Domain Security

19 tools. 0 can modify or destroy data without limits.

Read-only server. Low risk, but rate limits prevent runaway API costs.

Last updated:

0 can modify or destroy data
19 read-only
19 tools total

Community server · catalogue entry verified 02/07/2026

How to control Domain Security ↓

What Domain Security exposes to your agents

Read (19) Write / Execute (0) Destructive / Financial (0)

What can go wrong

Even read-only tools carry cost. An agent in a retry loop can make thousands of API calls per minute, exhausting rate limits and running up bills.

How to control Domain Security

PolicyLayer is an MCP gateway — it sits between your AI agents and Domain Security, and nothing reaches the server without passing your rules. These are the rules we recommend:

Cap read operations
{
  "analyze_email_headers": {
    "limits": [
      {
        "counter": "analyze_email_headers_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Domain Security — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON DOMAIN SECURITY →

Instant setup, no code required.

All 19 Domain Security tools

READ 19 tools
Read analyze_email_headers Parse raw email headers and report the SPF/DKIM/DMARC verdicts (from Authentication-Results), key fields (From Read bimi_check Check a domain Read blacklist_check Check whether an IPv4 address (or a domain Read caa_check Check a domain Read dkim_check Look up DKIM public keys at <selector>._domainkey.<domain>. Because DKIM selectors are arbitrary and undiscove Read dmarc_check Fetch and parse a domain Read dns_lookup Resolve all common DNS record types (A, AAAA, CNAME, MX, NS, TXT, SOA) for a domain in one call, using public Read dns_propagation Compare a domain Read dnssec_check Check whether a domain is protected by DNSSEC. Queries DS and DNSKEY records over DNS-over-HTTPS and reads the Read email_auth_audit Headline tool. Audits a domain Read http_security_headers Fetch a URL and grade its HTTP security headers (HSTS, Content-Security-Policy, X-Content-Type-Options, X-Fram Read ip_geolocation Geolocate an IP address (country, region, city, coordinates, time zone) using an offline database, plus its re Read mta_sts_check Check a domain Read mx_lookup Look up a domain Read reverse_dns Resolve the PTR (reverse DNS) records for an IP address — the hostname(s) the IP maps back to. Args: - ip ( Read spf_check Fetch and analyse a domain Read ssl_certificate Inspect the TLS certificate served by a host: issuer, subject, validity window, days-until-expiry, SANs, seria Read tls_rpt_check Check a domain Read whois_lookup Look up domain registration data over the raw WHOIS protocol (port 43): registrar, creation/update/expiry date

Questions about Domain Security

Is the Domain Security MCP server safe to use without restrictions? +

The Domain Security server is primarily read-only with 19 read tools. While it cannot modify data, an agent in a retry loop can make thousands of API calls per minute, exhausting rate limits and running up costs. Rate limiting is still recommended.

How many tools does the Domain Security MCP server expose? +

19 tools across 1 categories: Read. 19 are read-only. 0 can modify, create, or delete data.

How do I enforce a policy on Domain Security? +

Register the Domain Security MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Domain Security tool call.

Deterministic rules across all 19 Domain Security tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

19 Domain Security tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.