
PowerDMARC MCP
from mambalabsdev
Connect Claude, Cursor, or any MCP-compatible AI to your PowerDMARC account. Query DMARC reports, manage domains, run DNS lookups, and fix email authentication issues in plain English.
powerdmarcmcp/powerdmarc-mcp
By powerdmarcmcp
•Updated 9 days ago
Remote MCP server bridging AI clients with the PowerDMARC email authentication Platform
Image
1
264
OverviewTags
powerdmarcmcp/powerdmarc-mcp repository overview
PowerDMARC MCP
A self-hosted MCP server that bridges AI clients with the PowerDMARC email security API via the Model Context Protocol. It exposes 30+ tools covering DMARC/SPF/DKIM reporting, domain management, DNS lookups, and MSSP operations.
Quick Start
Pull and run the pre-built image from Docker Hub:
docker run -d \
--name powerdmarc-mcp \
-e MCP_PUBLIC_URL="your-server-domain.com" \
-p 3001:3001 \
-v powerdmarc_data:/app/data \
powerdmarcmcp/powerdmarc-mcp:1.0.0
Copy
The server starts on http://localhost:3001. SQLite data is persisted in the powerdmarc_data volume.
Verify it's running
curl http://localhost:3001/health
Copy
Environment Variables
Variable Required Default Description MCP_PUBLIC_URL Recommended mcp-dmarc.com Public hostname of this MCP server — used in OAuth WWW-Authenticate headers PLATFORM_BASE_URL No https://app.powerdmarc.com PowerDMARC API base URL for end-user accounts PLATFORM_MSSP_BASE_URL No falls back to PLATFORM_BASE_URL PowerDMARC API base URL for MSSP accounts DATABASE_URL No file:/app/data/dev.db SQLite path (or a postgres:// URL for production) PORT No 3001 HTTP port METRICS_TOKEN No — Secret required in X-Metrics-Token header for POST /metrics (min 32 chars). Generate: openssl rand -hex 32 ALLOWED_ORIGINS No https://claude.ai,... Comma-separated CORS allowed origins RATE_LIMIT_MAX No 60 Max requests per window per client RATE_LIMIT_WINDOW_MS No 60000 Rate limit window in milliseconds BLOCKLIST_ENABLED No false Enable token revocation blocklist LOG_LEVEL No info Pino log level (fatal/error/warn/info/debug/trace)
Connecting AI Clients
All clients connect to the /mcp endpoint using a Bearer token obtained via OAuth from app.powerdmarc.com. The server handles OAuth Dynamic Client Registration at /register.
Claude Code (CLI)
claude mcp add powerdmarc \
--transport http \
--url http://localhost:3001/mcp \
--header "Authorization: Bearer "
Copy
Or via ~/.claude/claude_code_config.json:
{
"mcpServers": {
"powerdmarc": {
"type": "http",
"url": "http://localhost:3001/mcp",
"headers": {
"Authorization": "Bearer "
}
}
}
}
Copy
Claude Desktop Claude Desktop uses stdio transport. Bridge it to the HTTP server via the MCP proxy:
{
"mcpServers": {
"powerdmarc": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/server-proxy",
"http://localhost:3001/mcp"
]
}
}
}
Copy
Config file locations:
-
macOS:
~/Library/Application Support/Claude/claude_desktop_config.json -
Windows:
%APPDATA%\Claude\claude_desktop_config.json
VS Code (GitHub Copilot Agent Mode)
Create .vscode/mcp.json in your workspace:
{
"servers": {
"powerdmarc": {
"type": "http",
"url": "http://localhost:3001/mcp",
"headers": {
"Authorization": "Bearer "
}
}
}
}
Copy
Cursor
Edit ~/.cursor/mcp.json:
{
"mcpServers": {
"powerdmarc": {
"url": "http://localhost:3001/mcp",
"headers": {
"Authorization": "Bearer "
}
}
}
}
Copy
Windsurf
Edit ~/.codeium/windsurf/mcp_config.json:
{
"mcpServers": {
"powerdmarc": {
"serverUrl": "http://localhost:3001/mcp",
"headers": {
"Authorization": "Bearer "
}
}
}
}
Copy
Available Tools
DMARC Reports
