Hey HN, I built KeyID because I kept hitting the same wall: every AI agent that needs to sign up for a website needs a real email address, and there's no good free way to get one programmatically.
The problem: Agents need email for signups, verification codes, 2FA, and communication. You can use Gmail (manual setup, doesn't scale), disposable email APIs (get blocked), or paid services like AgentMail ($per mailbox).
What KeyID does: One API call → real email address. The agent generates an Ed25519 keypair, calls provision(), and gets an address on a shared domain pool. No API keys, no human in the loop.
From there agents can:
Send/receive email
Auto-extract verification codes from incoming messages
Follow verification links server-side
Track multi-step signup flows with browser state persistence
Get phone numbers for SMS verification
Generate TOTP 2FA codes
How it stays free: Shared rotating domain pool. We manage DKIM/SPF/DMARC, warm-up, and reputation. When a domain degrades, it rotates out. No per-mailbox cost.
MCP server (47 tools) — works with Claude, Cursor, Windsurf out of the box:
{"mcpServers":{"keyid":{"url":"https://keyid.ai/mcp"}}}
Also has JS (@keyid/sdk) and Python (keyid) SDKs for direct integration.
Happy to answer questions about the architecture, the domain rotation model, or anything else.
paveltrofimchuk•1h ago
How do you prevent abuse? What stops someone from spinning up 1,000 accounts to send spam?
vasilyt•1h ago
Good question. A few layers: (1) Agents authenticate via Ed25519 challenge-response, so every account is tied to a keypair — no anonymous throwaway accounts. (2) We track per-agent reputation based on send patterns, bounce rates, and complaint signals. Agents that degrade domain reputation get throttled or suspended automatically. (3) The shared domain pool is the key incentive — if an agent spams, it hurts their own deliverability because the domain rotates out. The pool is a shared resource, so agents that abuse it lose access. It's a similar model to how shared IP pools work in transactional email services.
myroslava-t•1h ago
What happens when you hit the 1,000 account limit? What's the pricing model after that?
vasilyt•1h ago
We're still figuring out the exact tiers above 1,000. The shared pool model keeps our marginal cost per account very low (domains cost ~$10/year and serve hundreds of agents), so we can afford to be generous. The likely path is a paid tier for higher volumes with dedicated domains and priority deliverability. But honestly, 1,000 accounts covers most use cases we've seen — even teams running agent fleets rarely need more than a few hundred active at once. If you're hitting the limit, reach out and we'll work something out.
vasilyt•1h ago
The problem: Agents need email for signups, verification codes, 2FA, and communication. You can use Gmail (manual setup, doesn't scale), disposable email APIs (get blocked), or paid services like AgentMail ($per mailbox).
What KeyID does: One API call → real email address. The agent generates an Ed25519 keypair, calls provision(), and gets an address on a shared domain pool. No API keys, no human in the loop.
From there agents can:
Send/receive email Auto-extract verification codes from incoming messages Follow verification links server-side Track multi-step signup flows with browser state persistence Get phone numbers for SMS verification Generate TOTP 2FA codes How it stays free: Shared rotating domain pool. We manage DKIM/SPF/DMARC, warm-up, and reputation. When a domain degrades, it rotates out. No per-mailbox cost.
MCP server (47 tools) — works with Claude, Cursor, Windsurf out of the box:
{"mcpServers":{"keyid":{"url":"https://keyid.ai/mcp"}}} Also has JS (@keyid/sdk) and Python (keyid) SDKs for direct integration.
Free for 1,000 accounts. Open source: https://github.com/KeyID-AI/KeyID
Happy to answer questions about the architecture, the domain rotation model, or anything else.