MailKite
Get started
Solution

Inbound email → a signed JSON webhook.

Point a domain (or a single address) at MailKite and every incoming email arrives at your endpoint as one parsed JSON object — text, HTML, threading, auth results, and signed attachment URLs — with an HMAC signature you verify locally.

Why it fits

What you get

One JSON object

Parsed text, HTML, headers, and signed attachment URLs in a single payload — no multipart/form-data to reassemble, no MIME parser to maintain.

Threading + auth included

Every event carries a threadId (In-Reply-To/References) and SPF/DKIM/DMARC/spam results, so replies thread and you can trust the sender without extra lookups.

Signed and retried

Each webhook is HMAC-SHA256 signed for local verification, retries with backoff on failure, and is replayable in one click.

Unlimited domains, free

Receive across every product and client domain on one account at no per-domain cost — combined inbound + outbound share one quota.

How it works

Three steps to live

  1. 1

    Point your MX

    Add the MailKite MX records to your domain — or start instantly on a managed subdomain while DNS propagates.

  2. 2

    Set your webhook URL

    Point an address, a whole domain, or a catch-all at your endpoint in the dashboard. No route DSL to learn.

  3. 3

    Verify and ship

    Check the x-mailkite-signature header with the SDK's verifyWebhook helper and read the parsed fields — you're live.

Show me

what hits your webhook

One JSON object with parsed body, threading, auth results, and signed attachment URLs — instead of prising fields out of a multipart form.

json
POST /your-webhook   Content-Type: application/json
x-mailkite-signature: t=…,v1=…   (HMAC-SHA256 — verify locally)

{
  "id": "msg_2Hk9…",
  "type": "email.received",
  "from": { "address": "ada@example.com" },
  "to": [{ "address": "support@myapp.ai" }],
  "subject": "Re: invoice #1042",
  "text": "Looks good — approved!",
  "html": "<p>Looks good — approved!</p>",
  "threadId": "<a1b2c3@mail.example.com>",
  "auth": { "spf": "pass", "dkim": "pass", "dmarc": "pass", "spam": "ham" },
  "attachments": [
    { "filename": "po.pdf", "contentType": "application/pdf",
      "size": 18213, "url": "https://api.mailkite.dev/att/2Hk9…/0?sig=…" }
  ]
}
In the box

What's included

Questions

What format is the webhook?

A single JSON object with the parsed body (text and HTML), headers, threadId, auth results, and signed attachment URLs — not multipart/form-data. You read typed fields directly.

How do I verify a webhook is really from MailKite?

Each request carries an x-mailkite-signature header (HMAC-SHA256 over the body). Verify it locally with your signing secret — the SDKs ship a verifyWebhook helper. No callback needed.

What happens to attachments?

They arrive as signed URLs you fetch on demand, so your webhook payload stays small. Zero-retention domains can inline them instead.

Keep reading

Ready to build?

Start free on unlimited domains — no credit card. Or browse the other solutions.