Domain Security Server
БесплатноНе проверенEnables AI agents to audit email and domain security (SPF, DKIM, DMARC, etc.) for any domain without requiring API keys.
Описание
Enables AI agents to audit email and domain security (SPF, DKIM, DMARC, etc.) for any domain without requiring API keys.
README
An MCP server that lets an AI agent audit the email and domain security of any domain — SPF, DKIM, DMARC, MTA-STS, TLS-RPT, BIMI, DNSSEC, DNS, TLS/SSL and WHOIS — in plain language. No API keys required.
Ask Claude "Is acme.com protected against email spoofing?" and it runs a full authentication audit and hands you a graded report with prioritised fixes — instead of you pasting a domain into five different web tools.
> Is ortamarco.me protected against email spoofing?
email_auth_audit(domain="ortamarco.me")
Grade: A (95/100) · MX: present
✅ SPF ends in '-all' (hard fail). 3/10 DNS lookups.
✅ DMARC policy is enforced ('p=reject').
✅ DKIM key found for selector: google.
Top recommendation: add a TLS-RPT record for delivery-failure reports.
Why this exists
The email-security ecosystem is full of single-purpose web checkers (SPF here, DMARC there, WHOIS somewhere else) and the few MCP equivalents are locked behind paid API tokens. This server brings the whole deliverability & domain-security toolkit to any MCP client, key-free, with one headline workflow tool that does the synthesis for you.
It is the agent-facing companion to the network tools at ortamarco.me and shares the same battle-tested core (public-resolver DNS, host validation, timeouts).
Tools
| Tool | What it does |
|---|---|
email_auth_audit ⭐ |
One-call SPF + DKIM + DMARC + MX audit → 0–100 score, A–F grade, prioritised fixes |
spf_check |
Parse SPF; recursively count DNS lookups vs the RFC 7208 limit of 10; flag +all/?all |
dmarc_check |
Parse DMARC policy (p, sp, rua, pct, aspf/adkim) with warnings |
dkim_check |
Probe <selector>._domainkey keys (supply selectors or use common ones) |
mta_sts_check |
Validate the _mta-sts TXT and the .well-known/mta-sts.txt policy + mode |
tls_rpt_check |
Check the _smtp._tls TLS-RPT record |
bimi_check |
Check the default._bimi BIMI record |
dnssec_check |
DS/DNSKEY presence + DNSSEC AD validation flag (via DoH) |
dns_lookup |
All record types (A/AAAA/CNAME/MX/NS/TXT/SOA) via public resolvers |
ssl_certificate |
TLS cert issuer, validity window, days-to-expiry, SANs, fingerprint |
whois_lookup |
Registrar, dates, name servers, status (raw port-43 WHOIS, IANA-resolved) |
reverse_dns |
PTR records for an IP |
ip_geolocation |
Offline IP geolocation + reverse DNS |
mx_lookup |
Mail servers (MX) with priority and resolved IPs |
caa_check |
Which CAs may issue TLS certificates (CAA records) |
blacklist_check |
IP/domain against open-access email DNSBLs |
dns_propagation |
Compare a record across 5 public resolvers worldwide |
analyze_email_headers |
Parse raw headers → SPF/DKIM/DMARC verdicts + Received hop chain with delays |
Every tool is read-only, declares an outputSchema and returns
structuredContent (validated by the SDK) alongside human-readable Markdown
(default) or JSON (response_format="json"), plus actionable error messages.
Install
git clone https://github.com/ortamarco/domain-security-mcp-server.git
cd domain-security-mcp-server
npm install
npm run build
Use it with Claude Code
claude mcp add domain-security -- node /absolute/path/to/domain-security-mcp-server/dist/index.js
Use it with Claude Desktop
Add to claude_desktop_config.json (see examples/):
{
"mcpServers": {
"domain-security": {
"command": "node",
"args": ["/absolute/path/to/domain-security-mcp-server/dist/index.js"]
}
}
}
Restart Claude Desktop, then ask: "Audit the email security of stripe.com."
Self-host (HTTP transport)
The same server speaks stateless Streamable HTTP for remote/multi-client use — handy behind a reverse proxy such as Coolify or Traefik.
TRANSPORT=http PORT=3000 npm start
# POST JSON-RPC to http://localhost:3000/mcp · health at /healthz
Or with Docker:
docker build -t domain-security-mcp .
docker run -p 3000:3000 -e TRANSPORT=http domain-security-mcp
Set ALLOWED_ORIGINS=https://your.app to enable Origin-based DNS-rebinding
protection (leave empty when a trusted proxy already restricts access).
Develop
npm run dev # tsx watch (stdio)
npm run inspect # open the MCP Inspector against the built server
npm run build # type-check + emit dist/
npm run smoke # call all 19 tools and validate structuredContent vs outputSchema
evals/ holds a 10-question LLM evaluation set (stable, verifiable) and instructions for running it — see evals/README.md.
How it works
src/
├── index.ts # transport selection (stdio | http)
├── server.ts # registers every tool on one McpServer
├── core/ # pure logic, no MCP coupling — reusable & testable
│ ├── dns.ts # public-resolver DNS + DoH client
│ ├── tls.ts # certificate inspection
│ ├── whois.ts # port-43 WHOIS with IANA/registrar referral
│ ├── http.ts # security-header grading
│ ├── geoip.ts # offline IP geolocation
│ └── email-auth.ts # SPF/DKIM/DMARC/MTA-STS/TLS-RPT/BIMI/DNSSEC + scoring
└── tools/ # thin MCP wrappers (Zod schemas, descriptions, formatting)
The core/ layer is deliberately free of any MCP types, so the exact same logic
powers both this server and the web tools on ortamarco.me.
License
MIT © Marco Orta
Установка Domain Security Server
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/OrtaMarco/domain-security-mcp-serverFAQ
Domain Security Server MCP бесплатный?
Да, Domain Security Server MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Domain Security Server?
Нет, Domain Security Server работает без API-ключей и переменных окружения.
Domain Security Server — hosted или self-hosted?
Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.
Как установить Domain Security Server в Claude Desktop, Claude Code или Cursor?
Открой Domain Security Server на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
Gmail
Read, send and search emails from Claude
автор: GoogleSlack
Send, search and summarize Slack messages
автор: SlackRunbear
No-code MCP client for team chat platforms, such as Slack, Microsoft Teams, and Discord.
Discord Server
A community discord server dedicated to MCP by [Frank Fiegel](https://github.com/punkpeye)
Compare Domain Security Server with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории communication
