email-mcp-server

tissak/email-mcp-server

3.2

If you are the rightful owner of email-mcp-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.

The Email MCP Server is a Model Context Protocol server designed to facilitate AI assistants in managing email interactions through IMAP for reading and SMTP for sending, using TypeScript.

Tools
10
Resources
0
Prompts
0

Email MCP Server

A Model Context Protocol (MCP) server that enables AI assistants to interact with email via IMAP for reading and SMTP for sending, using TypeScript.

Status

IMAP Phase Complete - All core IMAP functionality implemented and tested. ✅ SMTP Phase Complete - Email sending, drafts, and replies fully implemented.

What's Implemented

IMAP Tools (Read & Manage Emails)

  1. list_mailboxes - List all available mailboxes/folders on the IMAP server
  2. search_emails - Search emails by criteria (from, subject, unread status)
  3. fetch_email - Fetch full email content by UID including headers, body, and attachments
  4. mark_email - Mark emails as read/unread or flagged/unflagged
  5. move_email - Move emails to different mailboxes/folders
  6. delete_email - Delete emails (move to Trash or permanently delete)
  7. create_folder - Create new email folders/mailboxes

SMTP Tools (Send Emails)

  1. send_email - Send new emails with recipients, subject, and body
  2. create_draft - Create draft emails in your Drafts folder without sending
  3. reply_to_email - Reply to existing emails with quoted text and threading

Architecture

  • MCP-Native Design: Built from the ground up to expose email capabilities through MCP
  • Type-Safe: Full TypeScript with strict type checking
  • Error Handling: Comprehensive error handling with meaningful error codes and messages
  • Connection Management: Automatic connection handling with basic error recovery
  • Email Parsing: Using mailparser for robust RFC 822 email parsing

Getting Started

Prerequisites

  • Node.js 18+
  • An email account with IMAP access enabled

MCP Client Configuration

Claude Desktop

Add this to your Claude Desktop configuration file (~/Library/Application Support/Claude/claude_desktop_config.json on macOS, or %APPDATA%\Claude\claude_desktop_config.json on Windows):

{
  "mcpServers": {
    "email": {
      "command": "node",
      "args": ["/path/to/email-mcp-server/dist/index.js"],
      "env": {
        "IMAP_HOST": "imap.gmail.com",
        "IMAP_PORT": "993",
        "IMAP_USER": "your-email@gmail.com",
        "IMAP_PASS": "your-app-password",
        "IMAP_TLS": "true",
        "IMAP_READ_ONLY": "false",
        "SMTP_HOST": "smtp.gmail.com",
        "SMTP_PORT": "587",
        "SMTP_USER": "your-email@gmail.com",
        "SMTP_PASS": "your-app-password",
        "SMTP_SECURE": "false",
        "SMTP_TLS": "true",
        "SMTP_READ_ONLY": "false"
      }
    }
  }
}

Note: SMTP configuration is optional. If not provided, IMAP credentials will be used. To enable read-only mode (recommended for initial testing), set "IMAP_READ_ONLY": "true" and/or "SMTP_READ_ONLY": "true".

For Gmail Users:

  1. Enable 2-Step Verification
  2. Generate an App Password
  3. Use the app password in IMAP_PASS (not your regular password)

For Outlook/Microsoft 365:

  • Use port 993 with TLS
  • Enable IMAP in your account settings
OpenCode

Add the Email MCP server to your OpenCode configuration file (opencode.jsonc):

{
  "$schema": "https://opencode.ai/config.json",
  "mcp": {
    "email": {
      "type": "local",
      "command": ["node", "/path/to/email-mcp-server/dist/index.js"],
      "enabled": true,
      "environment": {
        "IMAP_HOST": "imap.gmail.com",
        "IMAP_PORT": "993",
        "IMAP_USER": "your-email@gmail.com",
        "IMAP_PASS": "your-app-password",
        "IMAP_TLS": "true",
        "IMAP_READ_ONLY": "false",
        "SMTP_HOST": "smtp.gmail.com",
        "SMTP_PORT": "587",
        "SMTP_USER": "your-email@gmail.com",
        "SMTP_PASS": "your-app-password",
        "SMTP_SECURE": "false",
        "SMTP_TLS": "true",
        "SMTP_READ_ONLY": "false"
      }
    }
  }
}

Note: SMTP configuration is optional. To enable read-only mode (recommended for initial testing), set "IMAP_READ_ONLY": "true" and/or "SMTP_READ_ONLY": "true".

