diff --git a/apps/web/src/components/AccountView.svelte b/apps/web/src/components/AccountView.svelte
index e6eb69d..42df7f2 100644
--- a/apps/web/src/components/AccountView.svelte
+++ b/apps/web/src/components/AccountView.svelte
@@ -90,6 +90,59 @@
     }
   }
 
+  type ShareEntry = { user_id: string; email?: string };
+  let shareExpanded = $state("");
+  let shares = $state<ShareEntry[]>([]);
+  let shareEmail = $state("");
+  let shareError = $state("");
+  let sharing = $state(false);
+
+  async function openShares(addr: string) {
+    if (shareExpanded === addr) {
+      shareExpanded = "";
+      shares = [];
+      return;
+    }
+    shareExpanded = addr;
+    shareEmail = "";
+    shareError = "";
+    if (!user.apiKey) return;
+    try {
+      const res = await api.listInboxShares(addr, user.apiKey);
+      shares = res.shares || [];
+    } catch {
+      shares = [];
+    }
+  }
+
+  async function addShare() {
+    if (!user.apiKey || !shareExpanded || !shareEmail.trim()) return;
+    shareError = "";
+    sharing = true;
+    try {
+      const entry = await api.addInboxShare(shareExpanded, shareEmail.trim(), user.apiKey);
+      if (!shares.find((s) => s.user_id === entry.user_id)) {
+        shares = [...shares, entry];
+      }
+      shareEmail = "";
+    } catch (e: any) {
+      const msg = e?.message || "";
+      if (msg.includes("404")) shareError = t("shareUserNotFound");
+      else if (msg.includes("400")) shareError = t("shareSelf");
+      else shareError = t("genericError");
+    } finally {
+      sharing = false;
+    }
+  }
+
+  async function removeShare(uid: string) {
+    if (!user.apiKey || !shareExpanded) return;
+    try {
+      await api.removeInboxShare(shareExpanded, uid, user.apiKey);
+      shares = shares.filter((s) => s.user_id !== uid);
+    } catch { /* silent */ }
+  }
+
   async function loadPlanData() {
     if (!user.info?.user_id) return;
     try {
@@ -506,14 +559,65 @@
               </h3>
               <div class="space-y-2">
                 {#each activeInboxes as addr}
-                  <a
-                    href="/inbox/{addr}"
-                    class="flex items-center gap-2 p-2 bg-slab/40 border border-ghost/10 rounded-sm
-                      hover:border-neon/30 hover:bg-slab/60 transition-all duration-200"
-                  >
-                    <div class="w-1.5 h-1.5 rounded-full bg-neon"></div>
-                    <span class="text-xs font-mono text-white truncate">{addr}</span>
-                  </a>
+                  <div class="bg-slab/40 border border-ghost/10 rounded-sm hover:border-neon/30 transition-colors">
+                    <div class="flex items-center gap-2 p-2">
+                      <a
+                        href="/inbox/{addr}"
+                        class="flex items-center gap-2 flex-1 min-w-0"
+                      >
+                        <div class="w-1.5 h-1.5 rounded-full bg-neon flex-shrink-0"></div>
+                        <span class="text-xs font-mono text-white truncate">{addr}</span>
+                      </a>
+                      <button
+                        onclick={() => openShares(addr)}
+                        class="text-[10px] font-mono text-muted hover:text-neon transition-colors px-2 py-1"
+                      >
+                        {t("shareInbox")}
+                      </button>
+                    </div>
+
+                    {#if shareExpanded === addr}
+                      <div class="border-t border-ghost/15 p-3 space-y-2">
+                        <p class="text-[10px] font-mono text-muted">{t("shareInboxDescription")}</p>
+                        <div class="flex gap-2">
+                          <input
+                            type="email"
+                            bind:value={shareEmail}
+                            placeholder={t("shareEmailPlaceholder")}
+                            class="flex-1 bg-slab/50 border border-ghost/20 text-white text-[11px] font-mono px-2 py-1.5 rounded-sm
+                              focus:border-neon/40 focus:outline-none placeholder:text-ghost/40"
+                          />
+                          <button
+                            onclick={addShare}
+                            disabled={sharing || !shareEmail.trim()}
+                            class="px-2 py-1.5 text-[10px] font-mono border border-neon/40 text-neon
+                              hover:bg-neon/10 transition-all disabled:opacity-40"
+                          >
+                            {t("shareAdd")}
+                          </button>
+                        </div>
+                        {#if shareError}
+                          <div class="text-ember text-[11px] font-mono">{shareError}</div>
+                        {/if}
+                        {#if shares.length > 0}
+                          <div class="space-y-1">
+                            <div class="text-[10px] font-mono tracking-widest text-muted">{t("sharedWith")}</div>
+                            {#each shares as s}
+                              <div class="flex items-center justify-between gap-2 text-[11px] font-mono">
+                                <span class="text-white/80 truncate">{s.email || s.user_id}</span>
+                                <button
+                                  onclick={() => removeShare(s.user_id)}
+                                  class="text-ember/70 hover:text-ember text-[10px]"
+                                >
+                                  {t("shareRemove")}
+                                </button>
+                              </div>
+                            {/each}
+                          </div>
+                        {/if}
+                      </div>
+                    {/if}
+                  </div>
                 {/each}
               </div>
             </div>
diff --git a/apps/web/src/components/AdminView.svelte b/apps/web/src/components/AdminView.svelte
index c8d17fc..3bd1bcd 100644
--- a/apps/web/src/components/AdminView.svelte
+++ b/apps/web/src/components/AdminView.svelte
@@ -23,6 +23,152 @@
   let selectedMessage = $state<MessageDetailType | null>(null);
   let loading = $state(true);
   let pollInterval: ReturnType<typeof setInterval> | undefined;
+  let searchQuery = $state("");
+
+  type StatsSnapshot = {
+    users: number;
+    premium_users: number;
+    active_inboxes: number;
+    messages_24h: number;
+    messages_7d: number;
+    generated_at: number;
+  };
+  let stats = $state<StatsSnapshot | null>(null);
+  let statsLoading = $state(false);
+
+  type AdminUser = {
+    user_id: string;
+    email?: string;
+    tier: string;
+    role?: string;
+    no_ads: boolean;
+    has_webhook: boolean;
+    created_at: number;
+  };
+  let activeView = $state<"inboxes" | "users">("inboxes");
+  let users = $state<AdminUser[]>([]);
+  let usersLoading = $state(false);
+  let userSearch = $state("");
+  let filteredUsers = $derived.by(() => {
+    const q = userSearch.trim().toLowerCase();
+    if (!q) return users;
+    return users.filter((u) =>
+      (u.user_id || "").toLowerCase().includes(q) ||
+      (u.email || "").toLowerCase().includes(q) ||
+      (u.tier || "").toLowerCase().includes(q) ||
+      (u.role || "").toLowerCase().includes(q)
+    );
+  });
+
+  async function loadStats() {
+    if (!user.apiKey) return;
+    statsLoading = true;
+    try {
+      const res = await fetch(`${import.meta.env.PUBLIC_API_URL || ""}/admin/stats`, {
+        headers: { Authorization: `Bearer ${user.apiKey}` },
+      });
+      if (res.ok) stats = await res.json();
+    } catch { /* silent */ }
+    finally { statsLoading = false; }
+  }
+
+  async function loadUsers() {
+    if (!user.apiKey) return;
+    usersLoading = true;
+    try {
+      const res = await fetch(`${import.meta.env.PUBLIC_API_URL || ""}/admin/users`, {
+        headers: { Authorization: `Bearer ${user.apiKey}` },
+      });
+      if (res.ok) {
+        const data = await res.json();
+        users = data.users || [];
+      }
+    } catch { /* silent */ }
+    finally { usersLoading = false; }
+  }
+
+  function showUsersTab() {
+    activeView = "users";
+    if (users.length === 0) loadUsers();
+  }
+
+  type AdminTemplate = {
+    id: string;
+    name: string;
+    subject: string;
+    body: string;
+    created_at: number;
+  };
+  let templates = $state<AdminTemplate[]>([]);
+  let templateSelected = $state("");
+  let savingTemplate = $state(false);
+  let savingTemplateName = $state("");
+
+  async function loadTemplates() {
+    if (!user.apiKey) return;
+    try {
+      const res = await fetch(`${import.meta.env.PUBLIC_API_URL || ""}/admin/templates`, {
+        headers: { Authorization: `Bearer ${user.apiKey}` },
+      });
+      if (res.ok) {
+        const data = await res.json();
+        templates = data.templates || [];
+      }
+    } catch { /* silent */ }
+  }
+
+  function applyTemplate(id: string) {
+    if (!id) return;
+    const t = templates.find((x) => x.id === id);
+    if (!t) return;
+    composeSubject = t.subject;
+    composeBody = t.body;
+    templateSelected = "";
+  }
+
+  async function saveAsTemplate() {
+    if (!user.apiKey || !savingTemplateName.trim() || !composeBody.trim()) return;
+    savingTemplate = true;
+    try {
+      const res = await fetch(`${import.meta.env.PUBLIC_API_URL || ""}/admin/templates`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json", Authorization: `Bearer ${user.apiKey}` },
+        body: JSON.stringify({
+          name: savingTemplateName.trim(),
+          subject: composeSubject,
+          body: composeBody,
+        }),
+      });
+      if (res.ok) {
+        savingTemplateName = "";
+        await loadTemplates();
+      }
+    } finally {
+      savingTemplate = false;
+    }
+  }
+
+  async function deleteTemplate(id: string) {
+    if (!user.apiKey) return;
+    if (!confirm("Delete this template?")) return;
+    try {
+      await fetch(`${import.meta.env.PUBLIC_API_URL || ""}/admin/templates/${id}`, {
+        method: "DELETE",
+        headers: { Authorization: `Bearer ${user.apiKey}` },
+      });
+      templates = templates.filter((t) => t.id !== id);
+    } catch { /* silent */ }
+  }
+
+  let filteredMessages = $derived.by(() => {
+    const q = searchQuery.trim().toLowerCase();
+    if (!q) return messages;
+    return messages.filter((m) =>
+      (m.from || "").toLowerCase().includes(q) ||
+      (m.subject || "").toLowerCase().includes(q) ||
+      (m.preview || "").toLowerCase().includes(q)
+    );
+  });
 