Tool Description dmarc_aggregate_detailed_stats Detailed aggregate stats for a date range dmarc_aggregate_per_country Aggregate data grouped by country dmarc_aggregate_per_host Aggregate data per sending host dmarc_aggregate_per_org Aggregate data per reporting organization dmarc_aggregate_per_result Aggregate data grouped by pass/fail result dmarc_aggregate_per_sending_source Aggregate data per source IP dmarc_forensic_data Forensic (RUF) failure reports
Domain Management
Tool Description list_domains List all registered domains get_domain Details for a specific domain create_domain Register a new domain delete_domain Remove a domain
Hosted Records
Tool Description get_hosted_dmarc Hosted DMARC record for a domain get_hosted_spf Hosted SPF record for a domain get_dkim_selectors DKIM selectors for a domain get_hosted_bimi Hosted BIMI record get_mta_sts_policy MTA-STS policy
Analytics
Tool Description domain_health Health score and authentication status mail_volume_history Historical mail volume dkim_analytics DKIM analytics for a domain
DNS & Power Tools
Tool Description dns_lookup Look up any DNS record type (DMARC, SPF, DKIM, MX, A, AAAA, CNAME, TXT, NS, SOA, CAA, PTR, MTA-STS) dns_lookup_app DNS lookup via PowerDMARC platform whois_lookup WHOIS registration info generate_dmarc_record Generate a DMARC TXT record generate_spf_record Generate an SPF TXT record generate_dkim_record Generate a DKIM public key record domain_analyzer Full domain email security analysis dmarc_charts_app DMARC chart data
Audit & MSSP
Tool Description get_audit_logs Retrieve platform audit logs mssp_list_accounts List all MSSP customer sub-accounts mssp_list_members List MSSP sub-account users mssp_create_member Create a user in an MSSP sub-account mssp_delete_member Delete a user from an MSSP sub-account mssp_domain_groups List MSSP domain groups
Endpoints
Path Method Description /mcp POST MCP StreamableHTTP transport — main entry point for AI clients /health GET Liveness probe /metrics POST Prometheus metrics (requires X-Metrics-Token header) /register POST OAuth Dynamic Client Registration (proxies to PowerDMARC)
Privacy Policy
PowerDMARC is committed to protecting your privacy.
Data collection: The MCP server acts as a proxy between AI clients and the PowerDMARC API. It does not collect, store, or log any email content or DMARC report data beyond what is required to fulfill each individual API request. Structured request/response logs (without sensitive payload contents) may be retained for up to 30 days for debugging purposes.
Data usage and storage: API tokens provided by users are used solely to authenticate requests to the PowerDMARC API on the user's behalf. Tokens are never stored in plaintext beyond the lifetime of a single request session. A token blocklist (hashed identifiers only) is maintained in the server database to prevent use of revoked credentials.
Third-party sharing: No user data, API tokens, or DMARC report contents are shared with any third party. The only outbound connections made by the MCP server are to the PowerDMARC API endpoints configured by the operator.
Data retention: Request logs are retained for a maximum of 30 days and then purged automatically. The token blocklist retains hashed token identifiers indefinitely to prevent reuse of revoked keys.
Contact: For privacy-related questions or data removal requests, contact [email protected] or visit https://powerdmarc.com/privacy-policy/.
Tag summary
latest
Content type
Image
Digest
sha256:a7759a646…
Size
169 MB
Last updated
9 days ago
docker pull powerdmarcmcp/powerdmarc-mcp
Copy
docker run -d \
--name powerdmarc-mcp \
-e MCP_PUBLIC_URL="your-server-domain.com" \
-p 3001:3001 \
-v powerdmarc_data:/app/data \
powerdmarcmcp/powerdmarc-mcp:1.0.0No common issues documented yet. If you hit a problem, the repository's GitHub Issues page is the best place to look.