Then use the IMAP tools in your prompts by referencing the MCP server:

Search for unread emails from John. use the imap tool

Or add to your AGENTS.md file to automatically use the IMAP tools:

When you need to work with emails, use the `imap` tools.

Configuration

IMAP Configuration (Required)

Set these environment variables:

IMAP_HOST=imap.gmail.com       # IMAP server hostname
IMAP_PORT=993                  # IMAP port (993 for implicit TLS, 143/1143 for STARTTLS)
IMAP_USER=your-email@gmail.com # Email address
IMAP_PASS=YOUR_PASSWORD_HERE   # Password or app-specific password
IMAP_TLS=true                  # Use TLS (true/false)
IMAP_STARTTLS=false            # Enable STARTTLS (true for ports 143/1143, false for port 993)
IMAP_READ_ONLY=false           # Read-only mode for IMAP (prevents mark/move/delete)

Port & Security Combinations:

PortIMAP_TLSIMAP_STARTTLSTypeExample
993truefalseImplicit TLSGmail, Outlook, most providers
143truetrueSTARTTLSSome corporate servers
1143truetrueSTARTTLSProton Bridge
SMTP Configuration (Optional)

For sending emails, set these environment variables (if not set, IMAP credentials are used as fallback):

SMTP_HOST=smtp.gmail.com       # SMTP server hostname
SMTP_PORT=587                  # SMTP port (587 for STARTTLS, 465 for SSL)
SMTP_USER=your-email@gmail.com # Email address
SMTP_PASS=your-password        # Password or app-specific password
SMTP_SECURE=false              # Use SSL from start (true for 465, false for 587/STARTTLS)
SMTP_TLS=true                  # Use STARTTLS (true for 587, false for 465)
SMTP_READ_ONLY=false           # Read-only mode for SMTP (prevents sending)

Port & Security Combinations:

PortSMTP_SECURESMTP_TLSTypeExample
465truefalseImplicit SSLGmail alt, some custom servers
587falsetrueSTARTTLSGmail, Outlook, Proton Bridge
25falsetrueSTARTTLSSome internal servers
1025falsetrueSTARTTLSProton Bridge

Note: If SMTP variables are not set, the server will use IMAP credentials. For Gmail, both IMAP and SMTP typically share the same credentials.

For Proton Bridge: Use SMTP_SECURE=false, SMTP_TLS=true, SMTP_PORT=1025. See for complete guide.

Read-Only Mode: Set IMAP_READ_ONLY=true and/or SMTP_READ_ONLY=true to disable write operations. This is useful for safe exploration and testing. You can have IMAP read-only while SMTP is enabled, or vice versa.

Logging Configuration

Control log verbosity with the LOG_LEVEL environment variable:

LOG_LEVEL=info  # debug, info, warn, error (default: info)

Log Levels:

  • debug - Show all logs including detailed debugging information
  • info - Show general information, warnings, and errors (default)
  • warn - Show only warnings and errors
  • error - Show only errors

Examples:

# See all debug information
LOG_LEVEL=debug npm start

# Default logging (info, warn, error)
LOG_LEVEL=info npm start

# Only see warnings and errors
LOG_LEVEL=warn npm start

# Only see errors
LOG_LEVEL=error npm start
Rate Limiting

The server implements rate limiting to prevent abuse and protect against provider lockouts.