   // Compose state
   let showCompose = $state(false);
@@ -145,6 +291,8 @@
 
     await initAdminInboxes();
     await loadMessages();
+    loadStats();
+    loadTemplates();
     loading = false;
 
     pollInterval = setInterval(loadMessages, 10000);
@@ -170,6 +318,104 @@
       <div class="w-8 h-8 border-2 border-ghost border-t-neon rounded-full animate-spin"></div>
     </div>
   {:else}
+    <!-- Stats strip -->
+    <div class="px-6 py-3 border-b border-ghost/15 grid grid-cols-2 md:grid-cols-5 gap-4 text-[11px] font-mono">
+      <div>
+        <div class="text-muted tracking-widest">USERS</div>
+        <div class="text-white text-lg font-display">{stats?.users ?? "—"}</div>
+      </div>
+      <div>
+        <div class="text-muted tracking-widest">PREMIUM</div>
+        <div class="text-neon text-lg font-display">{stats?.premium_users ?? "—"}</div>
+      </div>
+      <div>
+        <div class="text-muted tracking-widest">ACTIVE INBOXES</div>
+        <div class="text-white text-lg font-display">{stats?.active_inboxes ?? "—"}</div>
+      </div>
+      <div>
+        <div class="text-muted tracking-widest">MSG / 24h</div>
+        <div class="text-white text-lg font-display">{stats?.messages_24h ?? "—"}</div>
+      </div>
+      <div>
+        <div class="text-muted tracking-widest">MSG / 7d</div>
+        <div class="text-white text-lg font-display">{stats?.messages_7d ?? "—"}</div>
+      </div>
+    </div>
+
+    <!-- Tab switcher -->
+    <div class="px-6 border-b border-ghost/15 flex gap-1 text-[11px] font-mono tracking-widest">
+      <button
+        onclick={() => (activeView = "inboxes")}
+        class="px-3 py-2 transition-colors
+          {activeView === 'inboxes' ? 'text-neon border-b border-neon' : 'text-muted hover:text-white'}"
+      >
+        INBOXES
+      </button>
+      <button
+        onclick={showUsersTab}
+        class="px-3 py-2 transition-colors
+          {activeView === 'users' ? 'text-neon border-b border-neon' : 'text-muted hover:text-white'}"
+      >
+        USERS
+      </button>
+    </div>
+
+    {#if activeView === "users"}
+      <main class="flex-1 p-4 overflow-y-auto">
+        <div class="flex items-center justify-between gap-3 mb-4">
+          <h2 class="text-white text-sm font-display tracking-wider">All users</h2>
+          <input
+            type="search"
+            bind:value={userSearch}
+            placeholder="search id / email / tier"
+            class="w-72 bg-slab/50 border border-ghost/20 text-white text-[11px] font-mono px-3 py-1.5 rounded-sm
+              focus:border-neon/40 focus:outline-none placeholder:text-ghost/40"
+          />
+        </div>
+
+        {#if usersLoading}
+          <div class="text-ghost text-xs font-mono">Loading...</div>
+        {:else if filteredUsers.length === 0}
+          <div class="text-ghost text-xs font-mono">No users.</div>
+        {:else}
+          <div class="overflow-x-auto">
+            <table class="w-full text-[11px] font-mono">
+              <thead>
+                <tr class="text-left text-muted tracking-widest border-b border-ghost/15">
+                  <th class="py-2 pr-4">USER</th>
+                  <th class="py-2 pr-4">EMAIL</th>
+                  <th class="py-2 pr-4">TIER</th>
+                  <th class="py-2 pr-4">ROLE</th>
+                  <th class="py-2 pr-4">WEBHOOK</th>
+                  <th class="py-2 pr-4">CREATED</th>
+                </tr>
+              </thead>
+              <tbody>
+                {#each filteredUsers as u}
+                  <tr class="border-b border-ghost/10 hover:bg-slab/40">
+                    <td class="py-2 pr-4 text-white truncate max-w-[180px]">{u.user_id}</td>
+                    <td class="py-2 pr-4 text-white/80 truncate max-w-[200px]">{u.email || "—"}</td>
+                    <td class="py-2 pr-4">
+                      <span class={u.tier === "premium" ? "text-neon" : "text-muted"}>{u.tier}</span>
+                    </td>
+                    <td class="py-2 pr-4">
+                      <span class={u.role === "admin" ? "text-ember" : "text-muted"}>{u.role || "user"}</span>
+                    </td>
+                    <td class="py-2 pr-4">
+                      <span class={u.has_webhook ? "text-pulse" : "text-ghost"}>{u.has_webhook ? "yes" : "—"}</span>
+                    </td>
+                    <td class="py-2 pr-4 text-muted">
+                      {new Date(u.created_at * 1000).toLocaleDateString(getLocale())}
+                    </td>
+                  </tr>
+                {/each}
+              </tbody>
+            </table>
+          </div>
+        {/if}
+      </main>
+    {:else}
+
     <div class="flex-1 flex">
       <!-- Sidebar -->
       <aside class="w-64 border-r border-ghost/15 p-4">
@@ -231,6 +477,21 @@
                   <span class="text-ghost text-[10px] font-mono w-16">SUBJECT</span>
                   <input bind:value={composeSubject} placeholder="Subject" class="flex-1 bg-slab/50 border border-ghost/20 text-white text-xs font-mono px-3 py-2 rounded-sm focus:border-neon/40 focus:outline-none placeholder:text-ghost/40" />
                 </div>
+                {#if templates.length > 0}
+                  <div class="flex items-center gap-2">
+                    <span class="text-ghost text-[10px] font-mono w-16">TEMPLATE</span>
+                    <select
+                      bind:value={templateSelected}
+                      onchange={() => applyTemplate(templateSelected)}
+                      class="flex-1 bg-slab/50 border border-ghost/20 text-white text-xs font-mono px-3 py-2 rounded-sm focus:border-neon/40 focus:outline-none"
+                    >
+                      <option value="">Insert template...</option>
+                      {#each templates as t}
+                        <option value={t.id}>{t.name}</option>
+                      {/each}
+                    </select>
+                  </div>
+                {/if}
                 <textarea
                   bind:value={composeBody}
                   placeholder="Message body..."
@@ -240,13 +501,46 @@
                 {#if composeError}
                   <div class="text-ember text-xs font-mono">{composeError}</div>
                 {/if}
-                <button
-                  onclick={sendEmail}
-                  disabled={composeSending || !composeTo || !composeSubject}
-                  class="px-4 py-2 text-xs font-mono tracking-wider border border-neon/40 text-neon hover:bg-neon/10 transition-all disabled:opacity-40"
-                >
-                  {composeSending ? "SENDING..." : "SEND"}
-                </button>
+                <div class="flex flex-wrap items-center gap-2">
+                  <button
+                    onclick={sendEmail}
+                    disabled={composeSending || !composeTo || !composeSubject}
+                    class="px-4 py-2 text-xs font-mono tracking-wider border border-neon/40 text-neon hover:bg-neon/10 transition-all disabled:opacity-40"
+                  >
+                    {composeSending ? "SENDING..." : "SEND"}
+                  </button>
+                  <input
+                    type="text"
+                    bind:value={savingTemplateName}
+                    placeholder="Template name"
+                    class="bg-slab/50 border border-ghost/20 text-white text-xs font-mono px-3 py-2 rounded-sm focus:border-neon/40 focus:outline-none placeholder:text-ghost/40"
+                  />
+                  <button
+                    onclick={saveAsTemplate}
+                    disabled={savingTemplate || !savingTemplateName.trim() || !composeBody.trim()}
+                    class="px-3 py-2 text-[10px] font-mono tracking-wider border border-ghost/30 text-muted hover:border-neon/40 hover:text-neon transition-all disabled:opacity-40"
+                  >
+                    SAVE TEMPLATE
+                  </button>
+                </div>
+                {#if templates.length > 0}
+                  <div class="border-t border-ghost/15 pt-3 mt-3">
+                    <div class="text-[10px] font-mono tracking-widest text-muted mb-2">SAVED TEMPLATES</div>
+                    <div class="space-y-1">
+                      {#each templates as t}
+                        <div class="flex items-center justify-between gap-2 text-[11px] font-mono">
+                          <span class="text-white/80 truncate">{t.name}</span>
+                          <button
+                            onclick={() => deleteTemplate(t.id)}
+                            class="text-ember/70 hover:text-ember text-[10px]"
+                          >
+                            DELETE
+                          </button>
+                        </div>
+                      {/each}
+                    </div>
+                  </div>
+                {/if}
               </div>
             {/if}
           </div>
@@ -287,12 +581,23 @@
         {:else}
           <!-- Message List -->
           <div>
-            <h2 class="text-white text-sm font-display tracking-wider mb-4">{selectedInbox}</h2>
+            <div class="flex items-center justify-between gap-3 mb-4">
+              <h2 class="text-white text-sm font-display tracking-wider">{selectedInbox}</h2>
+              <input
+                type="search"
+                bind:value={searchQuery}
+                placeholder="search from / subject / preview"
+                class="w-72 bg-slab/50 border border-ghost/20 text-white text-[11px] font-mono px-3 py-1.5 rounded-sm
+                  focus:border-neon/40 focus:outline-none placeholder:text-ghost/40"
+              />
+            </div>
             {#if messages.length === 0}
               <p class="text-ghost text-xs font-mono">No messages</p>
+            {:else if filteredMessages.length === 0}
+              <p class="text-ghost text-xs font-mono">No matches for "{searchQuery}"</p>
             {:else}
               <div class="space-y-2">
-                {#each messages as msg}
+                {#each filteredMessages as msg}
                   <button
                     onclick={() => loadMessage(msg.message_id)}
                     class="w-full text-left p-3 bg-slab/40 border border-ghost/10 rounded-sm hover:border-neon/30 hover:bg-slab/60 transition-all"
@@ -313,5 +618,6 @@
         {/if}
       </main>
     </div>
+    {/if}
   {/if}
 </div>
diff --git a/apps/web/src/components/InboxView.svelte b/apps/web/src/components/InboxView.svelte
index 0c20e6e..2037265 100644
--- a/apps/web/src/components/InboxView.svelte
+++ b/apps/web/src/components/InboxView.svelte
@@ -169,6 +169,11 @@
 
