Email Infrastructure
For Autonomous
Agents.

Deterministic parsing. Immutable ledgers. Safe egress constraints. The first high-trust inbox designed exclusively for machines.

Initialize InboxRead the Contract
Fully operational V1.0 Protocol
~ /system/agent_runtime.sh
thrd.
Deterministic Flow

Real-time telemetry.
No fake volatility.

153,492

Emails Routed

Messages handled by the agent network.

4,731

Agent Accounts

Isolated inboxes created for agents.

Long-Poll Window

25s

Pull-based delivery.

Max Events per Page

100

Stable consumption loop.

Outbound Tiers

3

Built-in trust gates.

Protocol primitives.
Ecosystem integrations.

/ecosystem

OpenClaw
// INTEGRATION

OpenClaw

Autonomous inbox agents

LangChain
// INTEGRATION

LangChain

Email tool orchestration

AgentGPT
// INTEGRATION

AgentGPT

Task-driven agent loops

CrewAI
// INTEGRATION

CrewAI

Multi-agent workflows

AutoGen
// INTEGRATION

AutoGen

Collaborative agent planning

OpenAI
// INTEGRATION

OpenAI Agents SDK

Tool-calling runtimes

Flowise
// INTEGRATION

Flowise

Low-code agent flows

LlamaIndex
// INTEGRATION

LlamaIndex

Data + retrieval actions

Vercel AI
// INTEGRATION

Vercel AI SDK

Streaming agent responses

AutoGPT
// INTEGRATION

AutoGPT

Autonomous task execution

BabyAGI
// INTEGRATION

BabyAGI

Goal-driven agent loops

Fixie
// INTEGRATION

Fixie

Enterprise AI agents

Official MCPnpm: thrd-mcp

Thrd is now available as an official MCP server.

Let any MCP client operate Thrd: triage inbound email, inspect threads, and send/reply with deterministic safety controls. Great for local demos and production agent ops.

View MCP Docsnpm package
  • 01 Signals credibility as an official surface
  • 02 Shortens time-to-first-email
  • 03 Safe-by-default send/reply flows
bash
# Install + run (stdio)
export THRD_API_KEY="thrd_xxx"

npx -y thrd-mcp

Tip: keep THRD_API_KEY scoped to one isolated agent inbox.

Machine Surface

Everything an AI needs to integrate without manual setup.

Canonical host split is explicit: docs on thrd.email, runtime on api.thrd.email.

Machine Checklist

  • 01Provision API key with POST /v1/onboarding/instant
  • 02Load contract from /openapi.json
  • 03Poll events with GET /v1/events
  • 04ACK processed batches via POST /v1/events/ack
  • 05Reply safely via POST /v1/reply
  • 06Track async result via GET /v1/outbound/:id
Download OpenAPI View JSON Examples
canonical_hosts.json
canonical_hosts.json
json
{
  "web": "https://thrd.email",
  "api": "https://api.thrd.email"
}
instant_onboarding.json
instant_onboarding.json
json
{
  "endpoint": "POST https://api.thrd.email/v1/onboarding/instant",
  "request": { "agent_name": "Evaristo Agent", "inbox_prefix": "evaristoagente" },
  "response": {
    "tenant_name_auto_generated": "agent-tenant-a1b2c3",
    "api_key": "thrd.ab12cd34.XXXXXXXXXXXXXXXX",
    "inbox": "[email protected]",
    "plan": "sandbox"
  },
  "next": "GET /v1/events?cursor=0&timeout=25000"
}
email_received_event.json
email_received_event.json
json
{
  "event_id": "1c124bc5-56d9-4ef9-bbc1-9ec1be97b22f",
  "type": "email.received",
  "cursor": "90421",
  "payload": {
    "thread_id": "031830f3-27b0-4b3b-a8f2-e4235ce5d90e",
    "from": "[email protected]",
    "subject": "Invoice missing",
    "text_preview": "Hi, can you send the invoice?"
  }
}
Protocol Primitives

High-trust infrastructure.
Zero unverified actions.

// claiming

Domain Claiming

Verify agent identity via DNS. Bind machine keys to human-auditable domains to prevent spoofing.

txt @ v=spf1 include:_spf.thrd.email ~all
// por

Proof of Receipt

Every routed payload returns a cryptographic hash and SMTP delivery timestamp.

sys.events.por { tx: '0x8f2a...', ts: 1718293 }
// feedback

Alignment Loop

Human replies in threads are automatically parsed into structured reinforcement payloads.

sys.events.correction { delta: +0.45, human: true }
// score

Target Score Limits

Outbound throughput scales dynamically based on recipient engagement and bounce latency.

cfg.policy.tier -> upgraded (score >= 0.92)
Prompt Shield Default

Deterministic firewalls for agentic workflows.

Every inbound thread and outbound payload passes through an impenetrable, deterministic policy engine. Jailbreaks, prompt injections, and off-policy commands are halted before they ever execute.

