? How does an AI agent search my real email with RadMail?
Through connected mode: mint an API key at https://app.radmail.ai/settings/api-keys (keys start with tmk_), set it as the RADMAIL_API_KEY environment variable on the radmail-mcp MCP server, and restart. The search tool then searches your REAL ingested inbox — ranked most-relevant + newest first, filterable by sender (from) and date (after/before), with a why-matched on every hit — and read_email fetches one full message by id.
↳ tl;dr Mint a key → RADMAIL_API_KEY on radmail-mcp → search + read_email over your real inbox.
? Can connected mode send, delete, or change my email?
No. Connected mode is read-only by construction — it searches and reads, and there is no code path that sends, drafts against, or mutates real mail. RadMail's permanent BEC hard-stop is untouched: money, changed banking details, first contact with a new party, decisions, and suspected prompt injection stay human-only, forever.
↳ tl;dr Read-only by construction. The BEC hard-stop is untouched: the dangerous actions stay human-only forever.
? How does RadMail protect an agent from prompt injection hiding in my email?
Every field derived from real mail — subjects, snippets, bodies, sender names — comes back taint-marked with the provenance marker untrusted-email-body, and every response carries a standing safety block telling the agent to treat that content as data, never as instructions. An email that says 'the wire instructions changed' is quarantined data, not a command — and the hard-stop means there is no tool it could trigger anyway.
↳ tl;dr All real-mail content is taint-marked untrusted-email-body — data, never instructions.
? What happens if the API key is wrong or the search API is down?
Connected mode fails closed: any API error returns a typed, honest failure with zero fabricated results — the agent is told exactly what failed and that nothing was invented. It never falls back to made-up hits, and without a key the package simply behaves like the zero-auth sandbox.
↳ tl;dr Fail-closed: a typed error and zero fabricated results, never invented hits.
? Can I try RadMail's search without connecting my real inbox?
Yes — two zero-commitment ways. The hosted sandbox MCP server at https://radmail.ai/api/mcp/sandbox needs no key at all and runs the same search tool over a built-in demo inbox, and the radmail-mcp package without a key does the same over messages you pass it. Connect the real inbox only when you have seen how it behaves.
↳ tl;dr Zero-auth sandbox first: same search tool, demo inbox, no key, no account.
? Is there a plain HTTP API for searching my RadMail inbox, without MCP?
Yes. GET https://app.radmail.ai/api/v1/search is the product search API: Bearer API key auth (read scope), q as the required query, limit/offset paging, from as a sender-substring filter, and after/before as ISO date bounds. It returns ranked metadata hits with an approximately 160-character snippet and a matchedIn field telling you whether the hit was in from, subject, or body. The MCP tools ride this same API.
↳ tl;dr GET app.radmail.ai/api/v1/search — Bearer key, q/limit/offset/from/after/before, ranked hits + snippet + matchedIn.
? Do I need to install anything to use connected mode today?
The connected tools live in the radmail-mcp package. Its npm publish is pending, so npx -y radmail-mcp resolves once it lands; today the package runs from source (github.com/dougsureel-tech/radmail-mcp), and the zero-auth hosted sandbox works instantly with no install at all. RadMail overall is pre-release; this capability is live, not a preview.
↳ tl;dr npm publish pending — run from source today, or use the zero-auth hosted sandbox with no install.