Labsco
mambalabsdev logo

PowerDMARC MCP

from mambalabsdev

Connect Claude, Cursor, or any MCP-compatible AI to your PowerDMARC account. Query DMARC reports, manage domains, run DNS lookups, and fix email authentication issues in plain English.

🔥🔥🔥✓ VerifiedFreeAdvanced setup

powerdmarcmcp/powerdmarc-mcp

By powerdmarcmcp

•Updated 9 days ago

Remote MCP server bridging AI clients with the PowerDMARC email authentication Platform

Image

1

264

OverviewTags

powerdmarcmcp/powerdmarc-mcp repository overview

⁠PowerDMARC MCP

A self-hosted MCP server that bridges AI clients with the PowerDMARC⁠ email security API via the Model Context Protocol. It exposes 30+ tools covering DMARC/SPF/DKIM reporting, domain management, DNS lookups, and MSSP operations.

⁠Quick Start

Pull and run the pre-built image from Docker Hub:

docker run -d \
 --name powerdmarc-mcp \
 -e MCP_PUBLIC_URL="your-server-domain.com" \
 -p 3001:3001 \
 -v powerdmarc_data:/app/data \
 powerdmarcmcp/powerdmarc-mcp:1.0.0

Copy

The server starts on http://localhost:3001⁠. SQLite data is persisted in the powerdmarc_data volume.

⁠Verify it's running

curl http://localhost:3001/health

Copy

⁠Environment Variables

Variable Required Default Description MCP_PUBLIC_URL Recommended mcp-dmarc.com Public hostname of this MCP server — used in OAuth WWW-Authenticate headers PLATFORM_BASE_URL No https://app.powerdmarc.com PowerDMARC API base URL for end-user accounts PLATFORM_MSSP_BASE_URL No falls back to PLATFORM_BASE_URL PowerDMARC API base URL for MSSP accounts DATABASE_URL No file:/app/data/dev.db SQLite path (or a postgres:// URL for production) PORT No 3001 HTTP port METRICS_TOKEN No — Secret required in X-Metrics-Token header for POST /metrics (min 32 chars). Generate: openssl rand -hex 32 ALLOWED_ORIGINS No https://claude.ai,... Comma-separated CORS allowed origins RATE_LIMIT_MAX No 60 Max requests per window per client RATE_LIMIT_WINDOW_MS No 60000 Rate limit window in milliseconds BLOCKLIST_ENABLED No false Enable token revocation blocklist LOG_LEVEL No info Pino log level (fatal/error/warn/info/debug/trace)

⁠Connecting AI Clients

All clients connect to the /mcp endpoint using a Bearer token obtained via OAuth from app.powerdmarc.com⁠. The server handles OAuth Dynamic Client Registration at /register.

⁠Claude Code (CLI)

claude mcp add powerdmarc \
 --transport http \
 --url http://localhost:3001/mcp \
 --header "Authorization: Bearer "

Copy

Or via ~/.claude/claude_code_config.json:

{
 "mcpServers": {
 "powerdmarc": {
 "type": "http",
 "url": "http://localhost:3001/mcp",
 "headers": {
 "Authorization": "Bearer "
 }
 }
 }
}

Copy

⁠Claude Desktop Claude Desktop uses stdio transport. Bridge it to the HTTP server via the MCP proxy:

{
 "mcpServers": {
 "powerdmarc": {
 "command": "npx",
 "args": [
 "-y",
 "@modelcontextprotocol/server-proxy",
 "http://localhost:3001/mcp"
 ]
 }
 }
}

Copy

Config file locations:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json

  • Windows: %APPDATA%\Claude\claude_desktop_config.json

⁠VS Code (GitHub Copilot Agent Mode) Create .vscode/mcp.json in your workspace:

{
 "servers": {
 "powerdmarc": {
 "type": "http",
 "url": "http://localhost:3001/mcp",
 "headers": {
 "Authorization": "Bearer "
 }
 }
 }
}

Copy

⁠Cursor Edit ~/.cursor/mcp.json:

