Skip to main content
mcpSource-backed

Resend MCP Server for Claude

Official Resend MCP server for giving Claude and other MCP clients controlled access to email sending, received email, contacts, broadcasts, domains, segments, topics, API keys, and webhooks through stdio or Streamable HTTP.

by Resend · submitted by oktofeesh1·added 2026-06-04·
Review first review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://resend.com/docs/mcp-server, https://github.com/resend/resend-mcp, https://resend.com
Safety notes
Resend MCP is an executable npm package launched with `npx`, not a HeyClaude-hosted package. Review the official repository and npm package metadata before running it in privileged environments., The server can send, schedule, update, cancel, and batch send emails when the configured API key allows it. Treat every outbound email as a production write unless you are using a controlled test recipient., Tools can manage contacts, segments, topics, broadcasts, domains, webhooks, contact properties, API keys, and received emails. Do not expose broad account-management tools to an autonomous agent without human review., Do not paste real `re_` API keys into prompts, issue comments, screenshots, public MCP configs, shell history, or committed files. Use environment variables or your client's secret handling., For stdio mode, the docs use `RESEND_API_KEY` in the launched process environment. For HTTP mode, each client authenticates with a Bearer token in the `Authorization` header., If reproducibility matters, pin the npm package version after checking the current Resend docs and release metadata instead of relying on the latest `npx -y resend-mcp` package., Attachments can be provided from local paths, URLs, or base64 content. Do not allow the assistant to attach arbitrary local files or downloaded content without reviewing file path, size, type, and recipient., Domain, tracking, TLS, webhook, API-key, and audience changes can affect deliverability, compliance, and production email behavior. Require explicit human approval for those operations.
Privacy notes
Tool results and prompts can expose email addresses, names, recipient lists, message bodies, subject lines, attachments, contact properties, segments, topics, unsubscribe state, domain names, webhook URLs, logs, and inbound email content., Received emails and attachments can include customer support requests, order confirmations, account details, personal data, credentials, invoices, contracts, or regulated information., Outbound email drafts can leak private customer data if generated from tickets, Slack messages, databases, logs, or other MCP servers without a data-sharing review., MCP client transcripts, terminal logs, debug output, shell history, AI provider logs, screenshots, and issue reports may retain email content or recipient data outside Resend's access controls., Keep marketing audiences, segments, broadcast lists, custom properties, and suppression/unsubscribe data out of prompts unless the workflow owner approved the data handling., Use synthetic recipients, test domains, and non-production content for demos, screenshots, validation, and AI-assisted troubleshooting.
Author
Resend
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-04

Decision playbook

Review trust signals before you adopt

Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.

Compare context
Selected

0

Current score

78

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as source-backed.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Needs review

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    No package verification flag provided.

    Pending
  • Checksum metadata

    No checksum provided for downloaded artifact.

    Pending

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

CLI install

Copy-ready — paste the snippet to get started.

15 minutes

Adoption plan

Balanced adoption plan

Current risk score 16/100. Use staged verification before broader rollout.

Risk 16

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    No package verification/checksum metadata.

    Pending

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (5/6 signals complete).

Risk 15

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Missing

Package integrity metadata is missing.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

5/6 steps complete with no blocking gaps for this preset.

Risk 14

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is missing.

Pending

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

7 prerequisites to line up before setup. Have accounts and credentials ready first.

0/7 ready
Account & credentials4Install & runtime1General215 minutes

Safety & privacy surface

Safety & privacy surface

8 safety and 6 privacy notes across 5 risk areas. Review closely: credentials & tokens, permissions & scopes, network access.