   async function selectMessage(messageId: string) {
     selectedId = messageId;
+    // Optimistic: bold-out the row immediately, server stamps read_at on GET.
+    const now = Math.floor(Date.now() / 1000);
+    messages = messages.map((m) =>
+      m.message_id === messageId && !m.read_at ? { ...m, read_at: now } : m
+    );
     try {
       selectedMessage = await api.getMessage(inboxAddress, messageId, inboxToken);
     } catch {
diff --git a/apps/web/src/components/MessageList.svelte b/apps/web/src/components/MessageList.svelte
index 660a36d..fe915e1 100644
--- a/apps/web/src/components/MessageList.svelte
+++ b/apps/web/src/components/MessageList.svelte
@@ -31,21 +31,24 @@
     </div>
   {:else}
     {#each messages as msg, i}
+      {@const unread = !msg.read_at || msg.read_at === 0}
       <button
         onclick={() => onSelect(msg.message_id)}
         class="w-full text-left p-4 font-mono transition-all duration-200 rounded-sm border
           {selectedId === msg.message_id
             ? 'bg-neon/5 border-neon/30 glow-box'
-            : 'bg-slab/40 border-ghost/10 hover:bg-slab/70 hover:border-ghost/25'}"
+            : unread
+              ? 'bg-slab/60 border-neon/20 hover:bg-slab/80'
+              : 'bg-slab/40 border-ghost/10 hover:bg-slab/70 hover:border-ghost/25'}"
         style="animation: fadeUp 0.4s ease-out both; animation-delay: {i * 0.05}s;"
       >
         <div class="flex items-start justify-between gap-3">
           <div class="flex-1 min-w-0">
             <div class="flex items-center gap-2 mb-1">
-              <span class="w-1.5 h-1.5 rounded-full bg-neon flex-shrink-0"></span>
-              <span class="text-xs text-white truncate">{msg.from}</span>
+              <span class="w-1.5 h-1.5 rounded-full flex-shrink-0 {unread ? 'bg-neon' : 'bg-ghost/40'}"></span>
+              <span class="text-xs truncate {unread ? 'text-white font-bold' : 'text-white/70'}">{msg.from}</span>
             </div>
-            <div class="text-sm text-white/90 truncate mb-1">{msg.subject}</div>
+            <div class="text-sm truncate mb-1 {unread ? 'text-white font-bold' : 'text-white/70'}">{msg.subject}</div>
             <div class="text-[11px] text-muted truncate">{msg.preview}</div>
           </div>
           <div class="text-[10px] text-ghost flex-shrink-0 mt-0.5">
diff --git a/packages/shared/src/api-client.ts b/packages/shared/src/api-client.ts
index 3701c6a..45c120d 100644
--- a/packages/shared/src/api-client.ts
+++ b/packages/shared/src/api-client.ts
@@ -157,5 +157,26 @@ export function createApiClient(baseUrl: string) {
         headers: { Authorization: `Bearer ${userApiKey}` },
       });
     },
+
+    listInboxShares: (address: string, userApiKey: string) =>
+      request<{ shares: { user_id: string; email?: string }[] }>(
+        `/inbox/${address}/shares`,
+        undefined,
+        userApiKey
+      ),
+
+    addInboxShare: (address: string, email: string, userApiKey: string) =>
+      request<{ user_id: string; email?: string }>(
+        `/inbox/${address}/shares`,
+        { method: "POST", body: JSON.stringify({ email }) },
+        userApiKey
+      ),
+
+    removeInboxShare: async (address: string, userId: string, userApiKey: string): Promise<void> => {
+      await fetch(`${baseUrl}/inbox/${address}/shares/${userId}`, {
+        method: "DELETE",
+        headers: { Authorization: `Bearer ${userApiKey}` },
+      });
+    },
   };
 }
diff --git a/packages/shared/src/i18n/locales/en.ts b/packages/shared/src/i18n/locales/en.ts
index 68d7e78..e83bb44 100644
--- a/packages/shared/src/i18n/locales/en.ts
+++ b/packages/shared/src/i18n/locales/en.ts
@@ -177,4 +177,14 @@ export const en: Record<TranslationKey, string> = {
   webhookRemove: "Remove",
   webhookActive: "Active",
   webhookInvalidUrl: "URL must start with https://",
+
+  // Inbox sharing
+  shareInbox: "Share inbox",
+  shareInboxDescription: "Grant read access to another user by their account email.",
+  shareEmailPlaceholder: "email@account.com",
+  shareAdd: "Add",
+  shareRemove: "Remove",
+  sharedWith: "Shared with",
+  shareUserNotFound: "No user with that email",
+  shareSelf: "You can't share with yourself",
 };
diff --git a/packages/shared/src/i18n/locales/es.ts b/packages/shared/src/i18n/locales/es.ts
index 8c77b6e..818de91 100644
--- a/packages/shared/src/i18n/locales/es.ts
+++ b/packages/shared/src/i18n/locales/es.ts
@@ -177,4 +177,14 @@ export const es: Record<TranslationKey, string> = {
   webhookRemove: "Eliminar",
   webhookActive: "Activo",
   webhookInvalidUrl: "La URL debe empezar con https://",
+
+  // Inbox sharing
+  shareInbox: "Compartir inbox",
+  shareInboxDescription: "Concede acceso de lectura a otro usuario por el email de su cuenta.",
+  shareEmailPlaceholder: "email@cuenta.com",
+  shareAdd: "Agregar",
+  shareRemove: "Quitar",
+  sharedWith: "Compartido con",
+  shareUserNotFound: "No hay usuario con ese email",
+  shareSelf: "No puedes compartir contigo mismo",
 };
diff --git a/packages/shared/src/i18n/locales/fr.ts b/packages/shared/src/i18n/locales/fr.ts
index b10cbc4..5741f63 100644
--- a/packages/shared/src/i18n/locales/fr.ts
+++ b/packages/shared/src/i18n/locales/fr.ts
@@ -177,4 +177,14 @@ export const fr: Record<TranslationKey, string> = {
   webhookRemove: "Supprimer",
   webhookActive: "Actif",
   webhookInvalidUrl: "L'URL doit commencer par https://",
+
+  // Inbox sharing
+  shareInbox: "Partager l'inbox",
+  shareInboxDescription: "Accordez un accès en lecture à un autre utilisateur par l'email de son compte.",
+  shareEmailPlaceholder: "email@compte.com",
+  shareAdd: "Ajouter",
+  shareRemove: "Retirer",
+  sharedWith: "Partagé avec",
+  shareUserNotFound: "Aucun utilisateur avec cet email",
+  shareSelf: "Vous ne pouvez pas partager avec vous-même",
 };
diff --git a/packages/shared/src/i18n/locales/pt-BR.ts b/packages/shared/src/i18n/locales/pt-BR.ts
index 1880978..893425b 100644
--- a/packages/shared/src/i18n/locales/pt-BR.ts
+++ b/packages/shared/src/i18n/locales/pt-BR.ts
@@ -175,6 +175,16 @@ export const ptBR = {
   webhookRemove: "Remover",
   webhookActive: "Ativo",
   webhookInvalidUrl: "A URL deve começar com https://",
+
+  // Inbox sharing
+  shareInbox: "Compartilhar inbox",
+  shareInboxDescription: "Conceda acesso de leitura a outro usuário pelo email da conta dele.",
+  shareEmailPlaceholder: "email@conta.com",
+  shareAdd: "Adicionar",
+  shareRemove: "Remover",
+  sharedWith: "Compartilhado com",
+  shareUserNotFound: "Nenhum usuário com esse email",
+  shareSelf: "Você não pode compartilhar consigo mesmo",
 } as const;
 