{
 "mcpServers": {
 "powerdmarc": {
 "url": "http://localhost:3001/mcp",
 "headers": {
 "Authorization": "Bearer "
 }
 }
 }
}

Copy

⁠Windsurf Edit ~/.codeium/windsurf/mcp_config.json:

{
 "mcpServers": {
 "powerdmarc": {
 "serverUrl": "http://localhost:3001/mcp",
 "headers": {
 "Authorization": "Bearer "
 }
 }
 }
}

Copy

⁠Available Tools

⁠DMARC Reports

Tool Description dmarc_aggregate_detailed_stats Detailed aggregate stats for a date range dmarc_aggregate_per_country Aggregate data grouped by country dmarc_aggregate_per_host Aggregate data per sending host dmarc_aggregate_per_org Aggregate data per reporting organization dmarc_aggregate_per_result Aggregate data grouped by pass/fail result dmarc_aggregate_per_sending_source Aggregate data per source IP dmarc_forensic_data Forensic (RUF) failure reports

⁠Domain Management

Tool Description list_domains List all registered domains get_domain Details for a specific domain create_domain Register a new domain delete_domain Remove a domain

⁠Hosted Records

Tool Description get_hosted_dmarc Hosted DMARC record for a domain get_hosted_spf Hosted SPF record for a domain get_dkim_selectors DKIM selectors for a domain get_hosted_bimi Hosted BIMI record get_mta_sts_policy MTA-STS policy

⁠Analytics

Tool Description domain_health Health score and authentication status mail_volume_history Historical mail volume dkim_analytics DKIM analytics for a domain

⁠DNS & Power Tools

Tool Description dns_lookup Look up any DNS record type (DMARC, SPF, DKIM, MX, A, AAAA, CNAME, TXT, NS, SOA, CAA, PTR, MTA-STS) dns_lookup_app DNS lookup via PowerDMARC platform whois_lookup WHOIS registration info generate_dmarc_record Generate a DMARC TXT record generate_spf_record Generate an SPF TXT record generate_dkim_record Generate a DKIM public key record domain_analyzer Full domain email security analysis dmarc_charts_app DMARC chart data

⁠Audit & MSSP

Tool Description get_audit_logs Retrieve platform audit logs mssp_list_accounts List all MSSP customer sub-accounts mssp_list_members List MSSP sub-account users mssp_create_member Create a user in an MSSP sub-account mssp_delete_member Delete a user from an MSSP sub-account mssp_domain_groups List MSSP domain groups

⁠Endpoints

Path Method Description /mcp POST MCP StreamableHTTP transport — main entry point for AI clients /health GET Liveness probe /metrics POST Prometheus metrics (requires X-Metrics-Token header) /register POST OAuth Dynamic Client Registration (proxies to PowerDMARC)

⁠Privacy Policy

PowerDMARC is committed to protecting your privacy.

Data collection: The MCP server acts as a proxy between AI clients and the PowerDMARC API. It does not collect, store, or log any email content or DMARC report data beyond what is required to fulfill each individual API request. Structured request/response logs (without sensitive payload contents) may be retained for up to 30 days for debugging purposes.

Data usage and storage: API tokens provided by users are used solely to authenticate requests to the PowerDMARC API on the user's behalf. Tokens are never stored in plaintext beyond the lifetime of a single request session. A token blocklist (hashed identifiers only) is maintained in the server database to prevent use of revoked credentials.

Third-party sharing: No user data, API tokens, or DMARC report contents are shared with any third party. The only outbound connections made by the MCP server are to the PowerDMARC API endpoints configured by the operator.

Data retention: Request logs are retained for a maximum of 30 days and then purged automatically. The token blocklist retains hashed token identifiers indefinitely to prevent reuse of revoked keys.

Contact: For privacy-related questions or data removal requests, contact [email protected]⁠ or visit https://powerdmarc.com/privacy-policy/⁠.

Tag summary

latest

Content type

Image

Digest

sha256:a7759a646…

Size

169 MB

Last updated

9 days ago

docker pull powerdmarcmcp/powerdmarc-mcp

Copy