Security

Airbox separates what you intend from the email content you route. Your instructions are isolated on a small trusted surface; everything else — quoted threads, forwarded bodies, HTML, and attachments — is sandboxed as untrusted data the model is never allowed to obey. This blocks prompt-injection and “ignore previous instructions” attacks buried in mail you did not author.

• Sender allowlist: an address only acts on mail from approved senders (by default, just you)
• SPF/DKIM gating: messages failing authentication checks are rejected as likely spoofing
• Message-ID de-duplication: replays of the same message are ignored
• Unguessable addresses: each inbox has a unique, unguessable address you can rotate at any time

• Provider API keys and MCP tokens are encrypted at rest, decrypted only at the moment of use
• Your Airbox SDK API key is stored only as a SHA-256 hash and shown to you exactly once
• Passwords (optional) are hashed with a strong key-derivation function
• All traffic is served over TLS
• We do not log raw provider keys, API keys, or message secrets

Each address can be limited to specific routing targets and tools, so a given inbox can only do what you intend. MCP tool calls run only to carry out your trusted instruction — never because untrusted content asked for them.

Message content is automatically purged after your plan’s retention window, and you can delete messages or your entire account on demand. See our Privacy Policy.

We welcome good-faith security research. Report issues to security@airbox.fyi and give us a reasonable window to remediate before public disclosure. We will acknowledge receipt promptly and work with you to understand and resolve validated findings.