Claude Code is Anthropic's official CLI — a Claude agent that lives in your terminal with shell access to your repo. By itself it can already do a lot of email-infra work: read your Terraform, grep for SPF records, propose DNS changes. Add the Inbox Check MCP server and it gets the missing half: the ability to actually resolve DNS, hit DNSBLs, and run real placement tests. This is the combination that turns "look at my email setup" into a single prompt.
The payoff is biggest on teams that keep DNS, DKIM selectors and mail-send config in code (Terraform, Pulumi, Cloudflare Workers, Kubernetes manifests). Claude Code reads the repo; the MCP server tests the live world; you get a diff PR that fixes both sides at once.
Claude Code, very briefly
Claude Code is a terminal-native agent. You install it with a package manager, cd into a project, and type claude. It reads your CLAUDE.md (if present) for project context, can run shell commands with approval, can edit files, and — the part that matters here — can call MCP servers.
Installing the Inbox Check MCP server
Two paths. Pick whichever matches how your team works.
Option A: claude mcp add (recommended)
The newer CLI subcommand handles scoping, JSON quoting and env vars for you:
claude mcp add inbox-check \
--command npx \
--args "-y ldm-inbox-check-mcp" \
--env INBOX_CHECK_API_KEY=ic_live_REPLACE_MEAdd --scope project if you want the config to live in .claude/mcp.json inside the repo (so teammates inherit it) or --scope user (default) if you want it machine-wide.
Option B: edit the config file by hand
The project-scope file is .claude/mcp.json:
{
"mcpServers": {
"inbox-check": {
"command": "npx",
"args": ["-y", "ldm-inbox-check-mcp"],
"env": {
"INBOX_CHECK_API_KEY": "${env:INBOX_CHECK_API_KEY}"
}
}
}
}The ${env:VAR} syntax pulls from your shell environment so you can safely commit the file — set the real key in .zshrc or a gitignored .env.
Verify with claude mcp list. You should see inbox-check with five tools.
Example session: audit cold email from the repo
Here's a realistic transcript. The repo contains Terraform for Cloudflare DNS and a folder of outbound email templates. The goal: audit the cold-email sending setup end to end.
$ cd acme-infra
$ claude
> /mcp
Configured MCP servers:
inbox-check (5 tools, connected)
> Audit our cold-email setup. Sending domain is
news.acme.io. Check DNS, DNSBL, and run one
placement test using templates/outreach-v4.html
with subject "Quick question". Report in order
of severity.
I'll start by checking authentication for news.acme.io.
[tool: check_auth]
{ "domain": "news.acme.io" }
{ "spf": { "pass": true, ... },
"dkim": { "pass": true, "selector": "s1" },
"dmarc": { "pass": false,
"reason": "alignment: From domain news.acme.io
does not align with DKIM signing domain
bounces.acme.io (relaxed mode would pass,
strict does not)" } }
DMARC alignment is failing in strict mode. Let
me also check the DNSBL status.
[tool: check_blacklist]
{ "target": "news.acme.io" }
{ "listed": false, "checked": 23 }
Good — the domain is clean. Running the placement
test now.
[tool: start_test]
{ "from": "hello@news.acme.io",
"subject": "Quick question",
"html": "<html>..." }
{ "id": "t_9f2a1" }
[tool: get_test]
{ "id": "t_9f2a1" }
{ "status": "pending" }
... (polling)
[tool: get_test]
{ "id": "t_9f2a1" }
{ "status": "complete",
"inbox": 13, "spam": 6, "missing": 1,
"providers": { "gmail": "inbox",
"outlook": "spam", "yahoo": "spam", ... },
"spam_score": 4.8,
"rules": ["HTML_IMAGE_ONLY_32",
"URI_HEX", "BODY_SINGLE_WORD"] }
Audit complete. In severity order:
1. DMARC alignment failure (CRITICAL)
Your DMARC record is in strict mode but DKIM
signs with bounces.acme.io while your From is
news.acme.io. Either relax DMARC to adkim=r,
or move DKIM to the news subdomain.
Terraform fix: in modules/dns/dmarc.tf line 12,
change adkim=s to adkim=r.
2. 6/20 spam at Outlook + Yahoo (HIGH)
SpamAssassin flagged HTML_IMAGE_ONLY_32 —
templates/outreach-v4.html is 90% image. Add a
proper text part and trim the hero image.
3. Hex-encoded URLs (MEDIUM)
URI_HEX fired on two of your tracking links.
Check the link builder in utils/track.ts.
Should I open a PR with the DMARC fix in (1)?That's the full loop. Three tools called, two files located, one concrete PR proposal — all from one prompt.
Shell + MCP + API combined
Claude Code's superpower is composing its own tool with MCP tools. Useful patterns:
- Grep the repo, then act. "Find every domain in the codebase that looks like a sending domain, run
check_authon each, and table the results." - Read + test + commit. "Read the HTML in
dist/welcome.html, run a placement test, and if inbox rate > 90% tag the release." - Parse Terraform, check live. "Parse
modules/dns/**/*.tffor SPF records, compare each with whatcheck_authreturns, and flag any drift between code and reality."
Safety: auto-edit vs ask-first
Claude Code has granular permission controls. For email-infra work a reasonable default is:
- Auto-approve read-only MCP tools (
check_auth,check_blacklist,get_test,list_providers). - Require approval for
start_test(it consumes your quota). - Require approval for every shell command that would modify DNS (Terraform apply,
gcloud dnswrites, etc.).
You configure these in .claude/settings.json or via /permissions in a running session.
Claude Code runs in non-interactive mode too. A useful pre-deploy job: run claude -p "audit sending DNS for acme.io, fail the pipeline if DMARC alignment breaks" in CI. The MCP server works the same way headless; exit code reflects whether the audit passed.