5 areas
  • SafetyExecution & processesResend MCP is an executable npm package launched with `npx`, not a HeyClaude-hosted package. Review the official repository and npm package metadata before running it in privileged environments.
  • SafetyCredentials & tokensThe server can send, schedule, update, cancel, and batch send emails when the configured API key allows it. Treat every outbound email as a production write unless you are using a controlled test recipient.
  • SafetyCredentials & tokensTools can manage contacts, segments, topics, broadcasts, domains, webhooks, contact properties, API keys, and received emails. Do not expose broad account-management tools to an autonomous agent without human review.
  • SafetyCredentials & tokensDo not paste real `re_` API keys into prompts, issue comments, screenshots, public MCP configs, shell history, or committed files. Use environment variables or your client's secret handling.
  • SafetyCredentials & tokensFor stdio mode, the docs use `RESEND_API_KEY` in the launched process environment. For HTTP mode, each client authenticates with a Bearer token in the `Authorization` header.
  • SafetyGeneralIf reproducibility matters, pin the npm package version after checking the current Resend docs and release metadata instead of relying on the latest `npx -y resend-mcp` package.
  • SafetyNetwork accessAttachments can be provided from local paths, URLs, or base64 content. Do not allow the assistant to attach arbitrary local files or downloaded content without reviewing file path, size, type, and recipient.
  • SafetyCredentials & tokensDomain, tracking, TLS, webhook, API-key, and audience changes can affect deliverability, compliance, and production email behavior. Require explicit human approval for those operations.
  • PrivacyNetwork accessTool results and prompts can expose email addresses, names, recipient lists, message bodies, subject lines, attachments, contact properties, segments, topics, unsubscribe state, domain names, webhook URLs, logs, and inbound email content.
  • PrivacyCredentials & tokensReceived emails and attachments can include customer support requests, order confirmations, account details, personal data, credentials, invoices, contracts, or regulated information.
  • PrivacyNetwork accessOutbound email drafts can leak private customer data if generated from tickets, Slack messages, databases, logs, or other MCP servers without a data-sharing review.
  • PrivacyPermissions & scopesMCP client transcripts, terminal logs, debug output, shell history, AI provider logs, screenshots, and issue reports may retain email content or recipient data outside Resend's access controls.
  • PrivacyGeneralKeep marketing audiences, segments, broadcast lists, custom properties, and suppression/unsubscribe data out of prompts unless the workflow owner approved the data handling.
  • PrivacyGeneralUse synthetic recipients, test domains, and non-production content for demos, screenshots, validation, and AI-assisted troubleshooting.

Safety notes

  • Resend MCP is an executable npm package launched with `npx`, not a HeyClaude-hosted package. Review the official repository and npm package metadata before running it in privileged environments.
  • The server can send, schedule, update, cancel, and batch send emails when the configured API key allows it. Treat every outbound email as a production write unless you are using a controlled test recipient.
  • Tools can manage contacts, segments, topics, broadcasts, domains, webhooks, contact properties, API keys, and received emails. Do not expose broad account-management tools to an autonomous agent without human review.
  • Do not paste real `re_` API keys into prompts, issue comments, screenshots, public MCP configs, shell history, or committed files. Use environment variables or your client's secret handling.
  • For stdio mode, the docs use `RESEND_API_KEY` in the launched process environment. For HTTP mode, each client authenticates with a Bearer token in the `Authorization` header.
  • If reproducibility matters, pin the npm package version after checking the current Resend docs and release metadata instead of relying on the latest `npx -y resend-mcp` package.
  • Attachments can be provided from local paths, URLs, or base64 content. Do not allow the assistant to attach arbitrary local files or downloaded content without reviewing file path, size, type, and recipient.
  • Domain, tracking, TLS, webhook, API-key, and audience changes can affect deliverability, compliance, and production email behavior. Require explicit human approval for those operations.

Privacy notes

  • Tool results and prompts can expose email addresses, names, recipient lists, message bodies, subject lines, attachments, contact properties, segments, topics, unsubscribe state, domain names, webhook URLs, logs, and inbound email content.
  • Received emails and attachments can include customer support requests, order confirmations, account details, personal data, credentials, invoices, contracts, or regulated information.
  • Outbound email drafts can leak private customer data if generated from tickets, Slack messages, databases, logs, or other MCP servers without a data-sharing review.
  • MCP client transcripts, terminal logs, debug output, shell history, AI provider logs, screenshots, and issue reports may retain email content or recipient data outside Resend's access controls.
  • Keep marketing audiences, segments, broadcast lists, custom properties, and suppression/unsubscribe data out of prompts unless the workflow owner approved the data handling.
  • Use synthetic recipients, test domains, and non-production content for demos, screenshots, validation, and AI-assisted troubleshooting.