Configuration:

RATE_LIMIT_MAX=100           # Maximum requests per window (default: 100)
RATE_LIMIT_WINDOW_MS=60000   # Time window in milliseconds (default: 60000 = 1 minute)

Defaults:

  • 100 requests per minute (average ~1.67 per second)
  • Suitable for normal email operations
  • Prevents Gmail/Outlook rate limit violations

Adjusting Limits:

  • For personal use: Default is fine
  • For high-volume automation: Increase to 200-500
  • For shared/multi-user: Consider per-user limits (future enhancement)

Rate Limit Error: When the rate limit is exceeded, the server returns:

{
  "content": [
    {
      "type": "text",
      "text": "Rate limit exceeded. You have made 105 requests in the last minute. Maximum allowed: 100. Please wait a moment and try again."
    }
  ],
  "isError": true
}

Date Format for Email Searches

When using date parameters in email searches (since, before, on), always use the YYYY-MM-DD format:

# Search emails from January 15, 2024 onwards
since: "2024-01-15"

# Search emails before December 31, 2024
before: "2024-12-31"

# Search emails on June 15, 2024 only
on: "2024-06-15"

Important Notes:

  • Dates are processed in UTC to avoid timezone issues
  • Invalid formats (like "01/15/2024" or "Jan 15, 2024") will be ignored
  • Date ranges are inclusive (e.g., since: "2024-01-15" includes January 15)

## Development Quick Start

### Prerequisites

- Node.js 18+
- Docker (for test IMAP server)

### Setup

```bash
# Clone and install dependencies
npm install

# Configure environment
cp .env.test .env

# Start test IMAP server
docker-compose up -d

# Build TypeScript
npm run build

# Start the MCP server
npm start

Configuration

IMAP Configuration (Required)

Set these environment variables:

IMAP_HOST=imap.gmail.com       # IMAP server hostname
IMAP_PORT=993                  # IMAP port (993 for implicit TLS, 143/1143 for STARTTLS)
IMAP_USER=your-email@gmail.com # Email address
IMAP_PASS=YOUR_PASSWORD_HERE   # Password or app-specific password
IMAP_TLS=true                  # Use TLS (true/false)
IMAP_STARTTLS=false            # Enable STARTTLS (true for ports 143/1143, false for port 993)
IMAP_READ_ONLY=false           # Read-only mode for IMAP (prevents mark/move/delete)

Port & Security Combinations:

PortIMAP_TLSIMAP_STARTTLSTypeExample
993truefalseImplicit TLSGmail, Outlook, most providers
143truetrueSTARTTLSSome corporate servers
1143truetrueSTARTTLSProton Bridge
SMTP Configuration (Optional)

For sending emails, set these environment variables (if not set, IMAP credentials are used as fallback):

SMTP_HOST=smtp.gmail.com       # SMTP server hostname
SMTP_PORT=587                  # SMTP port (587 for STARTTLS, 465 for SSL)
SMTP_USER=your-email@gmail.com # Email address
SMTP_PASS=your-password        # Password or app-specific password
SMTP_SECURE=false              # Use SSL from start (true for 465, false for 587/STARTTLS)
SMTP_TLS=true                  # Use STARTTLS (true for 587, false for 465)
SMTP_READ_ONLY=false           # Read-only mode for SMTP (prevents sending)

Port & Security Combinations:

PortSMTP_SECURESMTP_TLSTypeExample
465truefalseImplicit SSLGmail alt, some custom servers
587falsetrueSTARTTLSGmail, Outlook, Proton Bridge
25falsetrueSTARTTLSSome internal servers
1025falsetrueSTARTTLSProton Bridge

Note: If SMTP variables are not set, the server will use IMAP credentials. For Gmail, both IMAP and SMTP typically share the same credentials.

For Proton Bridge: Use SMTP_SECURE=false, SMTP_TLS=true, SMTP_PORT=1025. See for complete guide.

Read-Only Mode: Set IMAP_READ_ONLY=true and/or SMTP_READ_ONLY=true to disable write operations. This is useful for safe exploration and testing. You can have IMAP read-only while SMTP is enabled, or vice versa.

Logging Configuration

Control log verbosity with the LOG_LEVEL environment variable:

LOG_LEVEL=info  # debug, info, warn, error (default: info)

Log Levels:

  • debug - Show all logs including detailed debugging information
  • info - Show general information, warnings, and errors (default)
  • warn - Show only warnings and errors
  • error - Show only errors

Examples:

# See all debug information
LOG_LEVEL=debug npm start

# Default logging (info, warn, error)
LOG_LEVEL=info npm start

# Only see warnings and errors
LOG_LEVEL=warn npm start

# Only see errors
LOG_LEVEL=error npm start
Rate Limiting

The server implements rate limiting to prevent abuse and protect against provider lockouts.

Configuration:

RATE_LIMIT_MAX=100           # Maximum requests per window (default: 100)
RATE_LIMIT_WINDOW_MS=60000   # Time window in milliseconds (default: 60000 = 1 minute)

Defaults:

  • 100 requests per minute (average ~1.67 per second)
  • Suitable for normal email operations
  • Prevents Gmail/Outlook rate limit violations

Adjusting Limits:

  • For personal use: Default is fine
  • For high-volume automation: Increase to 200-500
  • For shared/multi-user: Consider per-user limits (future enhancement)

Rate Limit Error: When the rate limit is exceeded, the server returns:

{
  "content": [
    {
      "type": "text",
      "text": "Rate limit exceeded. You have made 105 requests in the last minute. Maximum allowed: 100. Please wait a moment and try again."
    }
  ],
  "isError": true
}

Date Format for Email Searches

When using date parameters in email searches (since, before, on), always use the YYYY-MM-DD format:

# Search emails from January 15, 2024 onwards
since: "2024-01-15"

# Search emails before December 31, 2024
before: "2024-12-31"

# Search emails on June 15, 2024 only
on: "2024-06-15"

Important Notes:

  • Dates are processed in UTC to avoid timezone issues
  • Invalid formats (like "01/15/2024" or "Jan 15, 2024") will be ignored
  • Date ranges are inclusive (e.g., since: "2024-01-15" includes January 15)



## Tool Documentation

### list_mailboxes

Lists all available mailboxes on the server.

**Input**: None

**Output**:
```json
{
  "mailboxes": [
    {
      "name": "INBOX",
      "flags": [],
      "children": 0,
      "attribs": ["\\HasNoChildren"]
    }
  ],
  "total": 4
}