  • Pre-execution Scanning: Halts malicious payloads before agents process them.
  • Format Validation: Ensures payloads match predefined strict JSON schemas.
  • Rate & Depth Limits: Prevents infinite recursive loops and API burnout.
AWAITING PAYLOAD
{
  "agent_id": "ag_9xl2q8",
  "intent": "schedule_meeting",
  "parameters": {
    "time": "Tomorrow 10AM EST",
    "attendees": ["[email protected]"]
  },
  "action": "reply.send"
}

The Runtime Pipeline

How emails flow to agents.

Thrd sits between the chaotic open internet of email and the strict deterministic boundaries of your agent runtime.

latency: <200ms

1. Global Ingress

Inbound SMTP traffic is terminated safely. High-reputation IPs ensure deliverability, while spam/bounces are handled before they hit your agent.

format: strict json

2. Deterministic Parsing

Messy MTA headers, quoted HTML threads, and attachments are stripped and normalized into clean, typed, agent-readable JSON payloads.

buffer: 14 days

3. Thrd Runtime Broker

Payloads are queued in isolated tenant partitions. Thrd handles backpressure and retry logic, decoupling SMTP volatility from your AI.

transport: http / stdio

4. Agent Consumption

Your agent loops pull from the queue via long-polling or MCP. Process events at your own token-rate limit without timing out public webhooks.

Comparisons & Integrations

Guides written for humans, usable by machines.

If you are evaluating email for autonomous agents, start here. These pages are deliberately concrete: trade-offs, failure modes, and implementation patterns.

SecurityRead

Prompt Shield for Agent Email

How THRD detects prompt injection in inbound emails and blocks risky agent actions at runtime.

ComparisonRead

THRD vs SendGrid for AI Agents

What changes when the sender is an autonomous agent, not your app backend.

LangChainRead

Best Email API for LangChain

A practical, tool-first pattern: OpenAPI surface + event loop + idempotent replies.

OpenClawRead

Give an OpenClaw Agent an Inbox

Provision a dedicated inbox for OTPs and accounts without touching your personal email.

ComparisonRead

THRD vs Mailgun for AI Agents

ESP flexibility vs agent-native inbox loops, safety gates, and deterministic event processing.

ComparisonRead

THRD vs Resend for AI Agents

When modern transactional APIs are not enough for autonomous agent workflows.

ComparisonRead

THRD vs Postmark for AI Agents

How to choose between high deliverability app email and policy-first agent email.

CrewAIRead

Best Email API for CrewAI

A production pattern for crew-based agents: inbox polling, idempotent replies, and safe outbound.

AutoGenRead

Best Email API for AutoGen

A practical loop for multi-agent AutoGen systems that need inbox memory and thread-safe responses.

Pricing

Human-clear pricing,
machine-ready onboarding.

Sandbox onboarding is instant through POST /v1/onboarding/instant. Your API key is returned in the response and can be used immediately.

Tier 1
Free or 9 EUR/mo

Sandbox reply-only

Instant API key provisioning. Reply in existing threads only.

  • Free: 100 emails/month
  • Starter: 2,000 emails/month (9 EUR)
  • Long-poll events + ACK
  • Thread-locked outbound
  • New outbound conversations
  • Custom sending domain
Start Instantly
Recommended
Tier 2
29 EUR/mo

Outbound limited

Controlled new outbound with allowlist, relationship, consent or grant checks. Human Claiming boosts limits.

  • Up to 10,000 emails/month
  • Tier 1 capabilities included
  • Policy-gated new outbound
  • Suppression + risk checks
  • Ramp-up limits
  • Human Claiming boost (optional)
  • Custom sending domain
Upgrade to Tier 2
Tier 3
99 EUR/mo

Verified outbound

High-volume outbound with domain verification, stronger controls and cold outbound.

  • Up to 50,000 emails/month
  • Tier 2 capabilities included
  • Custom domain
  • Cold outbound
  • Higher limits and auditability
  • Human Claiming required
Talk to Sales

// API keys are provisioned instantly in Tier 1. Store them securely. Billing and upgrades are enforced by plan policies.

FAQ

Clear answers for launch and integration.

How does an AI get an API key instantly?+

Call POST /v1/onboarding/instant. The response returns tenant, inbox, API key and bootstrap endpoints in one step.

Do I need a public HTTPS webhook on the agent machine?+

No. THRD is pull-first. Agents consume events with GET /v1/events and acknowledge with POST /v1/events/ack.

Where does the machine contract live?+

The canonical API contract is available at api.thrd.email/openapi.json and includes response examples and event envelopes.

Why does Tier 3 require Human Claiming?+

Verified outbound requires accountability. A real human claims responsibility by posting a challenge on X and connecting their account for automatic verification.

What happens when a recipient marks spam or blocks an agent?+

Thrd records feedback and can automatically add a complaint suppression for that recipient. The runtime also receives machine-readable events (feedback.received, suppression.added).

How is outbound controlled in production?+

Tier 1 is reply-only. Tier 2 enables limited new outbound with trust checks. Tier 3 adds verified outbound controls and higher limits.