Prerequisites

  • Resend account with permission to create API keys and access the email resources the assistant should manage.
  • Verified sending domain or subdomain for production email workflows.
  • Resend API key scoped to the least privilege that covers the intended MCP tools.
  • MCP-capable client such as Claude Code, Codex, Cursor, Claude Desktop, Copilot, Gemini CLI, OpenCode, Windsurf, Devin, or another compatible client.
  • Sender address, reply-to address, topic/subscription policy, and audience-management rules before enabling contact, broadcast, or campaign workflows.
  • Human approval policy for sending email, batch email, broadcasts, contact changes, domain configuration, API-key changes, webhook changes, and attachment handling.
  • Test recipients, sandbox workflows, or non-production domains for validation before sending to real customers.

Schema details

Install type
cli
Troubleshooting
Yes
Source repository stats
Scope
Source repo
Collection metadata
Estimated setup
15 minutes
Difficulty
intermediate
Tool listing metadata
Full copyable content
{
  "mcpServers": {
    "resend": {
      "command": "npx",
      "args": ["-y", "resend-mcp"],
      "env": {
        "RESEND_API_KEY": "re_xxxxxxxxx"
      }
    }
  }
}

About this resource

Content

Resend MCP Server is Resend's official Model Context Protocol server for connecting AI clients to Resend email infrastructure. It lets Claude and other MCP-capable tools send email, inspect received messages, manage contacts, create and schedule broadcasts, configure domains, manage segments and topics, handle contact properties, work with API keys, and manage webhooks through a single MCP integration.

The Resend docs describe two supported transport modes:

  • Stdio transport, launched locally with npx -y resend-mcp.
  • Streamable HTTP transport, started locally with npx -y resend-mcp --http and exposed at /mcp.

Start with stdio transport and a narrow Resend API key for local assistant workflows. Use HTTP mode only when you have reviewed how clients will pass Bearer tokens, where the local server listens, and who can reach it.

Source Review

These sources were reviewed on 2026-06-04. Prefer the live Resend docs and official repository over model memory for supported clients, transport modes, tool coverage, package commands, environment variables, HTTP headers, and local development instructions.

Features

  • Official Resend MCP server published by Resend.
  • Local stdio transport using npx -y resend-mcp.
  • Streamable HTTP mode using npx -y resend-mcp --http --port 3000.
  • Streamable HTTP endpoint exposed at /mcp on the configured local port in documented HTTP mode.
  • Stdio support for Claude Code, Codex, Cursor, Claude Desktop, Copilot, Gemini CLI, OpenCode, Windsurf, Devin, and other MCP clients.
  • Email tools for sending, listing, retrieving, cancelling, updating, and batch sending messages.
  • Email support for HTML, plain text, attachments, CC, BCC, reply-to, scheduling, tags, and topic-based sending.
  • Received email tools for listing and reading inbound email and downloading received email attachments.
  • Contact, segment, topic, and contact-property tools for audience management.
  • Broadcast tools for creating, sending, scheduling, listing, updating, and removing campaigns.
  • Domain tools for creating, listing, verifying, updating, and removing sender domains, plus tracking and TLS configuration.
  • API-key and webhook tools for managing integration credentials and event notifications when the configured Resend key allows it.

Use Cases

  • Draft and send transactional emails from a controlled sender after a human approves recipients, subject, body, and attachments.
  • Ask Claude to inspect delivery state or retrieve a known sent email by ID during support triage.
  • Process inbound support or notification emails in a limited mailbox workflow.
  • Create a draft broadcast campaign from approved copy and wait for human review before sending or scheduling.
  • Update contacts, segments, or topics for a tightly scoped audience operation.
  • Verify a domain or review sending-domain configuration before a launch.
  • Create or update Resend webhooks after a human confirms the target endpoint, events, and signing/verification plan.

Installation

Claude Code

Create a Resend API key with the minimum permissions needed, then add the MCP server with stdio transport:

claude mcp add resend -e RESEND_API_KEY=re_xxxxxxxxx -- npx -y resend-mcp

Optionally provide a default sender from a verified domain:

claude mcp add resend -e RESEND_API_KEY=re_xxxxxxxxx -e SENDER_EMAIL_ADDRESS=updates@example.com -- npx -y resend-mcp

Confirm the server is available before asking Claude to send anything:

claude mcp list

Codex

Add the stdio server with an environment variable:

codex mcp add resend \
  --env RESEND_API_KEY=re_xxxxxxxxx \
  -- npx -y resend-mcp

Claude Desktop or Cursor

Use the documented local stdio shape:

{
  "mcpServers": {
    "resend": {
      "command": "npx",
      "args": ["-y", "resend-mcp"],
      "env": {
        "RESEND_API_KEY": "re_xxxxxxxxx"
      }
    }
  }
}

Streamable HTTP

Start the local HTTP server:

npx -y resend-mcp --http --port 3000

Connect a supported client to the local /mcp endpoint with a Bearer token using that client's configuration UI. Only expose this local HTTP endpoint to trusted clients. Do not bind it to a public interface or tunnel it without a security review.

