Comment by mike-cardwell
3 days ago
I received this email the other day:
From: Kushal <kushal@kushalsm.com>
Date: Mon, 18 May 2026 05:03:11 +0000
Saw your question on the Agent Vault thread about websocket-frame auth
(Home Assistant) and the worry about the model reflecting the bearer
token back into its own context.
chrome-relay's answer is structurally different: the credential never
enters the agent's context because the agent never touches it — the HA
session lives in your real Chrome (cookies, WS handshake and all), and
the agent drives the tab over CDP, only ever seeing the rendered page.
URL: https://chrome-relay.kushalsm.com/
For your HA + agent setup today, are you keeping the session alive in a
browser the agent attaches to, or doing the WS auth on the agent side
and managing the token-in-context risk yourself?
Kushal
Read to me like an LLM had written it. It references something I said in a HN comment, but it was clearly just an excuse to spamvertise their product.
I looked at the headers and it contained a List-Unsubscribe header pointing to https://api.agentmail.to
So basically somebody wrote a bot to scrape HN for comments related to some software they wanted to push and send targetted spam. agentmail.to is a Ycombinator funded email service for LLMs which can be, and is, used to send targetted spam and impersonate people. They could mostly solve this problem by adding a block of text to every email expaining an "AI" wrote it. They'd lose customers doing that though of course. I reported this abuse but haven't (and don't expect to) received a response.
I don't even get the point anyway. You can get Claude using an SMTP or IMAP server in seconds.
You might want to check if your local laws protect against unsolicited emails. In Germany we have §7 UWG which would make that email likely illegal. The List-Unsubscribe header makes it clear it is marketing, automated outreach and not personal. In the UK there is this: https://ico.org.uk/for-organisations/direct-marketing-and-pr...
See my comment in this thread - I got an email from "someone" (an AI clearly) that signed up for my service (togetherletters.com) from the same domain (agentmail.to) after we had launched on ProductHunt. I looked up the address and that email was never used for a signup and it was just a way to then pitch their product (second email, not the first one it sent). I hate this so much and this is going to now make email just as bad as parts of the web.
I agree with what you’re saying, but I think that email was one of the first parts the web to become terrible. This happened a long time ago, we’re just used to it.
I will say in my case, the user was too lazy to mask the from address and agentmail.to was right there. Didn't even have to dig into the headers.
This was likely a free tier user. We do this intentionally and don't allow free users to send from custom domains, so you can have a easier time identifying LLM emails. In this case, it seemed like it worked :)
2 replies →
I got one from IssuePay, which seemed 100% automated. Didn't seem like something that should be automated either.
Appreciate the concern Mike, and I actually read your email complaining, which helped us ship this next feature. We have a "sent via AgentMail" footer being added soon to outbound emails to identify emails coming from LLM's.
We also are working on adding more robust checks and LLM-based filtering to prevent messages which contain spam or outbound-like copy.
Re; AgentMail next to Claude, we're working on stateful inboxes which help agents actually recall and understand what they're sending and to who. The goal is to provide the rails for intelligent actors rather than slop.
So, a footer to make sure they've already engaged with the content in good faith before seeing the spam warning, and which doesn't actually explain that the content is AI generated?
Just go post on black hat forums. Plenty of people want this, it's a spam service. You don't need to be here.
Re "sent via AgentMail" - that's good to hear, but I hope it's not the entire planned text, as "AgentMail" will mean nothing to most people that receive an email from your service. It wont indicate that the email was composed by an AI rather than a person, which is the information that needs to get across.
What if a people send email via te agent and using agent mail? writing by the agent but aproval by human.
1 reply →
yep we're going to have a footer linked to our website, which should allow people to see that we are an email service for agents. thanks!
6 replies →
This response is a failure to understand the issue.
It's very hard to get someone to understand something if their salary depends on them not understanding it.
1 reply →
"sent via AgentMail" - removable by a higher plan later on
What is the point of automating the signup process?
It's less work to signup a second email address for agent use than to signup with you, then signup a second email address.
After all, it's not like each agent needs their own email.
Make sure it adds a header too