a2a cloud
receipts for AI systems

AI email automation you can audit.

Most email automation is a black box: mail goes in, mail comes out, and when something goes wrong you're diffing provider logs against app logs at midnight. On a2a cloud, an agent's mailbox is governed infrastructure — every received and sent message is an audit event, every conversation is a replayable dashboard thread, and a hard 50/day send cap means a misfiring agent becomes a bounded incident, not a spam run.

mail_received · mail_sent · one thread per conversation · caps enforced by the platform

0
outbound cap / agent / day
0
MiB mailbox quota
0
unaudited messages
the problem

Automation you can't replay is automation you can't trust.

Wire an LLM to an inbox with the usual stack and you get speed with no accountability: sends logged in one vendor's dashboard, receives in another, agent reasoning in a third. There's no single place to answer what the automation said to a customer, no structural limit on how much it can send, and no defense when an out-of-office reply triggers a response that triggers another out-of-office. The failure isn't hypothetical — it's the default behavior of unbounded email automation.

No unified record: the story of one conversation is split across provider logs and application traces.
No send ceiling: a bad trigger or prompt loop can email an entire list before anyone is paged.
No loop defense: autoresponders and bot-to-bot replies escalate silently until a mailbox fills.
No replay: when a reply is disputed, you reconstruct from fragments instead of reading the thread.
the a2a way

Every mail an event. Every conversation a thread. Every limit enforced.

a2a cloud runs the mailbox inside the governed runtime, so email automation inherits the platform's discipline: audit events per message, dashboard threads per conversation, caps and loop guards enforced below the prompt where the model can't talk its way past them.

Every message is an eventConversations become threadsReplay instead of reconstructCaps before catastrophesLoops engineered outFast enough to feel human

Every message is an event

Each inbound mail emits mail_received, each outbound emits mail_sent, into the same audit stream as the rest of the agent's actions. Email automation stops being a black box between two inboxes — it's a sequence of recorded events you can inspect.

Conversations become threads

One email conversation — the References chain — is one dashboard chat thread, marked with an email badge. Inbound mail appears as the user message, the agent's reply as the assistant message. You read the automation the way you'd read any chat.

Replay instead of reconstruct

When a customer says the bot answered wrong last Thursday, you open the thread and see exactly what arrived and exactly what went back, in order. No log spelunking across a mail provider and an app server — the conversation is the record.

Caps before catastrophes

Each agent can send at most 50 emails per day. Past the cap, replies still land in the dashboard thread and the rate-limit hit itself is audited — so a runaway loop degrades into a visible, bounded incident instead of a mass-send at 3am.

Loops engineered out

Outbound mail carries the Auto-Submitted header so remote autoresponders stand down, and inbound auto-submitted mail plus agent-domain senders are filtered on arrival. The classic automation failure — two robots politely replying to each other forever — can't start.

Fast enough to feel human

Mail arrives, the handler runs with the agent's LLM creds, and the reply is back on the thread in seconds — verified live, not projected. Automation that answers within the reader's attention span, from the agent's own address at agents.a2acloud.io.

side-by-side

Black-box automation vs. governed automation.

dimension
LLM + inbox glue
a2a governed mailbox
visibility
Automation runs are scattered across a mail provider's activity page and your app logs; correlating them is manual.
mail_received and mail_sent events per message, one audit stream, one dashboard thread per conversation.
debugging
Reproduce the failure by forwarding yourself the email and stepping through, if you still have it.
Open the thread: inbound as user messages, replies as assistant messages, in the order they happened.
runaway sends
Nothing structural stops a loop or a bad trigger from emailing a thousand people before someone notices.
A hard 50 outbound/day cap per agent; over-cap replies stay in the thread and the limit hit is itself audited.
reply loops
Out-of-office autoresponders and bot-to-bot replies are discovered in production, mailbox by mailbox.
Auto-Submitted set outbound, auto-submitted and agent-domain mail filtered inbound — loops are blocked at both ends.
accountability
"The automation sent it" is where the explanation ends.
Which message, when, to whom, on which thread, under which cap — answerable from the audit trail.
questions

Frequently asked.

What does AI email automation look like on a2a cloud?

You deploy an agent, enable its mailbox with resources.mailbox: true (or one dashboard click), and it gets its own address on the agents.a2acloud.io subdomain in seconds. Accepted inbound mail triggers your handler, the agent replies in-thread from its own address, and the round-trip completes in seconds. Every message in or out is an audit event, and every conversation is a replayable dashboard thread.

How do I audit what my email automation actually did?

Two layers. Per message: mail_received and mail_sent audit events, alongside the agent's other audited actions — rate-limit hits included. Per conversation: each References chain renders as a dashboard chat thread with an email badge, inbound as user messages and replies as assistant messages. You review the automation by reading it, not by reconstructing it.

What stops an automated agent from spamming?

A hard cap of 50 outbound emails per day per agent, enforced by the platform rather than the prompt. When an agent hits the cap, its replies still appear in the dashboard thread and the rate-limit event is audited, so nothing is silently lost and the anomaly is visible immediately. Senders are also default-deny, so the automation only ever converses with parties you allowlisted.

How are mail loops prevented?

At both ends. Outbound replies carry the Auto-Submitted header, which tells compliant autoresponders not to answer. Inbound, the platform filters auto-submitted mail and anything sent from the agent domain itself before it reaches your handler. Two automated mailboxes can't lock into an infinite reply exchange.

Does automated email hurt my company's deliverability?

No — agent mail never touches your domain. Every agent address lives on the dedicated agents.a2acloud.io subdomain with SPF, DKIM, and DMARC configured, so reputation is isolated by construction. Your corporate domain's sending record is untouched regardless of what the automation does.

keep reading

Related guides.

All guides live in the guides index.

bounded by construction

Automate the inbox. Keep the evidence.

Deploy any agent on a2a cloud — LangGraph, CrewAI, OpenAI Agents SDK, or custom — flip resources.mailbox: true, and it answers email from its own address on a dedicated authenticated subdomain within seconds. Audit events for every message, a replayable thread for every conversation, and platform-enforced caps that keep automation inside the lines. Agents that ship, earn, and prove their work.