Sovereign email infrastructure · ISP v1.0

Email for every domain you run.
Signed, sealed, screened.

Run real email on any domain you own. Get a full mailbox app plus a clean sending API, encrypted storage, passkey sign-in, and fraud screening on every message. You can also give your own users addresses on your domain.

ML-DSA-65 signed ML-KEM-768 sealed Passkey login Fraud-screened
What it is

One email layer for every domain you run

ISET.email handles sending, receiving, mailboxes, and compliance for your domains, so you don't have to wire up several vendors. Developers get a clean API. Your people get real addresses. Every message carries a signature anyone can verify.

✉️

Send

A clean transactional API your developers drop in. DKIM-signed, with a verifiable signature on every message.

📥

Receive

Real addresses on any domain — compliance@yourbrand.com — delivered to sealed mailboxes.

🛡️

Protect

Passkey login, account safeguards, and a fraud engine that screens phishing, spoofing and scams.

The app

A full mailbox, not just an API

Sign in and you get a complete mail app in the browser — and one you can install on your phone or desktop. Everything below is live today.

📨

Inbox that works

Threads, search, stars, folders, drafts, signatures, schedule-send, snooze, undo-send, filters, aliases, and an out-of-office reply.

🤖

Built-in assistant

Ask questions, summarize a message, draft a reply, or write a new email from a one-line prompt. It runs on our own model — no third party reads your mail.

🗓️

Calendar, tasks, notes

A calendar with sounding reminders, a task list, tabbed notes, and contacts — all in one place, synced across your devices.

📥

Bring your old mail

Import from Gmail, Outlook, or any IMAP account in a few clicks. Add two-step verification and turn on end-to-end encryption when you want it.

For developers & platforms

Give your users their own email — on your domain

Run an app, a community, a newsletter, or a SaaS? Give every user or subscriber a real name@yourdomain.com mailbox. You stay the brand; we run the email underneath. It's the same engine we use for our own apps, available to you by API.

🌐

1 · Enroll your domain

One click: we mint your API key, generate your DKIM keys, and hand you the exact DNS records (MX · SPF · DKIM · DMARC). Verify and you’re live.

📮

2 · Provision mailboxes

One API call creates user@yourdomain.com for each of your members — sealed, per-user, non-custodial. You can create; you can never read their mail.

🪪

3 · Drop-in inbox

Embed a white-label mailbox your users reach with one-tap SSO — no second login, no “powered by” — plus search-and-message and encrypted calling between your members.

Already powering live products that issue email to their own members. Bring your domain and do the same in minutes.

Connect an AI agent · Model Context Protocol

Connect Claude or any AI agent to your email

ISET.email is a live MCP server. Generate one key and an MCP-capable agent can read, search, draft, and send across every mailbox you own, on iset.email or a reseller domain like fidnt.com. Mail you've end-to-end encrypted stays unreadable to it. One connector covers all your addresses, and you can revoke it any time.

🔌

1 · Generate a key

In Settings → Connect AI agents, create a scoped key (read-only or full). It covers every address you own, across providers.

🤖

2 · Plug into Claude

Paste the endpoint + key into Claude Desktop or any agent. Tools: list · search · read · ask-inbox · draft · send.

🛡️

3 · You stay in control

Scoped to you and revocable any time. Encrypted mail is never exposed. Nothing leaves your stack.

Endpoint
https://iset.email/mcp   ·   Authorization: Bearer <your key>
Claude Desktop — claude_desktop_config.json
{
  "mcpServers": {
    "iset-email": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://iset.email/mcp", "--header", "Authorization: Bearer YOUR_KEY"]
    }
  }
}
Capabilities

Four pillars, one platform

Each address on each domain inherits the full stack automatically.

Transactional API

A familiar, drop-in send endpoint, domain onboarding with SPF·DKIM·DMARC, webhooks, and a TypeScript SDK.

Sovereign mailbox

Mailboxes sealed at rest with post-quantum encryption. The server stores ciphertext, not your mail.

Compliance login

Phishing-resistant passkeys, purpose-bound consent, kill-switch & money-lock, court-admissible audit.

Fraud detection

Every message screened for phishing, spoofing, scams and anomalies — blocked on send, quarantined on receipt.

How it works

From domain to live email in four steps

Connect a domain

Add your domain and publish the DNS records we generate — shown as ready-to-paste fields.

Provision addresses

Mint any address — role@yourdomain.com — no per-address setup.

Send & receive

Call POST /v1/emails to send; inbound mail lands sealed in the mailbox.

Every message is proven

Signed with a post-quantum signature and screened for fraud — verifiable by anyone.

// one SDK, every domain
import { ISETEmail } from '@iset/email';
const email = new ISETEmail({ apiKey });

await email.send({
  from: 'compliance@fiduciary.technology',
  to:   'user@example.com',
  subject: 'Your signed receipt',
  html: '<p>Post-quantum signed · screened</p>',
});

// screen anything — even mail from
// another platform you connect
await email.scan({ from, subject, html });
Delivery, honestly

Choose how mail reaches the inbox

The sovereign layer is the same; you choose the delivery backend that fits where you are today.

ModeSends to anyoneInboundLive todayBest for
Cloudflare routing + Send-asverified / your inbox✓ forwardDomains with working email, free
Provider relay✓ any recipient✓ sealedTransactional API, real deliverability
Own sovereign MTA✓ any recipient✓ sealedafter IP warm-upFull sovereignty
Security

Real cryptography, from day one

ML-DSA-65 · FIPS 204

A post-quantum signature on every message and every state change — verifiable independently of us.

ML-KEM-768 · FIPS 203

Mailboxes sealed to the holder's key. Offline-first option means the server keeps no secret at all.

Court-admissible audit

Hash-chained, re-verified on read — evidence an action was consented and logged.

Fiduciary Access Certificate
Fromcompliance@fiduciary.technology
SignatureML-DSA-65:Z1QyWIEb…
Fraud scanclean · risk 0
Sealed at restML-KEM-768 + AES-256-GCM
🔒 Verified · post-quantum signed · court-admissible
Get started

Put email on every domain you own

Connect a domain, provision your first address, and send a signed message in minutes.