with your existing stack

Use the MCP server, the REST API, or both. Standard protocols, no vendor lock-in.

MCP Server

Connect Claude Desktop, Claude Code, OpenClaw, Cursor, or Windsurf directly. 181 tools — including 38 Drive tools, 52 message tools for contacts, calendar, drafts, scheduling, and more. Automatic idempotency, stdio transport.

OpenClaw

The fastest-growing open-source AI agent uses MCP as its adapter layer. Point OpenClaw at the TrekMail MCP server to manage email infrastructure conversationally.

n8n / Make

Call the REST API from any HTTP node in your workflow automation platform. Bearer token auth, JSON in, JSON out.

Custom agents (Python, Node, Go)

Any HTTP client that can send bearer tokens works. Import the OpenAPI spec to generate typed SDKs in your language.

OpenAPI / Codegen

Import /api/openapi.json into Postman, Insomnia, or your SDK generator. Full schema with examples.

Any MCP-compatible client

Standard stdio transport. Any client that speaks Model Context Protocol can connect — no vendor lock-in.

TrekMail is not affiliated with or endorsed by any third-party tool listed above. Integration works through standard protocols (MCP, HTTP).

Get started in 5 minutes

Three steps to connect your first agent or script.

1

Create an API token

Go to AI Agents & API in the sidebar. Name your token, choose scopes (read-only or full access), and optionally restrict it to specific domains. For email read/send, also create a message token.

2

Choose your integration

First, clone and build the MCP server:

git clone https://github.com/trekmail/mcp-server trekmail-mcp
cd trekmail-mcp
npm install && npm run build

Then add this to your Claude Desktop, Claude Code, OpenClaw, Cursor, or Windsurf config:

{
  "mcpServers": {
    "trekmail": {
      "command": "node",
      "args": ["./trekmail-mcp/build/index.js"],
      "env": {
        "TREKMAIL_BASE_URL": "https://trekmail.net",
        "TREKMAIL_API_TOKEN": "tm_live_your_token",
        "TREKMAIL_MESSAGE_TOKEN": "tm_msg_your_token",
        "TREKMAIL_ALLOW_SENDING": "false",
        "TREKMAIL_ALLOW_MIGRATION": "false"
      }
    }
  }
}

Base URL: https://trekmail.net/api/v1

curl -H "Authorization: Bearer tm_live_..." \
     https://trekmail.net/api/v1/domains

# Idempotent writes require an Idempotency-Key header:
curl -X POST \
     -H "Authorization: Bearer tm_live_..." \
     -H "Content-Type: application/json" \
     -H "Idempotency-Key: create-support-2026" \
     -d '{"domain_id": 1, "local_part": "support"}' \
     https://trekmail.net/api/v1/mailboxes
3

Make your first call

List your domains to verify everything works. You should see your domains and their DNS status in the response.

curl -H "Authorization: Bearer tm_live_..." \
     https://trekmail.net/api/v1/domains
MCP Quickstart docs → Full API documentation → OpenAPI spec (JSON) →

Security designed for autonomous agents

Every safeguard is enforced server-side. No amount of prompt manipulation can bypass token scopes or skip deletion steps.

Least-privilege scopes

Grant only the scopes your agent needs. Read-only tokens can't modify or delete anything. Token creation defaults to minimum scopes for your plan.

Domain constraints

Restrict a token to specific domains. Your agent managing client-a.com can't see or touch client-b.com. Other domains return 404 as if they don't exist.

One token per workflow

Create separate tokens for each agent or automation. Revoke one without affecting others. Each token has its own rate limit and audit trail.

Two-step delete intents

Deletion requires creating an intent (which surfaces risk flags), waiting up to 10 minutes, then explicitly confirming with a required header. No single-call delete.

Prompt-injection resilience

Tokens are scoped server-side. Even if your agent's prompt is manipulated, the token can't exceed its granted permissions. Review actions anytime in the audit log.

Dual-gate email sending

Email sending requires two independent safety gates: TREKMAIL_ALLOW_SENDING=true in the environment and confirm_send=true on every send call. Neither gate alone is enough — both must pass before any email leaves the server.