 export type TranslationKey = keyof typeof ptBR;
diff --git a/packages/shared/src/types.ts b/packages/shared/src/types.ts
index 0a8381e..f4eb51d 100644
--- a/packages/shared/src/types.ts
+++ b/packages/shared/src/types.ts
@@ -11,6 +11,7 @@ export interface MessageSummary {
   subject: string;
   received_at: number;
   preview: string;
+  read_at?: number;
 }
 
 export interface AttachmentMeta {
@@ -26,6 +27,7 @@ export interface MessageDetail extends MessageSummary {
   body_text: string;
   body_html: string;
   attachments?: AttachmentMeta[];
+  read_at?: number;
 }
 
 export interface CreateInboxResponse {
diff --git a/services/cmd/api-local/main.go b/services/cmd/api-local/main.go
index 3c221f5..1e53866 100644
--- a/services/cmd/api-local/main.go
+++ b/services/cmd/api-local/main.go
@@ -65,7 +65,7 @@ func main() {
 	userRepo := user.NewRepository(ddbClient, tableName)
 	userSvc := user.NewService(userRepo, nil, "http://localhost:4321")
 
-	api := handler.NewAPI(inboxSvc, userSvc, nil, nil, nil, nil, "", domain, ttl, "")
+	api := handler.NewAPI(inboxSvc, userSvc, nil, nil, nil, nil, nil, nil, "", domain, ttl, "")
 
 	mux := http.NewServeMux()
 	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
diff --git a/services/cmd/api/main.go b/services/cmd/api/main.go
index 0d90036..c1a4318 100644
--- a/services/cmd/api/main.go
+++ b/services/cmd/api/main.go
@@ -22,6 +22,8 @@ import (
 	"github.com/ephemask/services/internal/inbox"
 	"github.com/ephemask/services/internal/mailer"
 	"github.com/ephemask/services/internal/ratelimit"
+	"github.com/ephemask/services/internal/stats"
+	"github.com/ephemask/services/internal/template"
 	"github.com/ephemask/services/internal/user"
 )
 
@@ -66,10 +68,12 @@ func init() {
 	domainSvc := domain.NewService(domainRepo, sesClient, region)
 
 	rateLimiter := ratelimit.NewLimiter(ddbClient, tableName)
+	statsSvc := stats.NewService(ddbClient, tableName)
+	templateSvc := template.NewService(ddbClient, tableName)
 
 	webhookSecret := os.Getenv("REVENUECAT_WEBHOOK_SECRET")
 
-	api = handler.NewAPI(inboxSvc, userSvc, domainSvc, mailerSvc, rateLimiter, s3Client, emailBucket, domainName, ttl, webhookSecret)
+	api = handler.NewAPI(inboxSvc, userSvc, domainSvc, mailerSvc, rateLimiter, statsSvc, templateSvc, s3Client, emailBucket, domainName, ttl, webhookSecret)
 }
 
 func handleRequest(ctx context.Context, event events.APIGatewayV2HTTPRequest) (events.APIGatewayV2HTTPResponse, error) {
diff --git a/services/internal/handler/api.go b/services/internal/handler/api.go
index d566753..868b8f1 100644
--- a/services/internal/handler/api.go
+++ b/services/internal/handler/api.go
@@ -18,6 +18,8 @@ import (
 	"github.com/ephemask/services/internal/inbox"
 	"github.com/ephemask/services/internal/mailer"
 	"github.com/ephemask/services/internal/ratelimit"
+	"github.com/ephemask/services/internal/stats"
+	"github.com/ephemask/services/internal/template"
 	"github.com/ephemask/services/internal/user"
 )
 
@@ -33,6 +35,8 @@ type API struct {
 	domainSvc      *domain.Service
 	mailerSvc      *mailer.Service
 	rateLimiter    *ratelimit.Limiter
+	statsSvc       *stats.Service
+	templateSvc    *template.Service
 	s3Client       *s3.Client
 	emailBucket    string
 	mainDomain     string
@@ -41,8 +45,8 @@ type API struct {
 }
 
 // NewAPI creates a new API handler.
-func NewAPI(inboxSvc *inbox.Service, userSvc *user.Service, domainSvc *domain.Service, mailerSvc *mailer.Service, rateLimiter *ratelimit.Limiter, s3Client *s3.Client, emailBucket, mainDomain string, defaultTTL int64, webhookSecret string) *API {
-	return &API{inboxSvc: inboxSvc, userSvc: userSvc, domainSvc: domainSvc, mailerSvc: mailerSvc, rateLimiter: rateLimiter, s3Client: s3Client, emailBucket: emailBucket, mainDomain: mainDomain, defaultTTL: defaultTTL, webhookSecret: webhookSecret}
+func NewAPI(inboxSvc *inbox.Service, userSvc *user.Service, domainSvc *domain.Service, mailerSvc *mailer.Service, rateLimiter *ratelimit.Limiter, statsSvc *stats.Service, templateSvc *template.Service, s3Client *s3.Client, emailBucket, mainDomain string, defaultTTL int64, webhookSecret string) *API {
+	return &API{inboxSvc: inboxSvc, userSvc: userSvc, domainSvc: domainSvc, mailerSvc: mailerSvc, rateLimiter: rateLimiter, statsSvc: statsSvc, templateSvc: templateSvc, s3Client: s3Client, emailBucket: emailBucket, mainDomain: mainDomain, defaultTTL: defaultTTL, webhookSecret: webhookSecret}
 }
 
 // Route dispatches the request to the appropriate handler.
@@ -88,6 +92,12 @@ func (a *API) routeInternal(method string, parts []string) http.HandlerFunc {
 		return a.DeleteInbox
 	case method == "POST" && len(parts) == 3 && parts[0] == "inbox" && parts[2] == "forward":
 		return a.SetForward
+	case method == "GET" && len(parts) == 3 && parts[0] == "inbox" && parts[2] == "shares":
+		return a.ListInboxShares
+	case method == "POST" && len(parts) == 3 && parts[0] == "inbox" && parts[2] == "shares":
+		return a.AddInboxShare
+	case method == "DELETE" && len(parts) == 4 && parts[0] == "inbox" && parts[2] == "shares":
+		return a.RemoveInboxShare
 
 	// User routes
 	case method == "POST" && len(parts) == 2 && parts[0] == "user" && parts[1] == "register":
@@ -110,6 +120,16 @@ func (a *API) routeInternal(method string, parts []string) http.HandlerFunc {
 		return a.DeleteDomain
 
 	// Admin routes
+	case method == "GET" && len(parts) == 2 && parts[0] == "admin" && parts[1] == "stats":
+		return a.GetAdminStats
+	case method == "GET" && len(parts) == 2 && parts[0] == "admin" && parts[1] == "users":
+		return a.GetAdminUsers
+	case method == "GET" && len(parts) == 2 && parts[0] == "admin" && parts[1] == "templates":
+		return a.ListAdminTemplates
+	case method == "POST" && len(parts) == 2 && parts[0] == "admin" && parts[1] == "templates":
+		return a.CreateAdminTemplate
+	case method == "DELETE" && len(parts) == 3 && parts[0] == "admin" && parts[1] == "templates":
+		return a.DeleteAdminTemplate
 	case method == "POST" && len(parts) == 2 && parts[0] == "admin" && parts[1] == "inbox":
 		return a.CreateAdminInbox
 	case method == "GET" && len(parts) == 3 && parts[0] == "admin" && parts[1] == "inbox":
@@ -161,6 +181,109 @@ func (a *API) authenticateAdmin(r *http.Request) (*user.UserRecord, error) {
 	return u, nil
 }
 