Configuration

Basic stdio config:

{
  "mcpServers": {
    "resend": {
      "command": "npx",
      "args": ["-y", "resend-mcp"],
      "env": {
        "RESEND_API_KEY": "re_xxxxxxxxx"
      }
    }
  }
}

With default sender and reply-to values:

{
  "mcpServers": {
    "resend": {
      "command": "npx",
      "args": ["-y", "resend-mcp"],
      "env": {
        "RESEND_API_KEY": "re_xxxxxxxxx",
        "SENDER_EMAIL_ADDRESS": "updates@example.com",
        "REPLY_TO_EMAIL_ADDRESSES": "support@example.com"
      }
    }
  }
}

The docs also list command-line options:

  • --key for stdio API key configuration.
  • --sender for a default sender address.
  • --reply-to for default reply-to addresses.
  • --http to use Streamable HTTP transport.
  • --port for the HTTP port.

Security And Privacy Review

  • Start with a narrowly scoped Resend API key and rotate it if it appears in a prompt, shell history, screenshot, transcript, or repository file.
  • Prefer a verified subdomain for agent-driven workflows so deliverability and reputation are isolated from primary mail domains.
  • Require draft-first workflows for real recipients. The assistant should show recipients, subject, body, sender, reply-to, tags, schedule, and attachments before any send call.
  • Treat broadcasts, contact updates, segment changes, topic changes, domain changes, API-key changes, and webhook changes as production configuration writes.
  • Never let the assistant attach arbitrary local files. Review attachment paths, URLs, sizes, MIME types, and customer data before sending.
  • Keep unsubscribe, topic, audience, and suppression data consistent with the product's email policy and consent records.
  • Do not combine Resend MCP with broad Slack, database, filesystem, browser, or ticketing MCP access unless the data flow from source system to outbound email has been reviewed.

Troubleshooting

  • Authentication fails: confirm the API key is valid, not revoked, and available to the launched process as RESEND_API_KEY or to HTTP clients as a Bearer token.
  • Sender is rejected: verify the sending domain or subdomain in Resend and confirm the from address matches that domain.
  • Email reaches the wrong recipient: stop the workflow, rotate any exposed test data, and require explicit recipient review before retrying.
  • HTTP client cannot connect: verify resend-mcp --http is running, listening on the expected port, and that the client URL ends in /mcp.
  • Attachment sends unexpected data: disable attachment use for the workflow, review the file path or URL, and re-run with synthetic files first.
  • Broadcast or contact tools are too broad: use a narrower API key, remove unnecessary tools from the workflow, and require human approval for audience mutations.

Duplicate Check

  • No existing upstream content file uses the resend-mcp-server slug, resend-mcp package name, Resend MCP documentation URL, Resend MCP changelog URL, or resend/resend-mcp repository URL.
  • Existing Resend mentions are incidental references in broader Supabase, zero-budget SaaS, and Authsome content. They remain distinct because this entry covers Resend's official MCP server, transports, package, tool groups, setup commands, and email-specific safety/privacy review.

Editorial Disclosure

Resend is a commercial email platform, but this listing is not sponsored, paid, affiliate-backed, or submitted by Resend. Use Resend's current docs, package metadata, account permissions, API-key scopes, deliverability rules, and email policy as the source of truth before connecting real email workflows to any AI client.

Source citations

Add this badge to your README

Show that Resend MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/mcp/resend-mcp-server.svg)](https://heyclau.de/entry/mcp/resend-mcp-server)

How it compares

Resend MCP Server for Claude side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

1 trust signal differ across this comparison (Submitter).

Field

Official Resend MCP server for giving Claude and other MCP clients controlled access to email sending, received email, contacts, broadcasts, domains, segments, topics, API keys, and webhooks through stdio or Streamable HTTP.

Open dossier

Connect Claude to Postmark — send transactional email, manage templates, search messages, and diagnose delivery, bounces, and suppressions — with the official ActiveCampaign Postmark MCP server.