search_emails

Search emails by multiple criteria.

Input:

{
  "mailbox": "INBOX",           // Optional, default: INBOX
  "from": "sender@example.com", // Optional
  "subject": "meeting",         // Optional
  "unread": true,              // Optional
  "since": "2024-01-15",       // Optional, format: YYYY-MM-DD
  "before": "2024-12-31",      // Optional, format: YYYY-MM-DD
  "on": "2024-06-15",          // Optional, format: YYYY-MM-DD
  "limit": 50                  // Optional, default: 50
}

Output:

{
  "mailbox": "INBOX",
  "totalFound": 42,
  "returned": 50,
  "emails": [
    {
      "uid": 1,
      "from": [{"name": "John", "address": "john@example.com"}],
      "subject": "Test Email",
      "date": "2024-11-15T10:00:00.000Z",
      "flags": ["\\Seen"]
    }
  ]
}

fetch_email

Fetch complete email content.

Input:

{
  "uid": 1,              // Required
  "mailbox": "INBOX"    // Optional, default: INBOX
}

Output:

{
  "uid": 1,
  "messageId": "<id@example.com>",
  "from": [{"name": "John", "address": "john@example.com"}],
  "to": [{"name": "Me", "address": "me@example.com"}],
  "subject": "Test Email",
  "date": "2024-11-15T10:00:00.000Z",
  "flags": ["\\Seen"],
  "bodyPreview": {
    "text": "Email body text...",
    "htmlAvailable": true
  },
  "attachments": [
    {
      "filename": "document.pdf",
      "contentType": "application/pdf",
      "size": 102400
    }
  ]
}

mark_email

Mark email with flags (read/unread, flagged/unflagged).

Input:

{
  "uid": 1,            // Required
  "mailbox": "INBOX", // Optional, default: INBOX
  "read": true,       // Optional: mark as read (true) or unread (false)
  "flagged": false    // Optional: mark as flagged (true) or unflagged (false)
}

Output:

{
  "uid": 1,
  "mailbox": "INBOX",
  "changes": ["marked as read"],
  "success": true
}

move_email

Move an email to a different mailbox/folder.

