Transparent IMAP/SMTP proxy with fine-grained permission rules. Control exactly which emails can be read, sent, or deleted — with optional human-in-the-loop approval.
# Who can access email — and what they can do [[rules]] name = "AI can read invoices" folders = ["Invoices"] operations = ["mail:read"] action = "allow" [[rules]] name = "Outbound requires approval" operations = ["mail:send"] action = "ask" ask_groups = ["security"] [[rules]] name = "Deny everything else" action = "deny" # Who gets notified for approval [ask.groups.security] recipients = ["security@company.com"]
100%
On-premise
0 bytes
Email data we see
1 binary
No dependencies
TOML
Config as code
AI agents need email access to be useful. But giving them full access is reckless.
Most AI agents get full inbox access when they only need to read invoices. One prompt injection away from exfiltrating sensitive data.
App passwords are all-or-nothing. OAuth scopes are too broad. Email providers don't offer folder-level or sender-level restrictions.
Enterprise DLP solutions route email through their servers. You're trusting a third party with every message. Mailgator runs on YOUR infrastructure.
Mailgator sits between your email client and your mail server. Invisible to both.
AI Agent / Client
IMAP / SMTP
Mailgator
Rules & Filtering
Mail Server
Gmail, Fastmail, etc.
Write TOML rules: which folders, which senders, which operations. Allow, deny, or require human approval.
Change the IMAP/SMTP server address in your AI agent or email client to Mailgator's address. Everything else stays the same.
Mailgator enforces your rules transparently. The ask action lets you approve or deny sensitive operations via email or web UI.
Single binary. No dependencies. Just download and run.
Apple Silicon & Intel — auto-detected
Via Homebrew (recommended):
brew tap mailgator/tap brew install mailgator
Or via install script:
curl -sS https://mailgator.io/install.sh | sh
x86_64 & ARM64
Via Homebrew (recommended):
brew tap mailgator/tap brew install mailgator
Or via install script:
curl -sS https://mailgator.io/install.sh | sh
Or download directly:
x86_64
Windows (x86_64)
mailgator-windows-amd64.exe
Everything you need to control AI email access. Nothing you don't.
Filter by folder, sender, recipient, and operation type. Combine with allow, deny, or ask actions. First match wins.
The ask action pauses the operation and notifies you. Approve or deny via email reply or web UI.
Standard IMAP and SMTP. Works with any email client, any provider, any AI framework. No SDK, no API changes.
Runs entirely on your infrastructure. Email credentials never leave your network. We only validate your license — zero data exposure.
One TOML file. Version-controlled, reviewable, deployable. No web dashboard clutter — just clean infrastructure-as-code.
Download, configure, run. No runtime dependencies. Written in Go for maximum portability and performance.
One proxy. Fair prices. No per-seat nonsense.
Every plan starts with a free 7-day trial. No credit card required.
€72 €36 billed annually
€240 €144 billed annually
Need more? Contact us for custom enterprise pricing.
CI/CD pipelines, monitoring alerts, and ticket systems that need email access. Mailgator gives you CLI-native, TOML-based access control that fits right into your infrastructure-as-code workflow.
Building agents that process email? Mailgator ensures your agent only accesses what it should. The ask action gives humans veto power over outbound emails — the missing safety net for autonomous agents.
One TOML file between total chaos and fine-grained control.