Open dossier

Built-in Streamable HTTP MCP server for Dagu that lets AI agents read workflow state, inspect DAG specs and logs, preview or apply workflow changes, and start, enqueue, retry, or stop DAG runs.

Open dossier

Apache-2.0 agentic proxy that can expose stdio, HTTP, SSE, and Streamable HTTP MCP servers through a managed gateway with federation, OAuth/JWT authentication, RBAC/CEL policy, CORS, TLS, observability, and Kubernetes Gateway API support.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustPackage not verifiedPackage not verifiedPackage not verifiedPackage not verified
Source provenanceSource-backedSource-backedSource-backedSource-backed
SubmitterDiffersoktofeesh1oktofeesh1oktofeesh1
Install riskReview firstReview firstReview firstReview first
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandDagu logoDaguagentgateway logoagentgateway
Categorymcpmcpmcpmcp
SourceSource-backedSource-backedSource-backedSource-backed
AuthorResendActiveCampaigndagucloudagentgateway
Added2026-06-042026-06-172026-06-062026-06-06
Platforms
Harness
Source repo
Safety notesResend MCP is an executable npm package launched with `npx`, not a HeyClaude-hosted package. Review the official repository and npm package metadata before running it in privileged environments. The server can send, schedule, update, cancel, and batch send emails when the configured API key allows it. Treat every outbound email as a production write unless you are using a controlled test recipient. Tools can manage contacts, segments, topics, broadcasts, domains, webhooks, contact properties, API keys, and received emails. Do not expose broad account-management tools to an autonomous agent without human review. Do not paste real `re_` API keys into prompts, issue comments, screenshots, public MCP configs, shell history, or committed files. Use environment variables or your client's secret handling. For stdio mode, the docs use `RESEND_API_KEY` in the launched process environment. For HTTP mode, each client authenticates with a Bearer token in the `Authorization` header. If reproducibility matters, pin the npm package version after checking the current Resend docs and release metadata instead of relying on the latest `npx -y resend-mcp` package. Attachments can be provided from local paths, URLs, or base64 content. Do not allow the assistant to attach arbitrary local files or downloaded content without reviewing file path, size, type, and recipient. Domain, tracking, TLS, webhook, API-key, and audience changes can affect deliverability, compliance, and production email behavior. Require explicit human approval for those operations.Send tools dispatch real transactional email; restrict the server token and confirm recipients before sending through Claude. Template, webhook, and suppression tools change live Postmark configuration; review before running them.Dagu is a workflow engine; MCP access can expose shell commands, Docker containers, Kubernetes Jobs, SSH commands, SQL queries, HTTP calls, agent harnesses, and other workflow steps. The MCP server registers `dagu_change` and `dagu_execute` as destructive-capable tools, so require preview/review before applying DAG changes or starting/stopping production runs. API keys can be scoped to the MCP surface; avoid reusing broad admin credentials for agent access. Workflow edits may change schedules, parameters, retries, secrets usage, queues, resource limits, notifications, and downstream infrastructure actions. Keep the Dagu server and MCP endpoint behind trusted network boundaries, TLS, and authentication for shared or remote deployments.Agentgateway can aggregate and expose many downstream MCP targets through one endpoint; every target's permissions become part of the gateway surface. Stdio targets are spawned by the gateway process, so commands such as package runners or containers inherit the gateway host's trust boundary. Demo configs use permissive CORS and local authorization servers; lock down origins, headers, issuers, audiences, JWKS, and resource metadata before production use. CEL/RBAC policies can inspect MCP tool names, arguments, results, prompts, resources, request bodies, JWT claims, API keys, and backend metadata; test policies before relying on them. Remote MCP proxying, OAuth provider adaptation, Kubernetes routing, TLS termination, and guardrails are infrastructure changes that should go through normal security review.