Input:

{
  "uid": 1,              // Required
  "fromMailbox": "INBOX", // Optional, source mailbox (default: INBOX)
  "toMailbox": "Archive" // Required, target mailbox
}

Output:

{
  "uid": 1,
  "fromMailbox": "INBOX",
  "toMailbox": "Archive",
  "success": true,
  "message": "Email moved from INBOX to Archive"
}

delete_email

Delete an email (move to Trash by default, or permanently delete).

Input:

{
  "uid": 1,          // Required
  "mailbox": "INBOX", // Optional, source mailbox (default: INBOX)
  "permanent": false  // Optional, permanently delete (true) or move to Trash (false, default)
}

Output:

{
  "uid": 1,
  "mailbox": "INBOX",
  "permanent": false,
  "success": true,
  "message": "Email moved to Trash from INBOX"
}

Note: When permanent=false (default), the email is moved to Trash. When permanent=true, the email is immediately and permanently deleted.

create_folder

Create a new email folder/mailbox on the IMAP server.

Input:

{
  "name": "Projects",              // Required: name of the folder to create
  "parent": "Folders"              // Optional: parent folder (defaults to "Folders")
}

Output:

{
  "success": true,
  "name": "Projects",
  "parent": "Folders",
  "fullPath": "Folders/Projects",
  "message": "Subfolder \"Projects\" created under \"Folders\""
}

Notes:

  • Folders are created under the "Folders" root by default
  • You can create subfolders by specifying a parent folder
  • Folder names must be unique within their parent
  • The full path will be returned in the response

send_email

Send a new email via SMTP. Supports plain text and HTML bodies.

Input:

{
  "to": "recipient@example.com",           // Required: single or comma-separated addresses
  "cc": "cc@example.com",                  // Optional: carbon copy recipients
  "bcc": "bcc@example.com",                // Optional: blind carbon copy recipients
  "subject": "Hello",                      // Required
  "text": "Plain text body",               // Optional (at least one of text/html required)
  "html": "<p>HTML body</p>"               // Optional (at least one of text/html required)
}

Output:

{
  "success": true,
  "messageId": "<message-id@example.com>",
  "to": ["recipient@example.com"],
  "timestamp": "2024-11-15T10:00:00.000Z",
  "message": "Email sent successfully"
}

create_draft

Create a draft email in your Drafts folder without sending it. The email is saved via IMAP.

Input:

{
  "to": "recipient@example.com",           // Required: single or comma-separated addresses
  "cc": "cc@example.com",                  // Optional
  "bcc": "bcc@example.com",                // Optional
  "subject": "Draft Subject",              // Required
  "text": "Draft body text",               // Optional
  "html": "<p>Draft HTML body</p>"         // Optional
}

Output:

{
  "success": true,
  "to": ["recipient@example.com"],
  "subject": "Draft Subject",
  "mailbox": "Drafts",
  "timestamp": "2024-11-15T10:00:00.000Z",
  "message": "Draft created successfully"
}

reply_to_email

Send a reply to an existing email. Automatically adds quoted text and proper threading.

Input:

{
  "messageId": "<original-message-id@example.com>",  // Required: from fetch_email result
  "text": "My reply text",                            // Optional (at least one of text/html required)
  "html": "<p>My HTML reply</p>",                     // Optional
  "subject": "Re: Original Subject",                 // Optional (auto-generated if not provided)
  "replyAll": false,                                 // Optional: reply to all recipients (default: false)
  "originalMessage": { ... }                         // Required: the EmailMessage object from fetch_email
}

Output:

{
  "success": true,
  "messageId": "<new-message-id@example.com>",
  "replyTo": ["sender@example.com"],
  "subject": "Re: Original Subject",
  "replyAll": false,
  "timestamp": "2024-11-15T10:00:00.000Z",
  "message": "Reply sent successfully"
}

Read-Only Mode

The Email MCP Server supports independent read-only modes for both IMAP and SMTP, allowing safe exploration and testing. When enabled, the server allows reading operations but prevents write operations.

