Scoped Email Gateway · For CI Tests & AI Agents

Email access, scoped.

A scoped-token email gateway built for two prominent use cases:

  • ·Asserting that an email arrived in CI tests of authentication flows — no IMAP password in your CI secret store.
  • ·Letting AI agents send and read email — no full-access SMTP credentials handed to autonomous code.

Same REST API, same per-action token scopes. In production at obseed.me (since 2020) and linubra.com (since October 2025). See the full release history.

Hosted in Switzerland · In production · Limited beta

Join the waitlist Read the docs
use cases · one api 
# Use case 1 — assert an email arrived in a CI test (Playwright)
test('password reset email arrives', async () => {
  await app.requestReset('qa@your-app.test');
  const msgs = await squibble.list({
    to: 'qa@your-app.test',
    subject: /reset your password/i,
  });
  expect(msgs).toHaveLength(1);
});

# Use case 2 — let an AI agent send mail (LangChain / plain HTTP)
await squibble.send({
  from: 'assistant@your-app.com',
  to:   ['customer@example.com'],
  subject:        'Re: your support ticket',
  body_text:      'Update on your request...',
  idempotency_key: ticket.id,
});

RFC 9457

Problem JSON

RFC 3464

Bounce VERP

RFC 8058

List-Unsub

The Problem

Why neither tests nor agents should hold
raw IMAP/SMTP credentials.

Most teams reach for the same shortcut twice: an IMAP password pasted into a CI secret store so tests can read mail, and an SMTP service account handed to autonomous code. Both work — until something leaks, spoofs a domain, or quietly sends to a suppressed address.

These are the failure modes we kept hitting first in CI test pipelines (originally during a 2023–2024 mandate at one of Switzerland's largest retailers, asserting auth flows end-to-end) and then again in agent integrations. Same primitives fix both.

What we keep seeing

  • IMAP passwords pasted into CI secret stores so test runners can read inboxes — full account access for one assertion.
  • SMTP credentials shared with autonomous agents — no scope, no expiry, no audit trail.
  • No way to bind sender identity to a mailbox — a leaked token can impersonate anyone.
  • Mocked email tests pass while production fails — the IMAP path is never exercised end-to-end.
  • Bounces handled silently, suppressions never honored, sending reputation eroded.

Full email access shouldn't be the widest scope your test runner or agent holds.

Before you let it send (or read), decide exactly what it can.

Capabilities

Everything you need.
Nothing you don't.

Built for the narrow problem of giving test runners and autonomous code safe access to email — and nothing wider.

JWT-scoped tokens

Each agent gets a token bound to one mailbox and a precise set of actions — messages:send, messages:index, attachments:show. Grant only what the agent actually needs.

Sender binding

From, Reply-To, and envelope-sender are always rewritten to the authenticated mailbox. A stolen token cannot impersonate an arbitrary sender.

IMAP inbox access

Read and search the inbox over a clean JSON API. Selective BODYSTRUCTURE fetch keeps attachments out of your agent's context window.

Folder & tree management

Create, delete, and subscribe to hierarchical folder structures over REST. Bulk move or copy messages between folders with automatic metadata cache updates.

Bounce & suppression

VERP-authenticated bounce processing per RFC 3464. Permanent bounces and unsubscribes are suppressed automatically — no silent skips.

File attachments

Send files with any message: base64-encode the content, declare a filename and MIME type, and the API handles MIME assembly. Up to 20 files, 10 MiB each, 25 MiB total per send.

Open & click tracking

Engagement events are recorded automatically on HTML sends — opened_at and clicked_at on first occurrence only, never on subsequent.

Sent history & events

Every send is queryable. Drill into queued, delivered, bounced, opened, and clicked events per message — no log scraping, no audit gaps.

Wait for a message

Block on one request until a matching message lands — no polling loop, no sleep() in your tests. messages:await holds the connection per IMAP round-trip (no worker pinned during the wait) and returns the moment it arrives, with a clean RFC 9457 408 on timeout. Deterministic email assertions in CI.

Official MCP server

Drop Squibble into any MCP-compatible agent runtime. A hosted HTTP/SSE endpoint at api.email.squibble.ch/mcp is live — point Claude Desktop or any MCP client directly at it with your Bearer token, no local install. For air-gapped or local setups, run the published stdio container image instead. 15 tools covering send, inbox, delivery tracking, and folder management. Your scoped JWT carries zero added authority; the token is never logged or persisted.

One image. One API. One token per agent — revoked in one call.

Integration

Three steps from zero to sending.

No SDK to install. No SMTP library to wire up. Plain HTTP and a Bearer token.

01

Join the waitlist

Tell us the mailbox address you want to send from or test against, and what you are building. We onboard a small batch of teams each week.

# Scroll to the form below
# We reply within one business day.
02

We onboard your mailbox

We provision the mailbox on our infrastructure, configure DNS for you, and issue your first JWT scoped to one set of actions.

mailbox: agent@yourapp.com
scopes:  messages:send
         messages:index
03

Call the API

Your agent calls the REST API with the Bearer token. No SMTP library, no credentials, no rotation headache.

POST /api/v1/messages/send
Authorization: Bearer <token>

From waitlist to your agent's first delivered message: usually within a business day.

Security

Hardened
by default.

The defaults assume the token is already breached. Everything is scoped, encrypted, audited.

  • No full-access SMTP credentials for your agent — every token is scoped to the minimum set of actions it needs, with no access surface beyond what you explicitly grant.
  • Symmetrically encrypted SMTP credentials in Postgres (AES-128-CBC + HMAC-SHA256) — decrypted in memory only at dispatch time.
  • Strict TLS, fail-closed — per RFC 3207, a failed STARTTLS upgrade aborts before AUTH. No plaintext credential leak.
  • Idempotency-Key with a 24-hour dedup window — safe-to-retry semantics following the same pattern popular payment gateways employ.
  • Per-token send quotas and domain allowlists — lock down exactly who can send to what.
  • PII-scrubbed error_log — recipient addresses are redacted before being persisted, in line with GDPR Article 5(1)(c) data minimisation.
  • Instant token revocation by JTI per RFC 7519 — compromise a token, revoke it in one CLI call. No key rotation delay.

Every default is the safe one. Insecure operation requires an explicit decision.

Get started

Ready to scope your
email access?

Join the waitlist. We onboard a small batch of teams each week and reply within one business day.

Hosted in Switzerland · In production at obseed.me since 2020 · linubra.com since 2025