+func (a *API) GetAdminStats(w http.ResponseWriter, r *http.Request) {
+	if _, err := a.authenticateAdmin(r); err != nil {
+		writeJSON(w, http.StatusUnauthorized, map[string]string{"error": "unauthorized"})
+		return
+	}
+	if a.statsSvc == nil {
+		writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "stats unavailable"})
+		return
+	}
+	snap, err := a.statsSvc.Compute(r.Context())
+	if err != nil {
+		log.Printf("stats compute error: %v", err)
+		writeJSON(w, http.StatusInternalServerError, map[string]string{"error": "failed to compute stats"})
+		return
+	}
+	writeJSON(w, http.StatusOK, snap)
+}
+
+func (a *API) GetAdminUsers(w http.ResponseWriter, r *http.Request) {
+	if _, err := a.authenticateAdmin(r); err != nil {
+		writeJSON(w, http.StatusUnauthorized, map[string]string{"error": "unauthorized"})
+		return
+	}
+	users, err := a.userSvc.ListAllUsers(r.Context())
+	if err != nil {
+		log.Printf("list users error: %v", err)
+		writeJSON(w, http.StatusInternalServerError, map[string]string{"error": "failed to list users"})
+		return
+	}
+	writeJSON(w, http.StatusOK, map[string]any{"users": users})
+}
+
+func (a *API) ListAdminTemplates(w http.ResponseWriter, r *http.Request) {
+	u, err := a.authenticateAdmin(r)
+	if err != nil {
+		writeJSON(w, http.StatusUnauthorized, map[string]string{"error": "unauthorized"})
+		return
+	}
+	if a.templateSvc == nil {
+		writeJSON(w, http.StatusOK, map[string]any{"templates": []any{}})
+		return
+	}
+	list, err := a.templateSvc.List(r.Context(), u.UserID)
+	if err != nil {
+		writeJSON(w, http.StatusInternalServerError, map[string]string{"error": "failed to list templates"})
+		return
+	}
+	writeJSON(w, http.StatusOK, map[string]any{"templates": list})
+}
+
+func (a *API) CreateAdminTemplate(w http.ResponseWriter, r *http.Request) {
+	u, err := a.authenticateAdmin(r)
+	if err != nil {
+		writeJSON(w, http.StatusUnauthorized, map[string]string{"error": "unauthorized"})
+		return
+	}
+	if a.templateSvc == nil {
+		writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "templates unavailable"})
+		return
+	}
+	var body struct {
+		Name    string `json:"name"`
+		Subject string `json:"subject"`
+		Body    string `json:"body"`
+	}
+	if err := readJSON(r, &body); err != nil {
+		writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid body"})
+		return
+	}
+	t, err := a.templateSvc.Create(r.Context(), u.UserID, body.Name, body.Subject, body.Body)
+	if err != nil {
+		switch {
+		case errors.Is(err, template.ErrEmpty):
+			writeJSON(w, http.StatusBadRequest, map[string]string{"error": "name and body are required"})
+		case errors.Is(err, template.ErrLimit):
+			writeJSON(w, http.StatusConflict, map[string]string{"error": "template limit reached"})
+		default:
+			writeJSON(w, http.StatusInternalServerError, map[string]string{"error": "failed to create template"})
+		}
+		return
+	}
+	writeJSON(w, http.StatusOK, t)
+}
+
+func (a *API) DeleteAdminTemplate(w http.ResponseWriter, r *http.Request) {
+	u, err := a.authenticateAdmin(r)
+	if err != nil {
+		writeJSON(w, http.StatusUnauthorized, map[string]string{"error": "unauthorized"})
+		return
+	}
+	if a.templateSvc == nil {
+		w.WriteHeader(http.StatusNoContent)
+		return
+	}
+	parts := strings.Split(strings.Trim(r.URL.Path, "/"), "/")
+	id := parts[2]
+	if err := a.templateSvc.Delete(r.Context(), u.UserID, id); err != nil {
+		writeJSON(w, http.StatusInternalServerError, map[string]string{"error": "failed to delete template"})
+		return
+	}
+	w.WriteHeader(http.StatusNoContent)
+}
+
 func (a *API) CreateAdminInbox(w http.ResponseWriter, r *http.Request) {
 	if _, err := a.authenticateAdmin(r); err != nil {
 		writeJSON(w, http.StatusUnauthorized, map[string]string{"error": "unauthorized"})
@@ -380,10 +503,16 @@ func (a *API) authenticateInbox(r *http.Request, address string) error {
 		return inbox.ErrUnauthorized
 	}
 	rec, err := a.inboxSvc.GetInboxRecord(r.Context(), address)
-	if err != nil || rec == nil || rec.UserID != u.UserID {
+	if err != nil || rec == nil {
 		return inbox.ErrUnauthorized
 	}
-	return nil
+	if rec.UserID == u.UserID {
+		return nil
+	}
+	if a.inboxSvc.IsSharedWith(rec, u.UserID) {
+		return nil
+	}
+	return inbox.ErrUnauthorized
 }
 
 func (a *API) authenticateUser(r *http.Request) (*user.UserRecord, error) {
@@ -562,6 +691,101 @@ func (a *API) GetMessage(w http.ResponseWriter, r *http.Request) {
 	writeJSON(w, http.StatusOK, msg)
 }
 
+func (a *API) requireOwner(r *http.Request, address string) (*inbox.InboxRecord, *user.UserRecord, error) {
+	u, err := a.authenticateUser(r)
+	if err != nil {
+		return nil, nil, err
+	}
+	rec, err := a.inboxSvc.GetInboxRecord(r.Context(), address)
+	if err != nil {
+		return nil, nil, err
+	}
+	if rec == nil || rec.UserID != u.UserID {
+		return nil, nil, user.ErrUnauthorized
+	}
+	return rec, u, nil
+}
+
+func (a *API) ListInboxShares(w http.ResponseWriter, r *http.Request) {
+	parts := strings.Split(strings.Trim(r.URL.Path, "/"), "/")
+	address := parts[1]
+
+	rec, _, err := a.requireOwner(r, address)
+	if err != nil {
+		writeJSON(w, http.StatusUnauthorized, map[string]string{"error": "unauthorized"})
+		return
+	}
+
+	shares := make([]inbox.InboxShare, 0, len(rec.SharedWith))
+	for _, uid := range rec.SharedWith {
+		share := inbox.InboxShare{UserID: uid}
+		if u, err := a.userSvc.LookupByID(r.Context(), uid); err == nil && u != nil {
+			share.Email = u.Email
+		}
+		shares = append(shares, share)
+	}
+	writeJSON(w, http.StatusOK, map[string]any{"shares": shares})
+}
+
+func (a *API) AddInboxShare(w http.ResponseWriter, r *http.Request) {
+	parts := strings.Split(strings.Trim(r.URL.Path, "/"), "/")
+	address := parts[1]
+
+	_, owner, err := a.requireOwner(r, address)
+	if err != nil {
+		writeJSON(w, http.StatusUnauthorized, map[string]string{"error": "unauthorized"})
+		return
+	}
+	if owner.Tier != user.TierPremium {
+		writeJSON(w, http.StatusForbidden, map[string]string{"error": "premium feature"})
+		return
+	}
+
+	var body struct {
+		Email string `json:"email"`
+	}
+	if err := readJSON(r, &body); err != nil || body.Email == "" {
+		writeJSON(w, http.StatusBadRequest, map[string]string{"error": "email is required"})
+		return
+	}
+
+	target, err := a.userSvc.LookupByEmail(r.Context(), strings.ToLower(strings.TrimSpace(body.Email)))
+	if err != nil {
+		writeJSON(w, http.StatusInternalServerError, map[string]string{"error": "failed to look up user"})
+		return
+	}
+	if target == nil {
+		writeJSON(w, http.StatusNotFound, map[string]string{"error": "no user with that email"})
+		return
+	}
+	if target.UserID == owner.UserID {
+		writeJSON(w, http.StatusBadRequest, map[string]string{"error": "cannot share with yourself"})
+		return
+	}
+
+	if err := a.inboxSvc.AddShare(r.Context(), address, target.UserID); err != nil {
+		writeJSON(w, http.StatusInternalServerError, map[string]string{"error": "failed to add share"})
+		return
+	}
+	writeJSON(w, http.StatusOK, inbox.InboxShare{UserID: target.UserID, Email: target.Email})
+}
+
+func (a *API) RemoveInboxShare(w http.ResponseWriter, r *http.Request) {
+	parts := strings.Split(strings.Trim(r.URL.Path, "/"), "/")
+	address := parts[1]
+	shareUserID := parts[3]
+
+	if _, _, err := a.requireOwner(r, address); err != nil {
+		writeJSON(w, http.StatusUnauthorized, map[string]string{"error": "unauthorized"})
+		return
+	}
+	if err := a.inboxSvc.RemoveShare(r.Context(), address, shareUserID); err != nil {
+		writeJSON(w, http.StatusInternalServerError, map[string]string{"error": "failed to remove share"})
+		return
+	}
+	w.WriteHeader(http.StatusNoContent)
+}
+
 func (a *API) GetAttachment(w http.ResponseWriter, r *http.Request) {
 	parts := strings.Split(strings.Trim(r.URL.Path, "/"), "/")
 	address := parts[1]
diff --git a/services/internal/handler/api_test.go b/services/internal/handler/api_test.go
index f392ca4..dda5322 100644
--- a/services/internal/handler/api_test.go
+++ b/services/internal/handler/api_test.go
@@ -10,7 +10,7 @@ import (
 
 func newTestAPI() *API {
 	svc := inbox.NewService(nil, "ephemask.dev", 600)
-	return NewAPI(svc, nil, nil, nil, nil, nil, "", "ephemask.dev", 600, "")
+	return NewAPI(svc, nil, nil, nil, nil, nil, nil, nil, "", "ephemask.dev", 600, "")
 }
 
 func TestRouteNotFound(t *testing.T) {
diff --git a/services/internal/inbox/model.go b/services/internal/inbox/model.go
index 049f665..4960b9c 100644
--- a/services/internal/inbox/model.go
+++ b/services/internal/inbox/model.go
@@ -2,14 +2,21 @@ package inbox
 