Drive soft-delete & 30-day trash

Agents can move Drive files and folders to trash, but a 30-day soft-delete window means accidental deletions are recoverable. Permanent purge requires an explicit second call — same two-step pattern as mailbox deletion.

Share-link rate limits & expiry

Drive share links can be created with download caps and expiry dates. Public download endpoints are rate-limited per IP and per link, so a misbehaving agent can't accidentally DDoS its own share links.

EU data residency

All email and Drive data is stored and processed in the EU (France) under GDPR. API endpoints connect to EU servers — your content does not leave the EU regardless of where your agent runs.

Drive API & MCP

Give your agent a cloud drive

Your AI agent can upload, browse, share, and organize files in TrekMail Drive — through REST API or MCP tools. Same dual-gate safety, audit trail, and EU residency as the email APIs.

  • 38 MCP tools — browse folders, upload (single + multipart), download, move, rename, share, trash, restore.
  • Multipart uploads — agents stream large files in chunks with automatic part-hash verification and resume support.
  • Shareable links — create / revoke programmatically, with optional download limits and expiry dates.
  • Soft-delete + 30-day trash — agent mistakes are reversible; nothing is gone until purged.
  • Works with Claude, OpenAI, OpenClaw — any MCP-compatible agent. REST API for everything else.
Learn more about Drive API 
# MCP: Ask Claude to organize files in Drive
User: Upload Q1_report.pdf to /Documents and share it for 30 days

Claude: I'll handle the upload and create a share link.
→ calling drive_file_upload(local_path="Q1_report.pdf", folder="Documents")
← file_id: drv_f_8aK2, size: 2.4 MBcalling drive_share_create(file_id="drv_f_8aK2", expiry_days=30)
← share_url: /d/xK3a9F

# REST API: Multipart upload for large files
curl -X POST /api/v1/drive/upload/initiate \
  -d '{"name":"video.mp4","size":524288000,"parent_id":...}'

Email Verification API

Let your agent verify emails

Your AI agent can verify any email address through MCP tools or REST API — single checks in 200ms, bulk lists up to 50K. No manual work, no browser needed.

  • 8 MCP tools — verify single, bulk, check credits, download results, cancel jobs.
  • Quick & Deep modes — 23 or 25 checks per email, including SMTP mailbox verification.
  • Works with Claude, OpenAI, OpenClaw — any MCP-compatible agent.
  • Credits from €0.09/email — free monthly credits included with every plan.
Learn more about Email Verifier 
# MCP: Ask Claude to verify an email
User: Check if sarah@techcorp.com is valid

Claude: I'll verify that address now.
→ calling verify_email("sarah@techcorp.com", mode="deep")

Result:
  status: safe
  trust_score: 98
  smtp_status: accepted
  checks_passed: 25/25

# REST API: Bulk verify
curl -X POST /api/v1/verify/bulk \
  -d '{"emails": [...], "mode": "deep"}'

API access by plan

Every paid plan includes API access. Higher tiers unlock write scopes and more domains.

Included with API Access

MCP Server

Scoped bearer tokens

Two-step delete safety

Full audit log

Monthly Yearly -20% yearly

Starter

/mo

  • 50 Domains
  • 100 Users/domain
  • 15GB Storage
  • 100 Verifier Credits/mo
  • 6,000 Emails/day
  • API & MCP access:
  • Email Aliases (30/mailbox)
  • Mailbox Forwarding
  • Read-only API (10 scopes)
  • MCP Server (read-only)
  • Cloud Drive (full API & MCP)
  • Vacation Auto-Reply
  • No write operations
BEST FOR AGENTS

Pro

/mo

  • 100 Domains
  • 300 Users/domain
  • 50GB Storage
  • 300 Verifier Credits/mo
  • 15,000 Emails/day
  • Everything in Starter, plus:
  • Full API (all scopes)
  • MCP Server (143 tools)
  • Message tokens (read, send, contacts, calendar)
  • Email Aliases (50/mailbox)
  • Mail Filters (10/mailbox)
  • Priority Support
BEST VALUE

Agency

/mo

  • 1,000 Domains
  • 1,000 Users
  • 200GB Storage
  • 1,000 Verifier Credits/mo
  • 40,000 Emails/day
  • Everything in Pro, plus:
  • Email Aliases (100/mailbox)
  • Mail Filters (50/mailbox)
  • Raw Sieve Editor
  • Dedicated Support

Drive Storage Add-on

Available on any plan. Auto-renews · Cancel anytime.

