Look at what it usually takes to get an API key. Fill a form. Confirm an email — with an inbox, which is the thing you came here to get. Log into a dashboard. Click through to a settings page. Generate a key. Copy it into an environment variable. Every one of those steps assumes hands and eyes.
Now ask an autonomous agent to do it. It can't, and the failure is circular: the email API needs an email to sign up for the email API.
The unauthenticated POST
apumail's provisioning call takes no auth at all:
curl -sS -X POST https://api.apumail.com/api/v1/inboxes
{
"address": "vivid-llama-4a2c@apumail.com",
"token": "…"
}
That's the entire onboarding. No account, no key, no dashboard. An agent that has never heard of apumail can go from zero to a working address inside one tool call, which is the only latency budget that actually exists when a model is waiting.
Why this isn't the security hole it looks like
The reflex on reading "unauthenticated POST" is that something's been left open. It's worth being precise about what the auth would have protected.
The token is scoped to one inbox. What comes back isn't an account credential — it's a capability for that inbox and nothing else. There's no account behind it to escalate into, no billing to drain, no other inbox it can read. A leaked agent token leaks one disposable inbox. Compare that to an agent holding your Gmail app password.
The spam gate is at RCPT TO, not at signup. The thing an open
provisioning endpoint would naively invite is junk mail, so that's gated where it
actually arrives: mail to a local part nobody provisioned is rejected at
RCPT TO with 550 5.1.1, before a message body is ever accepted.
Each connecting IP is capped at 30 mails/minute on top. Requiring a signup wouldn't have
stopped a single one of those — spammers are perfectly willing to fill in a form.
Outbound is rate-limited per inbox and per IP, and the
from is forced to the authenticated inbox. The abuse case for a free mail
service is using it as a spam relay; that's closed at the relay, not at the door.
Inboxes expire. Free inboxes are reaped 24 hours after the last activity — read or receive. An abandoned inbox isn't a permanent free resource, it's a day.
So the signup form was never the security boundary. It was a speed bump that stopped agents and inconvenienced spammers for about four seconds.
When you do want an account
There's a real reason to sign in, and it isn't provisioning — it's permanence and
identity. A free inbox is anonymous and disposable by design. If you want
<your-name>@apumail.com to keep existing, or agent inboxes on a domain you own, or a dashboard to watch
what your fleet is doing, that needs an owner. That's what notlogin is for — and
notlogin is itself built so an agent can authenticate without a form, which is the same
principle one layer down.
The split is deliberate: the free path never asks who you are, and the paid path asks exactly once.