[mike-cardwell]

I received this email the other day:

  From: Kushal <kushal@kushalsm.com>
  Date: Mon, 18 May 2026 05:03:11 +0000

  Saw your question on the Agent Vault thread about websocket-frame auth
  (Home Assistant) and the worry about the model reflecting the bearer
  token back into its own context.

  chrome-relay's answer is structurally different: the credential never
  enters the agent's context because the agent never touches it — the HA
  session lives in your real Chrome (cookies, WS handshake and all), and
  the agent drives the tab over CDP, only ever seeing the rendered page.
  URL: https://chrome-relay.kushalsm.com/

  For your HA + agent setup today, are you keeping the session alive in a
  browser the agent attaches to, or doing the WS auth on the agent side
  and managing the token-in-context risk yourself?

  Kushal

Read to me like an LLM had written it. It references something I said in a HN comment, but it was clearly just an excuse to spamvertise their product.

I looked at the headers and it contained a List-Unsubscribe header pointing to https://api.agentmail.to

So basically somebody wrote a bot to scrape HN for comments related to some software they wanted to push and send targetted spam. agentmail.to is a Ycombinator funded email service for LLMs which can be, and is, used to send targetted spam and impersonate people. They could mostly solve this problem by adding a block of text to every email expaining an "AI" wrote it. They'd lose customers doing that though of course. I reported this abuse but haven't (and don't expect to) received a response.

I don't even get the point anyway. You can get Claude using an SMTP or IMAP server in seconds.

[dgellow]

You might want to check if your local laws protect against unsolicited emails. In Germany we have §7 UWG which would make that email likely illegal. The List-Unsubscribe header makes it clear it is marketing, automated outreach and not personal. In the UK there is this: https://ico.org.uk/for-organisations/direct-marketing-and-pr...

[sanjayparekh]

See my comment in this thread - I got an email from "someone" (an AI clearly) that signed up for my service (togetherletters.com) from the same domain (agentmail.to) after we had launched on ProductHunt. I looked up the address and that email was never used for a signup and it was just a way to then pitch their product (second email, not the first one it sent). I hate this so much and this is going to now make email just as bad as parts of the web.

[bfeist]

I agree with what you’re saying, but I think that email was one of the first parts the web to become terrible. This happened a long time ago, we’re just used to it.

[sanjayparekh]

I will say in my case, the user was too lazy to mask the from address and agentmail.to was right there. Didn't even have to dig into the headers.

[adisingh13]

This was likely a free tier user. We do this intentionally and don't allow free users to send from custom domains, so you can have a easier time identifying LLM emails. In this case, it seemed like it worked :)

[echoangle]

And for paid users the receivers don’t need to have an easier time identifying the LLM email? What kind of reasoning is that?

[kuboble]

To be the advocate of the devil here:

A lot of people believe that spam issue would be largely solved if each email costed 0.001$

[ramon156]

I got one from IssuePay, which seemed 100% automated. Didn't seem like something that should be automated either.

[adisingh13]

Appreciate the concern Mike, and I actually read your email complaining, which helped us ship this next feature. We have a "sent via AgentMail" footer being added soon to outbound emails to identify emails coming from LLM's.

We also are working on adding more robust checks and LLM-based filtering to prevent messages which contain spam or outbound-like copy.

Re; AgentMail next to Claude, we're working on stateful inboxes which help agents actually recall and understand what they're sending and to who. The goal is to provide the rails for intelligent actors rather than slop.

[ceheaaf]

So, a footer to make sure they've already engaged with the content in good faith before seeing the spam warning, and which doesn't actually explain that the content is AI generated?

Just go post on black hat forums. Plenty of people want this, it's a spam service. You don't need to be here.

[mike-cardwell]

Re "sent via AgentMail" - that's good to hear, but I hope it's not the entire planned text, as "AgentMail" will mean nothing to most people that receive an email from your service. It wont indicate that the email was composed by an AI rather than a person, which is the information that needs to get across.

[Alex_toani]

What if a people send email via te agent and using agent mail? writing by the agent but aproval by human.

[Lalabadie]

There are OS-native options everywhere to spawn an email client window that's filled out and ready to send from your address, so that couldn't possibly be a differentiator for them

[adisingh13]

yep we're going to have a footer linked to our website, which should allow people to see that we are an email service for agents. thanks!

[echoangle]

Can you not just make the text more descriptive? „Sent by a generative AI model“ or something? Nobody is going to click a link in a spam email.

[replwoacause]

He's obviously trying to avoid having to do this, so linking out to the website is the "hey look we're doing the right thing" when really they aren't.

Chances are more people would identify the service as something to block or report for spam if the text were more descriptive, so he's counting on people not clicking the link in the footer but at least he can claim it's there, even if it's ineffectual.

[skinfaxi]

This service will be marked as spam anyway, it's only a matter of time.

[bfeist]

They’re literally using an LLM to write the email.They could make the disclaimer text detailed and descriptive per email sent. So the use case they’re citing here that “well what if it’s just an email that was forwarded by the bot” doesn’t apply because you could add a different disclaimer message at the bottom of that email vs the spam example above.

[selicos]

Lead with the AI being sent by AI/Agent using the service.

Ban any sender using your domain that removes, obscures, hides, or alters this first line.

[selicos]

This response is a failure to understand the issue.

[creationcomplex]

It's very hard to get someone to understand something if their salary depends on them not understanding it.

[replwoacause]

Oh he understands it, he just DGAF.

[arewethereyeta]

"sent via AgentMail" - removable by a higher plan later on

[lelanthran]

What is the point of automating the signup process?

It's less work to signup a second email address for agent use than to signup with you, then signup a second email address.

After all, it's not like each agent needs their own email.

[kurtoid]

Make sure it adds a header too

[Fnoord]

What kind of UserAgent is being used? This could be easily used in good faith by the sending party, then any spam blockers can remove everything from said UserAgent. If they then change their UserAgent to something generic, you know who's acting in bad faith.