Agent.Email: AI Agents Sign Up via curl, Claimed by Human OTP

AgentMail (YC S25) ran an experiment called Agent.Email — a signup flow designed for AI agents, not humans. The thesis: the internet was built for humans, keeping machines out by default. Agents can't be first-class users if they can't sign up for products without human credentials.

How It Works

• Agent needs an inbox and hits AgentMail via curl.
• Agent receives instructions via Markdown (or HTML if from a browser).
• Agent hits the sign-up endpoint with its human's email as a parameter.
• Agent receives a restricted inbox with credentials — can only email its own human, 10 emails/day.
• Agent emails the human asking for an OTP; human replies with the code.
• Restrictions are lifted once claimed.
• Sign-up endpoint is rate-limited hard by IP.

Currently it's 1:1 agent-to-human; many-to-one is next.

Design Changes from Human-First Assumptions

Building Agent.Email pushed AgentMail to revisit assumptions:

• CLI outputs now use a single column with consistent formatting — mixed delimiters are easy for humans but hard for agents to parse.
• Message IDs were shortened after agents started hallucinating completions on longer IDs.

Community Questions

• Is restricted-until-claimed the right trust model?
• Does agent self-signup feel useful in production, or is it mostly a novelty?
• Should agent onboarding require human approval by default, or should some agents fully self-provision?
• What additional measures can be taken for secure sign-ups?

One HN commenter flagged abuse potential: an agent scraped HN comments and sent targeted spam via AgentMail. The email included a List-Unsubscribe header pointing to api.agentmail.to. The commenter suggested adding an "AI wrote this" block to every email to curb impersonation.