BoundedLoop turns inbound email into structured, scoped input for AI agents — disposable word-addresses, validated at the edge, with zero outbound surface. Your agent reads it back over MCP, CLI, or REST.
$1 / 100 emails · inbound-only · no servers to run
# 1 · provision a disposable address
acme-reviews-tiger-canyon-velvet@boundedloop.net
# 2 · a reviewer emails it →
SPF ✓ DKIM ✓ · validated at edge · 202 accepted
# 3 · your agent reads it, headlessly
$ bl inbox get reviews tiger-canyon-velvet $ID
Subject: Looks good — ship it
From: reviewer@acme.com ▍
FEEDS THE AGENTS & TOOLS YOU ALREADY RUN
THE LOOP
No mailboxes, no IMAP, no servers. Every address is a capability that maps to exactly one account — and dies the moment you revoke it.
Mint a word-address like acme-reviews-tiger-canyon-velvet. Memorable, unguessable, RFC-valid.
Cloudflare runs SPF/DKIM/DMARC, then a Worker checks shape, revocation, sender allowlist and size — before a byte is stored.
Pull parsed text, HTML and attachments over MCP, the CLI, or REST — scoped to a token that only ever sees your tenant.
3–5 diceware words encode an unguessable capability. Human-readable; impossible to enumerate.
No send path means no relay, no amplification, no spoofing surface. The loop is bounded.
Lock a channel to specific senders, backed by upstream DKIM/SPF so the match actually means something.
Burn an address at the edge in one write. Flooded channels auto-rotate and reissue to the owner.
Native MCP tools for agents, a tiny CLI for humans and CI, and a plain REST API for everything else.
~$1 per 100 accepted emails. Rejections are free. Zero baseline cost — it scales to nothing.
THREE WAYS IN
// agent tools, token-scoped list_messages({ project }) get_message({ id }) → { text, html, attachments }
$ bl inbox list --project reviews $ bl inbox get reviews \ tiger-canyon-velvet $ID --text
GET /v1/messages?project=reviews Authorization: Bearer bl_live_… → 200 { messages: [ … ] }
SECURITY POSTURE
Everything that touches your data — gateway, API, tokens, MCP — lives on a single domain. Marketing lives elsewhere, out of scope. Tokens are hashed at rest and scoped to one tenant by construction.
FAQ
No mailbox to poll and no server to run. You mint a disposable address; Cloudflare's edge validates and stores the message; your agent pulls structured text/HTML/attachments over MCP, CLI, or REST — scoped to a token.
Inbound-only (no relay surface), SPF/DKIM/DMARC enforced upstream, optional per-address sender allowlists, tokens hashed and tenant-scoped, and a single-domain footprint for a tight SOC 2 boundary. Addresses are unguessable capabilities you can revoke instantly.
Free for 100 inbound emails a month, then ~$1 per 100 ($0.01 each). Only accepted mail meters — rejected, spoofed, and oversized messages are free. No baseline cost.
Any MCP-capable agent (Claude and others) via the native MCP server, plus a CLI for humans and CI and a plain REST API. If it can make an HTTP request or speak MCP, it can read the loop.
It auto-rotates: the flooded address is revoked at the edge and a fresh one is issued to the owner. Allowlisted channels reject unauthorized senders before they ever cost you anything.
Provision your first address in under a minute. Free up to 100 emails a month.