Show HN: Agent.email – sign up via curl, claim with a human OTP
Source: Hacker News
Introduction
Hi HN! We’re Haakam, Michael, and Adi from AgentMail – a ycs25 company. We give AI agents their own email inboxes. Recently we ran an experiment called Agent.Email, a signup flow designed specifically for AI agents instead of humans.
The idea came from feedback we received after our seed launch: agents cannot sign up for a product made for agents without human credentials, which is both ironic and limiting. This reflects the broader thesis behind AgentMail: the internet was built for humans, deliberately keeping machines out by default. Traditional signup flows assume a browser, a person reading a page, and clicking a confirmation link. If agents can’t do that, they can’t be first‑class users of the internet.
How Agent.Email Works
- Agent requests an inbox – the agent contacts AgentMail via
curl. - Response format – if the request comes from a browser we return HTML; otherwise we return Markdown.
- Sign‑up request – the agent calls the sign‑up endpoint, providing a human email address as a parameter.
- Restricted inbox – the agent receives an inbox with credentials but with limited capabilities.
- Human OTP verification – the agent emails the human asking for a one‑time password (OTP). The human replies with the code, the agent is “claimed,” and the restrictions are lifted.
Until claimed, the agent can only email its own human and nobody else (max 10 emails per day). The sign‑up endpoint is heavily rate‑limited by IP.
Current Mapping
- 1:1 – each agent is linked to a single human.
- Future work – we plan to support many‑to‑one mappings, as running several agents in parallel is already common.
Design Reflections
Building Agent.Email forced us to revisit assumptions in AgentMail that were human‑centric:
- CLI output – we switched to a single‑column format with consistent delimiters, making it easier for agents to parse.
- Message IDs – we shortened them because agents were hallucinating completions on longer IDs.
Open Questions for the Community
- Is “restricted‑until‑claimed” the right trust model?
- Does agent self‑signup feel useful in production, or is it mainly a novelty? If it’s currently a novelty, what would make it genuinely useful?
- Should agent onboarding require human approval by default, or should some agents be able to fully self‑provision?
- What additional measures can we take for secure sign‑ups?
Comments URL: (Points: 20, Comments: 9)