Inbound email is the hard half of agent email. MIME is messy, replies include history, attachments can be unsafe, and the sender identity may not map cleanly to an app user. This guide covers the practical inbound pipeline for agent products.
last updated 2026-05-074 sections
section 01
Inbound pipeline
The pipeline starts with MX records and ends with a validated task for the agent. Keep every transformation explicit: raw message, parsed payload, normalized fields, user match, policy decision, agent task, and audit record.
step
output
required check
Receive
Raw MIME or provider event.
Message ID captured.
Parse
Headers, text, HTML, attachments.
Quoted text and attachments handled.
Normalize
Clean body and structured fields.
Schema validation passed.
Identify
User, account, or external sender.
Ambiguous identity routed to review.
Authorize
Allowed action and risk level.
Policy matched before model input.
Dispatch
Agent task or human review item.
Audit log created.
section 02
Validation checklist
Provider webhooks should be treated like any other external API surface. Validate before enqueueing the task. Do not rely on obscurity of the webhook URL.
okVerify signature or shared secret.
okReject events with missing provider message ID.
okDeduplicate by provider message ID and recipient mailbox.
okEnforce attachment size and type limits.
okNormalize sender and reply-to separately.
okStore raw payload for debugging with retention controls.
section 03
Structured extraction
Agents should not act directly on free-form email text. Extract a narrow structured object first, then validate it. The extraction schema should include intent, entities, confidence, risks, requested action, and whether human review is required.
field
purpose
example
intent
What the sender appears to want.
reschedule_meeting
entities
Specific objects from the email.
date, account, invoice, order_id
confidence
Whether the model is certain enough.
high, medium, low
risk
Reason to slow down or require review.
new recipient, money movement, attachment
requested_action
The possible tool call.
send_reply, create_ticket, update_crm
review_required
Policy gate before action.
true or false
section 04
Provider fit
Inbound, CloudMailin, Mailgun Routes, Postmark Inbound, and SendGrid Inbound Parse all fit different shapes. The deciding questions are payload quality, retry behavior, attachment handling, domain routing, and debugging logs. If inbound is central to the product, choose the provider around inbound first and outbound second.