Comment by bjackman

Yeah I think for SMTP it's easy since it's perfectly scalable to do manual approval for each mail.

But not really sure how to set up safe search. One idea I had was to say "nobody would ever put a secret in the subject line, right..?". Then you could let the agent read all the headers and just have it ask permission to see the body.

That's still not entirely safe since if you can search the body you can eventually infer the presence of arbitrary strings. But I think you could probably mitigate that risk by just setting up alerts for if the agent starts spamming loads of searches?