 // InboxRecord represents a registered inbox in DynamoDB.
 type InboxRecord struct {
-	InboxAddress string `dynamodbav:"inbox_address" json:"address"`
-	MessageID    string `dynamodbav:"message_id" json:"-"`
-	Token        string `dynamodbav:"token" json:"-"`
-	UserID       string `dynamodbav:"user_id,omitempty" json:"-"`
-	ForwardTo    string `dynamodbav:"forward_to,omitempty" json:"forward_to,omitempty"`
-	CreatedAt    int64  `dynamodbav:"received_at" json:"created_at"`
-	TTL          int64  `dynamodbav:"ttl" json:"-"`
-	ExpiresAt    int64  `dynamodbav:"expires_at" json:"expires_at"`
+	InboxAddress string   `dynamodbav:"inbox_address" json:"address"`
+	MessageID    string   `dynamodbav:"message_id" json:"-"`
+	Token        string   `dynamodbav:"token" json:"-"`
+	UserID       string   `dynamodbav:"user_id,omitempty" json:"-"`
+	SharedWith   []string `dynamodbav:"shared_with,omitempty" json:"-"`
+	ForwardTo    string   `dynamodbav:"forward_to,omitempty" json:"forward_to,omitempty"`
+	CreatedAt    int64    `dynamodbav:"received_at" json:"created_at"`
+	TTL          int64    `dynamodbav:"ttl" json:"-"`
+	ExpiresAt    int64    `dynamodbav:"expires_at" json:"expires_at"`
+}
+
+// InboxShare is the public-facing shape used in /inbox/{addr}/shares responses.
+type InboxShare struct {
+	UserID string `json:"user_id"`
+	Email  string `json:"email,omitempty"`
 }
 
 const InboxSentinel = "__inbox__"
@@ -38,6 +45,7 @@ type Message struct {
 	TTL          int64            `dynamodbav:"ttl" json:"-"`
 	S3Key        string           `dynamodbav:"s3_key" json:"s3_key,omitempty"`
 	Attachments  []AttachmentMeta `dynamodbav:"attachments,omitempty" json:"attachments,omitempty"`
+	ReadAt       int64            `dynamodbav:"read_at,omitempty" json:"read_at,omitempty"`
 }
 
 // MessageSummary is a lightweight view for listing messages.
@@ -47,6 +55,7 @@ type MessageSummary struct {
 	Subject    string `json:"subject"`
 	ReceivedAt int64  `json:"received_at"`
 	Preview    string `json:"preview"`
+	ReadAt     int64  `json:"read_at,omitempty"`
 }
 
 // Inbox represents an inbox with its messages.
diff --git a/services/internal/inbox/repository.go b/services/internal/inbox/repository.go
index b0bde85..947d4f4 100644
--- a/services/internal/inbox/repository.go
+++ b/services/internal/inbox/repository.go
@@ -2,6 +2,8 @@ package inbox
 
 import (
 	"context"
+	"errors"
+	"strconv"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
@@ -55,6 +57,37 @@ func (r *Repository) GetInboxRecord(ctx context.Context, address string) (*Inbox
 	return &record, err
 }
 
+// SetSharedWith replaces the shared_with list for an inbox.
+func (r *Repository) SetSharedWith(ctx context.Context, address string, userIDs []string) error {
+	if len(userIDs) == 0 {
+		_, err := r.client.UpdateItem(ctx, &dynamodb.UpdateItemInput{
+			TableName: &r.tableName,
+			Key: map[string]types.AttributeValue{
+				"inbox_address": &types.AttributeValueMemberS{Value: address},
+				"message_id":    &types.AttributeValueMemberS{Value: InboxSentinel},
+			},
+			UpdateExpression: aws.String("REMOVE shared_with"),
+		})
+		return err
+	}
+	values := make([]types.AttributeValue, 0, len(userIDs))
+	for _, id := range userIDs {
+		values = append(values, &types.AttributeValueMemberS{Value: id})
+	}
+	_, err := r.client.UpdateItem(ctx, &dynamodb.UpdateItemInput{
+		TableName: &r.tableName,
+		Key: map[string]types.AttributeValue{
+			"inbox_address": &types.AttributeValueMemberS{Value: address},
+			"message_id":    &types.AttributeValueMemberS{Value: InboxSentinel},
+		},
+		UpdateExpression: aws.String("SET shared_with = :sw"),
+		ExpressionAttributeValues: map[string]types.AttributeValue{
+			":sw": &types.AttributeValueMemberL{Value: values},
+		},
+	})
+	return err
+}
+
 // SetForwardTo updates the forwarding address for an inbox.
 func (r *Repository) SetForwardTo(ctx context.Context, address, forwardTo string) error {
 	_, err := r.client.UpdateItem(ctx, &dynamodb.UpdateItemInput{
@@ -135,6 +168,31 @@ func (r *Repository) GetMessage(ctx context.Context, address, messageID string)
 	return &msg, err
 }
 
+// MarkMessageRead sets read_at on a message if it isn't already set.
+func (r *Repository) MarkMessageRead(ctx context.Context, address, messageID string, readAt int64) error {
+	_, err := r.client.UpdateItem(ctx, &dynamodb.UpdateItemInput{
+		TableName: &r.tableName,
+		Key: map[string]types.AttributeValue{
+			"inbox_address": &types.AttributeValueMemberS{Value: address},
+			"message_id":    &types.AttributeValueMemberS{Value: messageID},
+		},
+		UpdateExpression:    aws.String("SET read_at = :ra"),
+		ConditionExpression: aws.String("attribute_not_exists(read_at) OR read_at = :zero"),
+		ExpressionAttributeValues: map[string]types.AttributeValue{
+			":ra":   &types.AttributeValueMemberN{Value: strconv.FormatInt(readAt, 10)},
+			":zero": &types.AttributeValueMemberN{Value: "0"},
+		},
+	})
+	if err != nil {
+		// Conditional check failure means already-read; not an error to surface.
+		var ccfe *types.ConditionalCheckFailedException
+		if errors.As(err, &ccfe) {
+			return nil
+		}
+	}
+	return err
+}
+
 // DeleteMessage deletes a single message.
 func (r *Repository) DeleteMessage(ctx context.Context, address, messageID string) error {
 	_, err := r.client.DeleteItem(ctx, &dynamodb.DeleteItemInput{
diff --git a/services/internal/inbox/service.go b/services/internal/inbox/service.go
index a7cb30c..95505d0 100644
--- a/services/internal/inbox/service.go
+++ b/services/internal/inbox/service.go
@@ -269,6 +269,7 @@ func (s *Service) GetInbox(ctx context.Context, address string) (*Inbox, error)
 			Subject:    m.Subject,
 			ReceivedAt: m.ReceivedAt,
 			Preview:    truncate(m.BodyText, 100),
+			ReadAt:     m.ReadAt,
 		})
 	}
 
@@ -279,9 +280,19 @@ func (s *Service) GetInbox(ctx context.Context, address string) (*Inbox, error)
 	}, nil
 }
 
-// GetMessage returns full message detail.
+// GetMessage returns full message detail and stamps read_at on first access.
 func (s *Service) GetMessage(ctx context.Context, address, messageID string) (*Message, error) {
-	return s.repo.GetMessage(ctx, address, messageID)
+	msg, err := s.repo.GetMessage(ctx, address, messageID)
+	if err != nil || msg == nil {
+		return msg, err
+	}
+	if msg.ReadAt == 0 {
+		now := time.Now().Unix()
+		if err := s.repo.MarkMessageRead(ctx, address, messageID, now); err == nil {
+			msg.ReadAt = now
+		}
+	}
+	return msg, nil
 }
 
 // DeleteMessage removes a single message.
@@ -294,6 +305,57 @@ func (s *Service) DeleteInbox(ctx context.Context, address string) error {
 	return s.repo.DeleteInbox(ctx, address)
 }
 