Enable Read-Only Mode

Set environment variables independently:

# IMAP read-only (prevents mark, move, delete)
IMAP_READ_ONLY=true

# SMTP read-only (prevents sending)
SMTP_READ_ONLY=true

IMAP Read-Only Mode

Permitted Operations:

  • list_mailboxes - Browse your folder structure
  • search_emails - Find and filter messages
  • fetch_email - Read complete email content

Blocked Operations:

  • mark_email - Cannot modify email flags
  • move_email - Cannot move emails between mailboxes
  • delete_email - Cannot delete emails
  • create_draft - Cannot create drafts

SMTP Read-Only Mode

Permitted Operations:

  • ✅ All IMAP read operations (when SMTP is read-only)

Blocked Operations:

  • send_email - Cannot send emails
  • reply_to_email - Cannot send replies

Error message when attempting blocked operations:

{
  "type": "text",
  "text": "Server is in read-only mode. The \"send_email\" operation is not permitted. Set SMTP_READ_ONLY=false to enable sending operations."
}

Typical Workflow

  1. Start with Read-Only Mode (IMAP_READ_ONLY=true, SMTP_READ_ONLY=true)

    • Explore your mailboxes safely
    • Search and read emails
    • Test reply formatting

  2. Enable IMAP Write Operations (IMAP_READ_ONLY=false, SMTP_READ_ONLY=true)

    • Mark emails as read/unread
    • Move and delete emails
    • Keep sending disabled for safety

  3. Enable SMTP Sending (IMAP_READ_ONLY=false, SMTP_READ_ONLY=false)

    • Send new emails
    • Create drafts
    • Send replies

This approach prevents accidental modifications while you're learning the API.

Development

Project Structure

src/
├── index.ts                      # Entry point
├── server.ts                     # MCP server setup
├── config.ts                     # Configuration loader (IMAP & SMTP)
├── types/
│   └── index.ts                  # TypeScript interfaces & types
├── imap/
│   ├── connection-manager.ts     # IMAP connection handling
│   ├── tools/
│   │   ├── list-mailboxes.ts
│   │   ├── search-emails.ts
│   │   ├── fetch-email.ts
│   │   ├── mark-email.ts
│   │   ├── move-email.ts
│   │   └── delete-email.ts
│   └── utils/
│       ├── imap-utils.ts         # IMAP operations (search, fetch, move, delete, setFlags)
│       └── email-parser.ts       # Email parsing with mailparser
└── smtp/
    ├── connection-manager.ts     # SMTP connection handling (nodemailer)
    ├── utils.ts                  # SMTP utilities (validation, formatting)
    └── tools/
        ├── send-email.ts
        ├── create-draft.ts
        └── reply-to-email.ts

Building

npm run build       # Build TypeScript
npm run type-check  # Check types
npm start          # Start server

Testing

The project includes comprehensive test coverage for all core functionality.

Unit Tests
# Run all tests
npm test

# Run tests with coverage
npm run test:coverage

# Run tests in watch mode
npm run test:watch

Test Coverage:

  • ✅ IMAP utilities (sanitization, mailbox operations)
  • ✅ SMTP utilities (email validation, formatting)
  • ✅ Rate limiter functionality
  • ✅ Connection management
  • ✅ Pure utility functions
  • ✅ Tool integration tests

Test Results:

  • 59+ tests passing
  • Coverage reports generated in coverage/ directory
  • Both unit and integration tests included
Integration Tests

Local integration tests are available:

# Start test IMAP server
docker-compose up -d

# Run tests (after building)
npm run build
node test-tools-integration.js

Testing with MCP Clients

The server listens on stdio and implements the MCP protocol. To test with Claude Desktop or other MCP clients:

npm run build
node dist/index.js

Send MCP protocol messages via stdin to interact with the server.

Supported Providers

Tested with:

  • Proton Bridge (IMAP port 1143, SMTP port 1025 with STARTTLS)
  • ✅ Gmail (with app-specific passwords)
  • ✅ Outlook/Microsoft 365 (with IMAP enabled)
  • ✅ Generic IMAP/SMTP servers
  • ✅ Local test IMAP server (for development)

Proton Bridge Specific Setup

If using Proton Bridge, see for detailed configuration.

