DMARCify
Developers

MCP server

Give agent clients a direct, scoped interface to DMARCify organisations, child tenants, domains, reports, sending sources and DNS providers.

Overview

The MCP endpoint is available at https://app.dmarcify.dev/mcp using Streamable HTTP and JSON-RPC. It uses the same organisation-scoped bearer tokens as the REST API.

curl https://app.dmarcify.dev/mcp

Connect

Create an API token in Settings → API tokens. Use a read token for reporting-only agents, or a read/write token when the agent should create child tenants, add domains, connect providers or publish provider-backed DMARC records.

{
  "mcpServers": {
    "dmarcify": {
      "url": "https://app.dmarcify.dev/mcp",
      "headers": {
        "Authorization": "Bearer dm_live_..."
      }
    }
  }
}

Organization tools

list_organizationsscope: read

List the token organisation and direct child organisations with branding state.

get_organizationscope: read

Fetch the token organisation or one direct child organisation.

create_organizationscope: write

Create a child tenant under the token organisation. Requires Agency tier.

update_organizationscope: write

Rename an organisation or update Agency branding where branding is not locked.

Domain tools

list_domainsscope: read

List domains with policy, status, rua mailbox and tags.

get_domainscope: read

Fetch one domain and refresh its cached DMARC DNS lookup.

add_domainscope: write

Add a domain to the token organisation. Idempotent on fqdn.

delete_domainscope: write

Remove a domain from the token organisation.

recheck_domainscope: write

Force a fresh DMARC DNS lookup, sharing the REST/dashboard one-per-hour limit.

Report tools

get_summaryscope: read

Read aggregate volume, pass/fail and alignment stats for a range.

get_sourcesscope: read

Inspect top sending IPs with PTR, ASN, country and sender classification.

get_reportsscope: read

List recent DMARC aggregate report metadata.

Provider tools

list_providersscope: read

List connected DNS providers and management scope.

get_providerscope: read

Fetch one connected DNS provider.

discover_provider_zonesscope: write

Validate unsaved credentials and list provider zones.

create_providerscope: write

Connect a provider, optionally discover zones and onboard domains.

update_provider_managementscope: write

Change provider domain scope and automatic-management settings.

rename_providerscope: write

Rename a connected DNS provider.

refresh_provider_zonesscope: write

Refresh cached zones from the upstream provider.

test_providerscope: write

Run a provider connection test.

configure_provider_dmarcscope: write

Publish a DMARC TXT record through an enabled provider.

delete_providerscope: write

Delete a connected provider and encrypted secret.

Security

MCP calls are org-scoped by the bearer token. Secrets passed to provider tools are encrypted by the integrations worker and are never returned by read tools. Keep provider-creation tools behind write-scoped tokens and rotate tokens from the dashboard when an agent environment changes.

Provider tools can change DNS records. Use read-only tokens for diagnostic agents and write tokens only where automated remediation is intended.

Wire DMARC into your agent workflows.

Use the MCP endpoint for diagnostics and the REST API when you need direct HTTP automation.

Start monitoringSee pricing
One DNS record · 60 seconds to set up