+// AddShare adds a user_id to the inbox's shared_with list. Caller is
+// responsible for verifying ownership and that the user_id corresponds to a
+// real account.
+func (s *Service) AddShare(ctx context.Context, address, userID string) error {
+	rec, err := s.repo.GetInboxRecord(ctx, address)
+	if err != nil {
+		return err
+	}
+	if rec == nil {
+		return ErrUnauthorized
+	}
+	for _, existing := range rec.SharedWith {
+		if existing == userID {
+			return nil
+		}
+	}
+	updated := append(append([]string{}, rec.SharedWith...), userID)
+	return s.repo.SetSharedWith(ctx, address, updated)
+}
+
+// RemoveShare drops a user_id from the inbox's shared_with list.
+func (s *Service) RemoveShare(ctx context.Context, address, userID string) error {
+	rec, err := s.repo.GetInboxRecord(ctx, address)
+	if err != nil {
+		return err
+	}
+	if rec == nil {
+		return ErrUnauthorized
+	}
+	out := make([]string, 0, len(rec.SharedWith))
+	for _, existing := range rec.SharedWith {
+		if existing != userID {
+			out = append(out, existing)
+		}
+	}
+	return s.repo.SetSharedWith(ctx, address, out)
+}
+
+// IsSharedWith returns true if the inbox grants read access to userID.
+func (s *Service) IsSharedWith(rec *InboxRecord, userID string) bool {
+	if rec == nil || userID == "" {
+		return false
+	}
+	for _, id := range rec.SharedWith {
+		if id == userID {
+			return true
+		}
+	}
+	return false
+}
+
 // SetForward sets the forwarding address for an inbox (premium only).
 func (s *Service) SetForward(ctx context.Context, address, forwardTo string) error {
 	return s.repo.SetForwardTo(ctx, address, forwardTo)
diff --git a/services/internal/stats/service.go b/services/internal/stats/service.go
new file mode 100644
index 0000000..5a155a1
--- /dev/null
+++ b/services/internal/stats/service.go
@@ -0,0 +1,129 @@
+// Package stats produces aggregate counts for the admin analytics dashboard.
+// Implementation is intentionally simple — DynamoDB Scan with filters — since
+// table volume is small at this stage. If the table grows past the cheap-scan
+// regime we'll move to per-counter sentinel items or CloudWatch metrics.
+package stats
+
+import (
+	"context"
+	"strconv"
+	"time"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/dynamodb"
+	"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
+
+	"github.com/ephemask/services/internal/inbox"
+	"github.com/ephemask/services/internal/user"
+)
+
+// Snapshot is the single response shape for GET /admin/stats.
+type Snapshot struct {
+	Users          int64 `json:"users"`
+	PremiumUsers   int64 `json:"premium_users"`
+	ActiveInboxes  int64 `json:"active_inboxes"`
+	Messages24h    int64 `json:"messages_24h"`
+	Messages7d     int64 `json:"messages_7d"`
+	GeneratedAt    int64 `json:"generated_at"`
+}
+
+// Service computes Snapshot values via Scan operations.
+type Service struct {
+	client    *dynamodb.Client
+	tableName string
+}
+
+// NewService returns a stats Service backed by the given DynamoDB client.
+func NewService(client *dynamodb.Client, tableName string) *Service {
+	return &Service{client: client, tableName: tableName}
+}
+
+// Compute returns a fresh snapshot. Each metric is one Scan; we run them
+// sequentially because DynamoDB charges per RCU regardless of parallelism
+// and Lambda concurrency for /admin/stats is tiny.
+func (s *Service) Compute(ctx context.Context) (*Snapshot, error) {
+	now := time.Now().Unix()
+	day := now - 86400
+	week := now - 7*86400
+
+	users, err := s.count(ctx, "message_id = :sentinel", map[string]types.AttributeValue{
+		":sentinel": &types.AttributeValueMemberS{Value: user.UserSentinel},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	premium, err := s.count(ctx, "message_id = :sentinel AND tier = :tier", map[string]types.AttributeValue{
+		":sentinel": &types.AttributeValueMemberS{Value: user.UserSentinel},
+		":tier":     &types.AttributeValueMemberS{Value: user.TierPremium},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	activeInboxes, err := s.count(ctx, "message_id = :sentinel AND expires_at > :now", map[string]types.AttributeValue{
+		":sentinel": &types.AttributeValueMemberS{Value: inbox.InboxSentinel},
+		":now":      &types.AttributeValueMemberN{Value: strconv.FormatInt(now, 10)},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	// Messages: filter out the sentinel items that share the messages table.
+	msg24h, err := s.count(ctx,
+		"received_at > :since AND message_id <> :inboxSentinel AND message_id <> :userSentinel AND message_id <> :magicSentinel",
+		map[string]types.AttributeValue{
+			":since":          &types.AttributeValueMemberN{Value: strconv.FormatInt(day, 10)},
+			":inboxSentinel":  &types.AttributeValueMemberS{Value: inbox.InboxSentinel},
+			":userSentinel":   &types.AttributeValueMemberS{Value: user.UserSentinel},
+			":magicSentinel":  &types.AttributeValueMemberS{Value: user.MagicTokenSentinel},
+		},
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	msg7d, err := s.count(ctx,
+		"received_at > :since AND message_id <> :inboxSentinel AND message_id <> :userSentinel AND message_id <> :magicSentinel",
+		map[string]types.AttributeValue{
+			":since":          &types.AttributeValueMemberN{Value: strconv.FormatInt(week, 10)},
+			":inboxSentinel":  &types.AttributeValueMemberS{Value: inbox.InboxSentinel},
+			":userSentinel":   &types.AttributeValueMemberS{Value: user.UserSentinel},
+			":magicSentinel":  &types.AttributeValueMemberS{Value: user.MagicTokenSentinel},
+		},
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Snapshot{
+		Users:         users,
+		PremiumUsers:  premium,
+		ActiveInboxes: activeInboxes,
+		Messages24h:   msg24h,
+		Messages7d:    msg7d,
+		GeneratedAt:   now,
+	}, nil
+}
+
+func (s *Service) count(ctx context.Context, filter string, values map[string]types.AttributeValue) (int64, error) {
+	var total int64
+	var lastKey map[string]types.AttributeValue
+	for {
+		out, err := s.client.Scan(ctx, &dynamodb.ScanInput{
+			TableName:                 &s.tableName,
+			FilterExpression:          aws.String(filter),
+			ExpressionAttributeValues: values,
+			Select:                    types.SelectCount,
+			ExclusiveStartKey:         lastKey,
+		})
+		if err != nil {
+			return 0, err
+		}
+		total += int64(out.Count)
+		if out.LastEvaluatedKey == nil {
+			return total, nil
+		}
+		lastKey = out.LastEvaluatedKey
+	}
+}
diff --git a/services/internal/template/service.go b/services/internal/template/service.go
new file mode 100644
index 0000000..03ecef0
--- /dev/null
+++ b/services/internal/template/service.go
@@ -0,0 +1,142 @@
+// Package template stores reusable subject/body presets for the admin
+// compose form. Stored as separate DynamoDB items keyed by a per-user
+// sentinel so they don't show up anywhere else in the codebase.
+package template
+
+import (
+	"context"
+	"crypto/rand"
+	"encoding/hex"
+	"errors"
+	"sort"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
+	"github.com/aws/aws-sdk-go-v2/service/dynamodb"
+	"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
+)
+
+const pkPrefix = "__template__:"
+
+const MaxTemplatesPerUser = 25
+
+var (
+	ErrLimit = errors.New("template limit reached")
+	ErrEmpty = errors.New("name and body are required")
+)
+
+// Template is one stored compose preset.
+type Template struct {
+	UserKey   string `dynamodbav:"inbox_address" json:"-"`
+	ID        string `dynamodbav:"message_id" json:"id"`
+	Name      string `dynamodbav:"name" json:"name"`
+	Subject   string `dynamodbav:"subject" json:"subject"`
+	Body      string `dynamodbav:"body" json:"body"`
+	CreatedAt int64  `dynamodbav:"received_at" json:"created_at"`
+}
+
+// Service exposes CRUD for an admin's templates.
+type Service struct {
+	client    *dynamodb.Client
+	tableName string
+}
+
+// NewService returns a template Service.
+func NewService(client *dynamodb.Client, tableName string) *Service {
+	return &Service{client: client, tableName: tableName}
+}
+
+func userKey(userID string) string { return pkPrefix + userID }
+
+func newID() (string, error) {
+	b := make([]byte, 12)
+	if _, err := rand.Read(b); err != nil {
+		return "", err
+	}
+	return "tpl_" + hex.EncodeToString(b), nil
+}
+
+// Create stores a new template for the given user.
+func (s *Service) Create(ctx context.Context, userID, name, subject, body string) (*Template, error) {
+	name = strings.TrimSpace(name)
+	body = strings.TrimSpace(body)
+	if name == "" || body == "" {
+		return nil, ErrEmpty
+	}
+
+	existing, err := s.List(ctx, userID)
+	if err != nil {
+		return nil, err
+	}
+	if len(existing) >= MaxTemplatesPerUser {
+		return nil, ErrLimit
+	}
+
+	id, err := newID()
+	if err != nil {
+		return nil, err
+	}
+
+	t := &Template{
+		UserKey:   userKey(userID),
+		ID:        id,
+		Name:      name,
+		Subject:   strings.TrimSpace(subject),
+		Body:      body,
+		CreatedAt: time.Now().Unix(),
+	}
+
+	item, err := attributevalue.MarshalMap(t)
+	if err != nil {
+		return nil, err
+	}
+	_, err = s.client.PutItem(ctx, &dynamodb.PutItemInput{
+		TableName: &s.tableName,
+		Item:      item,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return t, nil
+}
+
+// List returns all templates for the user, newest first.
+func (s *Service) List(ctx context.Context, userID string) ([]*Template, error) {
+	out, err := s.client.Query(ctx, &dynamodb.QueryInput{
+		TableName:              &s.tableName,
+		KeyConditionExpression: aws.String("inbox_address = :pk"),
+		ExpressionAttributeValues: map[string]types.AttributeValue{
+			":pk": &types.AttributeValueMemberS{Value: userKey(userID)},
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	templates := make([]*Template, 0, len(out.Items))
+	for _, item := range out.Items {
+		var t Template
+		if err := attributevalue.UnmarshalMap(item, &t); err != nil {
+			continue
+		}
+		templates = append(templates, &t)
+	}
+	sort.Slice(templates, func(i, j int) bool {
+		return templates[i].CreatedAt > templates[j].CreatedAt
+	})
+	return templates, nil
+}
+
+// Delete removes a single template.
+func (s *Service) Delete(ctx context.Context, userID, id string) error {
+	_, err := s.client.DeleteItem(ctx, &dynamodb.DeleteItemInput{
+		TableName: &s.tableName,
+		Key: map[string]types.AttributeValue{
+			"inbox_address": &types.AttributeValueMemberS{Value: userKey(userID)},
+			"message_id":    &types.AttributeValueMemberS{Value: id},
+		},
+	})
+	return err
+}
diff --git a/services/internal/user/model.go b/services/internal/user/model.go
index b28512d..534b998 100644
--- a/services/internal/user/model.go
+++ b/services/internal/user/model.go
@@ -74,6 +74,18 @@ type UserInfo struct {
 	CreatedAt  int64  `json:"created_at"`
 }
 