Quick settings for Proton Bridge:

IMAP_HOST=127.0.0.1
IMAP_PORT=1143
SMTP_HOST=127.0.0.1
SMTP_PORT=1025
SMTP_SECURE=false         # Critical for STARTTLS
SMTP_TLS=true             # Enable STARTTLS

Security

Built-in Protections

  • 🔒 Never logs credentials or email content
  • 🔒 All connections use TLS/SSL by default
  • 🔒 Input validation on all parameters
  • 🔒 Error messages don't expose sensitive data
  • 🔒 IMAP Injection Protection: All user input in email searches is sanitized to prevent IMAP injection attacks
  • 🔒 Rate Limiting: Built-in rate limiting prevents abuse and protects against provider lockouts

IMAP Injection Protection

The server automatically sanitizes all user input in email search operations to prevent IMAP injection attacks. This protects against malicious inputs that could bypass search filters or execute unauthorized IMAP commands.

Protected Fields:

  • from - Sender email addresses
  • to - Recipient email addresses
  • cc - CC recipient email addresses
  • bcc - BCC recipient email addresses
  • subject - Email subject lines
  • body - Email body content

Sanitization Process:

  • Escapes backslashes (\\\)
  • Escapes quotes ("\")
  • Prevents IMAP command injection

Example:

// Malicious input: " OR ALL "
// Sanitized output: \" OR ALL \"
// Safe IMAP query: FROM "\" OR ALL \""

This protection is automatic and requires no configuration. All search operations through the search_emails tool are protected by default.

Future Enhancements

Phase 3+ (Future)

  • Attachment Handling: Full attachment download and upload with send_email
  • MCP Resources: Expose email data as MCP Resources for improved efficiency
  • OAuth2 Support: Migrate from password-based auth to OAuth2
  • Advanced Features:
    • Connection pooling for better performance
    • Exponential backoff retry logic
    • Rate limiting and quota management (✅ Implemented)
    • Email filtering and rules
    • Folder management (create/delete/rename)
    • Signature support in replies
    • Template support for common email types
  • Monitoring & Observability:
    • Comprehensive audit logging
    • Performance metrics
    • Health checks
  • Multi-Account Support: Handle multiple email accounts in single instance

Known Limitations

Current

  • Basic pagination only (no complex offset/cursor pagination)
  • Attachment content not retrieved (metadata only) for fetch_email
  • No support for creating/deleting mailboxes
  • TLS certificate validation not configurable (enforced)
  • Rate limiting implemented (configurable via environment variables)
  • IMAP injection protection implemented (input sanitization in search operations)

Planned for Future

  • Attachment upload/download with send_email
  • OAuth2 authentication support
  • Connection pooling for improved performance
  • Advanced retry logic with exponential backoff
  • Rate limiting and quota management (Completed)

Troubleshooting

Connection Refused

Error: ECONNREFUSED - Check that IMAP_HOST and IMAP_PORT are correct

Authentication Failed

AUTHENTICATION_FAILED: Invalid credentials
  • Verify IMAP_USER and IMAP_PASS
  • For Gmail, use app-specific passwords (not your main password)
  • Check that IMAP is enabled in your email provider

Unknown Command

Error: Search failed: Unknown command
  • Ensure IMAP server supports the SEARCH command
  • Try connecting with a standard IMAP client first

Performance Notes

  • Connection establishment: ~2-3 seconds
  • Email fetch: ~500-1000ms (depends on size)
  • Search operations: ~1-2 seconds

Architecture Notes

The server follows MCP best practices:

  1. Tool-First Design: All functionality exposed as MCP tools
  2. Proper Schemas: Input validation using strict schemas
  3. Clear Error Codes: Standardized error responses
  4. Graceful Shutdown: Clean resource cleanup on exit
  5. No Side Effects: All operations are read-only except marking

License

MIT

Contributing

This is an MVP implementation. For production use, consider:

  • Adding comprehensive unit and integration tests
  • Implementing connection pooling
  • Rate limiting (Implemented)
  • Enhanced error recovery
  • Performance optimization