How to Prevent AI Agents from Sending Emails

SafeClaw by Authensor blocks all email-sending actions by default, preventing AI agents from sending unauthorized messages through SMTP, email APIs, or system mail commands. Install SafeClaw with npx @authensor/safeclaw and every email attempt — whether via sendmail, SendGrid API, or SMTP client — is denied and recorded in a tamper-proof audit log.

Why Email Sending Is Dangerous When AI Agents Do It

An email sent by an AI agent carries your organization's identity. A single unauthorized email can constitute phishing if it mimics internal communications, breach contractual obligations if it discloses confidential information, violate CAN-SPAM or GDPR if it contacts people without consent, or damage your sender reputation if it triggers spam filters. Agents construct email content from LLM outputs, which means hallucinated facts, inappropriate tone, or injected instructions can end up in inboxes. Bulk email loops are particularly dangerous — an agent in a retry cycle can send hundreds of messages before a human notices. Email is also an exfiltration vector: an agent can attach files or encode data in the message body.

The Exact SafeClaw Policy to Block Email Sending

Add these rules to .safeclaw/policy.yaml:

rules:
  # Block shell-based email tools
  - id: deny-sendmail
    action: shell.exec
    match:
      command: "sendmail*"
    effect: deny
    audit: true
    message: "sendmail is blocked for AI agents."

- id: deny-mail-command
    action: shell.exec
    match:
      command: "mail *"
    effect: deny
    audit: true
    message: "mail command is blocked for AI agents."

- id: deny-mutt
    action: shell.exec
    match:
      command: "mutt *"
    effect: deny
    audit: true
    message: "mutt is blocked for AI agents."

# Block SMTP connections
  - id: deny-smtp-25
    action: network.request
    match:
      destination: "*:25"
    effect: deny
    audit: true
    message: "SMTP port 25 connections are blocked."

- id: deny-smtp-587
    action: network.request
    match:
      destination: "*:587"
    effect: deny
    audit: true
    message: "SMTP port 587 connections are blocked."

- id: deny-smtp-465
    action: network.request
    match:
      destination: "*:465"
    effect: deny
    audit: true
    message: "SMTPS port 465 connections are blocked."

# Block email API services
  - id: deny-sendgrid-api
    action: network.request
    match:
      destination: "api.sendgrid.com"
    effect: deny
    audit: true
    message: "SendGrid API access is blocked."

- id: deny-ses-api
    action: network.request
    match:
      destination: "email..amazonaws.com*"
    effect: deny
    audit: true
    message: "AWS SES access is blocked."

- id: deny-mailgun-api
    action: network.request
    match:
      destination: "api.mailgun.net"
    effect: deny
    audit: true
    message: "Mailgun API access is blocked."

# Block programmatic email action
  - id: deny-email-send
    action: email.send
    match:
      to: "*"
    effect: deny
    audit: true
    message: "Email sending is blocked for AI agents."

This multi-layered approach blocks email at every level: shell commands, SMTP network connections, email service APIs, and the programmatic email.send action type.

What Happens When the Agent Tries

When an agent attempts to send an email via SendGrid API:

1. SafeClaw intercepts the network.request to api.sendgrid.com.
2. The deny-sendgrid-api rule matches.
3. The HTTP request is blocked. No email is sent.
4. Audit entry:

{
  "timestamp": "2026-02-13T16:22:15Z",
  "action": "network.request",
  "destination": "https://api.sendgrid.com/v3/mail/send",
  "effect": "deny",
  "rule": "deny-sendgrid-api",
  "agent": "support-agent-01",
  "hash": "h6j3k9...chain"
}

How to Allow Email with Approval

For customer support agents that need to send pre-approved template emails:

rules:
  - id: approve-email-send
    action: email.send
    match:
      to: "*@company.com"
    effect: approval
    audit: true
    approvers:
      - role: support-manager
    timeout: 300
    message: "Internal email requires support manager approval."

- id: deny-email-external
    action: email.send
    match:
      to: "*"
    effect: deny
    audit: true
    message: "External email sending is permanently denied."

This allows internal emails with manager approval while permanently blocking external emails. The approver sees the recipient, subject, and body before approving.

Verification

npx @authensor/safeclaw simulate --action 'shell.exec' --command 'sendmail user@example.com'
Expected: deny, rule: deny-sendmail

npx @authensor/safeclaw simulate --action 'network.request' --destination 'https://api.sendgrid.com/v3/mail/send'
Expected: deny, rule: deny-sendgrid-api

Related Pages

• Prevent AI Agent Sending Emails
• How to Gate External API Calls from AI Agents
• How to Gate Outbound Network Requests from AI Agents
• Customer Support Agent Recipe