+// AdminUserSummary is one row in the admin user list. We deliberately omit
+// the api key and the webhook secret; admins shouldn't see those.
+type AdminUserSummary struct {
+	UserID     string `json:"user_id"`
+	Email      string `json:"email,omitempty"`
+	Tier       string `json:"tier"`
+	Role       string `json:"role,omitempty"`
+	NoAds      bool   `json:"no_ads"`
+	HasWebhook bool   `json:"has_webhook"`
+	CreatedAt  int64  `json:"created_at"`
+}
+
 // MagicLinkResponse is returned after sending a magic link.
 type MagicLinkResponse struct {
 	Message string `json:"message"`
diff --git a/services/internal/user/repository.go b/services/internal/user/repository.go
index 5d50dfe..57fc55b 100644
--- a/services/internal/user/repository.go
+++ b/services/internal/user/repository.go
@@ -170,6 +170,38 @@ func (r *Repository) ClearWebhook(ctx context.Context, userID string) error {
 	return err
 }
 
+// ListUsers returns every user record. Uses Scan with a sentinel filter; fine
+// while volume is low. If we outgrow this, switch to a "tier-index" GSI.
+func (r *Repository) ListUsers(ctx context.Context) ([]*UserRecord, error) {
+	var out []*UserRecord
+	var lastKey map[string]types.AttributeValue
+	for {
+		resp, err := r.client.Scan(ctx, &dynamodb.ScanInput{
+			TableName:        &r.tableName,
+			FilterExpression: aws.String("message_id = :sentinel"),
+			ExpressionAttributeValues: map[string]types.AttributeValue{
+				":sentinel": &types.AttributeValueMemberS{Value: UserSentinel},
+			},
+			ExclusiveStartKey: lastKey,
+		})
+		if err != nil {
+			return nil, err
+		}
+		for _, item := range resp.Items {
+			var rec UserRecord
+			if err := attributevalue.UnmarshalMap(item, &rec); err != nil {
+				continue
+			}
+			rec.UserID = strings.TrimPrefix(rec.InboxAddress, UserPKPrefix)
+			out = append(out, &rec)
+		}
+		if resp.LastEvaluatedKey == nil {
+			return out, nil
+		}
+		lastKey = resp.LastEvaluatedKey
+	}
+}
+
 // CountUserInboxes returns the number of active inboxes for a user.
 func (r *Repository) CountUserInboxes(ctx context.Context, userID string) (int, error) {
 	out, err := r.client.Query(ctx, &dynamodb.QueryInput{
diff --git a/services/internal/user/service.go b/services/internal/user/service.go
index ba7ce00..2345b4a 100644
--- a/services/internal/user/service.go
+++ b/services/internal/user/service.go
@@ -5,6 +5,7 @@ import (
 	"crypto/rand"
 	"encoding/hex"
 	"errors"
+	"sort"
 	"time"
 
 	"github.com/ephemask/services/internal/mailer"
@@ -300,6 +301,16 @@ func (s *Service) DeleteAccount(ctx context.Context, userID string) error {
 	return s.repo.DeleteUser(ctx, userID)
 }
 
+// LookupByEmail returns the user with the given email or nil if not found.
+func (s *Service) LookupByEmail(ctx context.Context, email string) (*UserRecord, error) {
+	return s.repo.GetUserByEmail(ctx, email)
+}
+
+// LookupByID returns the user with the given user_id or nil if not found.
+func (s *Service) LookupByID(ctx context.Context, userID string) (*UserRecord, error) {
+	return s.repo.GetUserByID(ctx, userID)
+}
+
 // SetTier updates a user's tier (for admin/webhook use).
 func (s *Service) SetTier(ctx context.Context, userID, tier string) error {
 	noAds := tier == TierPremium
@@ -354,6 +365,30 @@ func (s *Service) ClearWebhook(ctx context.Context, userID string) error {
 	return s.repo.ClearWebhook(ctx, userID)
 }
 
+// ListAllUsers returns a summary of every registered user, sorted by created
+// time (newest first). Intended for the admin dashboard only.
+func (s *Service) ListAllUsers(ctx context.Context) ([]AdminUserSummary, error) {
+	records, err := s.repo.ListUsers(ctx)
+	if err != nil {
+		return nil, err
+	}
+	out := make([]AdminUserSummary, 0, len(records))
+	for _, r := range records {
+		out = append(out, AdminUserSummary{
+			UserID:     r.UserID,
+			Email:      r.Email,
+			Tier:       r.Tier,
+			Role:       r.Role,
+			NoAds:      r.NoAds,
+			HasWebhook: r.WebhookURL != "",
+			CreatedAt:  r.CreatedAt,
+		})
+	}
+	// Newest first.
+	sort.Slice(out, func(i, j int) bool { return out[i].CreatedAt > out[j].CreatedAt })
+	return out, nil
+}
+
 // GetTTLForTier returns the TTL in seconds for the given tier.
 func GetTTLForTier(tier string) int64 {
 	if tier == TierPremium {
diff --git a/terraform/api_gateway.tf b/terraform/api_gateway.tf
index e44390c..e11e24a 100644
--- a/terraform/api_gateway.tf
+++ b/terraform/api_gateway.tf
@@ -91,6 +91,24 @@ resource "aws_apigatewayv2_route" "get_attachment" {
   target    = "integrations/${aws_apigatewayv2_integration.api.id}"
 }
 
+resource "aws_apigatewayv2_route" "get_inbox_shares" {
+  api_id    = aws_apigatewayv2_api.main.id
+  route_key = "GET /inbox/{address}/shares"
+  target    = "integrations/${aws_apigatewayv2_integration.api.id}"
+}
+
+resource "aws_apigatewayv2_route" "post_inbox_share" {
+  api_id    = aws_apigatewayv2_api.main.id
+  route_key = "POST /inbox/{address}/shares"
+  target    = "integrations/${aws_apigatewayv2_integration.api.id}"
+}
+
+resource "aws_apigatewayv2_route" "delete_inbox_share" {
+  api_id    = aws_apigatewayv2_api.main.id
+  route_key = "DELETE /inbox/{address}/shares/{userId}"
+  target    = "integrations/${aws_apigatewayv2_integration.api.id}"
+}
+
 resource "aws_apigatewayv2_route" "delete_inbox" {
   api_id    = aws_apigatewayv2_api.main.id
   route_key = "DELETE /inbox/{address}"
@@ -187,6 +205,36 @@ resource "aws_apigatewayv2_route" "post_user_email" {
   target    = "integrations/${aws_apigatewayv2_integration.api.id}"
 }
 
+resource "aws_apigatewayv2_route" "get_admin_stats" {
+  api_id    = aws_apigatewayv2_api.main.id
+  route_key = "GET /admin/stats"
+  target    = "integrations/${aws_apigatewayv2_integration.api.id}"
+}
+
+resource "aws_apigatewayv2_route" "get_admin_users" {
+  api_id    = aws_apigatewayv2_api.main.id
+  route_key = "GET /admin/users"
+  target    = "integrations/${aws_apigatewayv2_integration.api.id}"
+}
+
+resource "aws_apigatewayv2_route" "get_admin_templates" {
+  api_id    = aws_apigatewayv2_api.main.id
+  route_key = "GET /admin/templates"
+  target    = "integrations/${aws_apigatewayv2_integration.api.id}"
+}
+
+resource "aws_apigatewayv2_route" "post_admin_templates" {
+  api_id    = aws_apigatewayv2_api.main.id
+  route_key = "POST /admin/templates"
+  target    = "integrations/${aws_apigatewayv2_integration.api.id}"
+}
+
+resource "aws_apigatewayv2_route" "delete_admin_template" {
+  api_id    = aws_apigatewayv2_api.main.id
+  route_key = "DELETE /admin/templates/{id}"
+  target    = "integrations/${aws_apigatewayv2_integration.api.id}"
+}
+
 resource "aws_apigatewayv2_route" "post_admin_inbox" {
   api_id    = aws_apigatewayv2_api.main.id
   route_key = "POST /admin/inbox"