Privacy notesTool results and prompts can expose email addresses, names, recipient lists, message bodies, subject lines, attachments, contact properties, segments, topics, unsubscribe state, domain names, webhook URLs, logs, and inbound email content. Received emails and attachments can include customer support requests, order confirmations, account details, personal data, credentials, invoices, contracts, or regulated information. Outbound email drafts can leak private customer data if generated from tickets, Slack messages, databases, logs, or other MCP servers without a data-sharing review. MCP client transcripts, terminal logs, debug output, shell history, AI provider logs, screenshots, and issue reports may retain email content or recipient data outside Resend's access controls. Keep marketing audiences, segments, broadcast lists, custom properties, and suppression/unsubscribe data out of prompts unless the workflow owner approved the data handling. Use synthetic recipients, test domains, and non-production content for demos, screenshots, validation, and AI-assisted troubleshooting.Email content, recipient addresses, message search results, and delivery stats enter the MCP client context and the model's prompt. The POSTMARK_SERVER_TOKEN is a secret — keep it in the client config or environment, never in shared repositories.DAG specs, run parameters, logs, documents, audit records, secrets references, API keys, environment variables, and workflow outputs may be exposed to the MCP client. Workflow logs can contain credentials, customer data, internal hostnames, database query results, command output, file paths, or incident context. Dagu stores state locally by default and can also run distributed workers; review where DAG files, logs, audit entries, and secrets are persisted. Any workflow state returned through the MCP client may be sent onward to the configured model provider.MCP requests, tool arguments, tool results, prompt names, resource names, session IDs, JWT/API-key claims, raw request/response bodies, logs, traces, and telemetry may pass through the gateway. CEL policy and observability features may buffer or inspect request and response bodies depending on configuration. OAuth/JWT metadata, bearer tokens, API keys, DCR secrets, Keycloak/Auth0/Okta settings, and upstream MCP credentials must be protected as secrets. Any data returned by downstream MCP tools can still be sent onward by the MCP client to the configured model provider.
Prerequisites
  • Resend account with permission to create API keys and access the email resources the assistant should manage.
  • Verified sending domain or subdomain for production email workflows.
  • Resend API key scoped to the least privilege that covers the intended MCP tools.
  • MCP-capable client such as Claude Code, Codex, Cursor, Claude Desktop, Copilot, Gemini CLI, OpenCode, Windsurf, Devin, or another compatible client.
  • A Postmark account and a server API token (POSTMARK_SERVER_TOKEN).
  • A verified sender signature/email (DEFAULT_SENDER_EMAIL) and a message stream (DEFAULT_MESSAGE_STREAM).
  • Node.js to clone and run the server.
  • An MCP client such as Claude Code or Claude Desktop.
  • Dagu installed from Homebrew, GitHub Releases, npm, Docker/GHCR, Helm, or another upstream-supported installation path.
  • A running Dagu HTTP server with the built-in MCP endpoint enabled through the normal server path.
  • MCP client that supports Streamable HTTP server configuration.
  • API key with MCP surface access when Dagu authentication is enabled.
  • Agentgateway binary, container image, or source checkout from the upstream release/container/docs path.
  • At least one downstream MCP target, such as a stdio command, remote MCP server, SSE server, or Streamable HTTP server.
  • MCP client that can connect to the exposed Streamable HTTP or SSE route.
  • Auth, CORS, TLS, route, and policy configuration reviewed before shared or remote exposure.
Install
claude mcp add resend -e RESEND_API_KEY=re_xxxxxxxxx -- npx -y resend-mcp
git clone https://github.com/ActiveCampaign/postmark-mcp && cd postmark-mcp && npm install
brew install dagu
docker pull ghcr.io/agentgateway/agentgateway
Config
{
  "mcpServers": {
    "resend": {
      "command": "npx",
      "args": ["-y", "resend-mcp"],
      "env": {
        "RESEND_API_KEY": "re_xxxxxxxxx",
        "SENDER_EMAIL_ADDRESS": "updates@example.com"
      }
    }
  }
}
{
  "mcpServers": {
    "postmark": {
      "command": "node",
      "args": ["path/to/postmark-mcp/index.js"],
      "env": {
        "POSTMARK_SERVER_TOKEN": "<your-server-token>",
        "DEFAULT_SENDER_EMAIL": "<your-sender@example.com>",
        "DEFAULT_MESSAGE_STREAM": "outbound"
      }
    }
  }
}
{
  "mcpServers": {
    "dagu": {
      "url": "LOCAL_DAGU_MCP_URL",
      "headers": {
        "Authorization": "Bearer DAGU_MCP_API_KEY"
      }
    }
  }
}
{
  "mcpServers": {
    "agentgateway": {
      "url": "LOCAL_AGENTGATEWAY_MCP_URL",
      "headers": {
        "Authorization": "Bearer AGENTGATEWAY_MCP_TOKEN"
      }
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool

Related guides

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.