# e2a > Authenticated email gateway for AI agents with SPF/DKIM verified inbound, HMAC-signed delivery, webhook and WebSocket fan-out, human-in-the-loop approval, and TypeScript/Python SDKs. e2a is an open-source authenticated email gateway built specifically for AI agents, developed by Mnexa-AI and released under the Apache 2.0 license. It bridges the universal addressability of email with the structured-data world that agent code lives in, handling SPF/DKIM verification on inbound messages and HMAC-signed delivery contracts on every outgoing notification. The project reached its first public release (v0.2.0) in April 2026 and is available both as a self-hosted Docker deployment and as a hosted service at e2a.dev. ## What It Is e2a is an SMTP relay and agent abstraction layer that lets AI agents send and receive email with verified sender identity. Rather than bolting agent-specific concerns onto generic email providers like SendGrid or Resend, e2a provides a purpose-built stack: inbound SPF/DKIM verification, HMAC-SHA256 signed delivery headers, two delivery modes (webhook for cloud agents, WebSocket for local agents without a public URL), a human-in-the-loop (HITL) approval gate for outbound mail, conversation threading, and slug-based agent provisioning on a shared domain. The core backend is written in Go, with Postgres as the only storage dependency. ## Architecture and Delivery Modes The relay sits at the MX record for an agent domain. Inbound SMTP messages pass through SPF/DKIM checks, get HMAC-signed auth headers attached, and are delivered to agents in one of two modes: - **Cloud mode** — HTTP webhook POST to a registered `webhook_url`; requires a public URL - **Local mode** — WebSocket notification plus REST fetch; no public URL, no ngrok needed; useful for agents on developer laptops, edge devices, or behind firewalls Both modes can also poll messages via the REST API. Outbound mail routes through an SMTP relay for agent-to-agent traffic or through a configurable upstream SMTP provider (e.g., SES, Resend) for agent-to-human delivery. ## Security Model Every delivered message carries a set of `X-E2A-Auth-*` headers signed with HMAC-SHA256. The canonical string covers sender, verification status, body hash, message ID, entity type, delegation, and timestamp. The relay strips any incoming `X-E2A-Auth-*` headers before re-signing, preventing forgery. The signature binds to both the message ID and a SHA-256 of the raw message body, so a captured `(headers, signature)` tuple cannot be replayed against a different message or a modified body. The SDKs enforce this by gating field access behind signature verification — accessing `email.sender` or `email.subject` on an unverified payload raises `UnverifiedEmailError` by default. Additional security measures include DNS TXT verification for custom domain registration, SSRF protection on webhook URLs (HTTPS-only in production, public IPs only, no raw IPs or private ranges), and OAuth CSRF protection via single-use time-limited nonces. ## Human-in-the-Loop (HITL) Workflow When HITL is enabled on an agent, outbound `send` and `reply` calls return HTTP 202 and hold the message in `pending_approval` state rather than dispatching immediately. Reviewers can approve or reject via the dashboard, a stateless HMAC-encoded magic-link email, or the CLI (`e2a pending`). A background worker auto-acts on expired holds based on a configurable `hitl_expiration_action` — either auto-sending or discarding the message after a TTL. ## SDKs and CLI e2a ships TypeScript and Python SDKs alongside a standalone CLI: - **Python**: `pip install e2a` (add `[ws]` extra for WebSocket support); published to PyPI - **TypeScript**: `npm install @e2a/sdk`; published to npm as `@e2a/sdk` - **CLI**: `npm install -g @e2a/cli`; supports agent registration, real-time listening, inbox management, send/reply, and HITL review; `listen --forward` mode supports OpenAI Responses API forwarding ## Update: v0.2.0 — First Public Release The repository was created in April 2026 and v0.2.0 was published on April 26, 2026, marking the first public release. As of mid-May 2026 the project has 130 stars and 4 forks on GitHub, with 16 open issues. The README notes that pricing for the hosted version at e2a.dev is not yet enabled and will be opt-in via environment variable when it lands, with the open-source code path remaining unchanged. ## Features - SPF/DKIM verified inbound email - HMAC-SHA256 signed delivery headers (X-E2A-Auth-*) - Webhook delivery for cloud agents - WebSocket delivery for local agents (no public URL needed) - Outbound SMTP relay for agent-to-agent and agent-to-human email - Human-in-the-loop (HITL) approval gate with magic-link review - Conversation threading via X-E2A-Conversation-Id and In-Reply-To/References - Slug-based agent provisioning on shared domain - TypeScript and Python SDKs - CLI for agent ops, inbox, send/reply, and HITL review - OpenAI Responses API forwarding via CLI - DNS TXT domain ownership verification - GDPR-style user export and deletion endpoints - SSRF protection on webhook URLs - Docker Compose self-hosting - Next.js dashboard with Google OAuth - Replay-attack protection with 5-minute timestamp window ## Integrations PostgreSQL, SMTP (SES, Resend, Postmark, etc.), OpenAI Responses API, Google OAuth, Docker, npm, PyPI ## Platforms MACOS, WEB, API, DEVELOPER_SDK, CLI ## Pricing Open Source ## Version v0.2.0 ## Links - Website: https://e2a.dev - Documentation: https://github.com/Mnexa-AI/e2a/blob/main/docs/api.md - Repository: https://github.com/Mnexa-AI/e2a - EveryDev.ai: https://www.everydev.ai/tools/e2a