Enterprise

Need more than 1,000 domains? Custom SLA? Dedicated infrastructure?

AI Agents & API FAQ

No — every plan can use the API. Nano gives you the Email Verifier API, and a Drive Storage Add-on on Nano unlocks the full Drive API and 38 Drive MCP tools. Starter adds read access across domains, mailboxes, forwarding, mail rules, auto-reply, migrations, tickets, SMTP and Cloudflare — plus full Email Verifier and full Drive. Pro and Agency get the lot: read, write, create, delete across every family, plus message tokens for email read/send.
MCP (Model Context Protocol) is an open standard for connecting AI agents to external tools. The TrekMail MCP server exposes 181 tools that let agents manage domains, mailboxes, aliases, DNS, invites, forwarding, mail filters, auto-reply, sieve, SMTP configuration, spam metrics, support tickets, account and billing, email migrations (single and bulk), email verification, Cloudflare DNS, and the full webmail surface — messages, attachments, drafts, scheduled send, contacts, contact groups, calendar, identities, templates, and blocked senders — through natural language. It works with Claude Desktop, Claude Code, Cursor, Windsurf, OpenClaw, and other MCP-compatible clients.
Not easily. Deletion requires two explicit API calls: first create a delete intent (which returns risk flags and expires in 10 minutes), then confirm it with a separate request and a required X-Confirm-Delete header. The MCP server has delete tools disabled by default — you must set TREKMAIL_ALLOW_DESTRUCTIVE=true to enable them.
No. TrekMail is not affiliated with or endorsed by any third-party tool. Integration works through standard protocols: MCP for AI agents and HTTP/REST for automation platforms. Any tool that supports bearer-token HTTP requests or MCP stdio transport can connect.
When creating a token, select specific domains instead of "All domains." The API enforces domain constraints on every request — the agent can only see and modify resources within those domains. Resources on other domains return 404 as if they don't exist.
Existing tokens are not deleted, but the API blocks requests that use scopes not available on your current plan. Read-only scopes on a Starter plan continue to work. Write operations return 403 with a "token_scope_blocked_by_plan" error. Revoke the old token and create a new one with allowed scopes.
Yes. Create a message token (tm_msg_ prefix) on the AI Agents & API page to unlock 6 message tools (list, read, send, delete, move, list folders) plus 6 migration tools for importing email from other providers. Email sending has dual safety gates — you must set TREKMAIL_ALLOW_SENDING=true in the MCP environment and pass confirm_send=true on every send call. Message tokens are available on Pro and Agency plans.
Your email and Drive data is stored in the EU (France), protected under GDPR. Agent API calls connect to our EU servers — your content does not leave the EU. Note that the AI agent itself (e.g., Claude, Cursor) may process message content according to its own provider's policies.
Yes. The Drive MCP server exposes 38 tools covering browse, upload (single and multipart for large files with resume support), download, move, rename, share, trash, and restore. Drive API write scopes are available on Pro and Agency plans; read-only scopes are available on Starter. Share links can be created programmatically with optional download caps and expiry dates.
Per-file upload supports up to 5 GB via multipart with automatic chunking. Total Drive storage equals your plan quota (5 GB Nano, 15 GB Starter, 50 GB Pro, 200 GB Agency) plus any Drive Storage Add-on subscription. Agents see and consume the same quota as the user.

Give your agents a real business inbox and cloud drive.

Start a free trial. Connect your first agent in under 5 minutes.

View Quickstart

Nano plan — free for now, no card required. Paid plans include a 14-day trial.

We use cookies for essential functionality. No ads, no ad tracking.

or
Continue with Google Continue with Facebook Continue with X Continue with Microsoft
or
Continue with Google Continue with Facebook Continue with X Continue with Microsoft

Reset email sent

If an account exists for this email, we've sent password reset instructions.

By continuing, you agree to TrekMail's Terms and Privacy Policy.