Home > MCP Servers > apple-mail-mcp

apple-mail-mcp

🤖 MCP server for Apple Mail - Manage emails with AI using Claude Desktop. Search, send, organize mail with natural language.

apple-mail applescript claude email-automation macos mcp python

Why this rank:Strong adoptionRecent releaseHealthy release cadence

Description

🤖 MCP server for Apple Mail - Manage emails with AI using Claude Desktop. Search, send, organize mail with natural language.

README

Apple Mail MCP Server

An MCP server that provides programmatic access to Apple Mail, enabling AI assistants like Claude to read, send, search, and manage emails on macOS.

Tools (14)

Core: list_mailboxes, search_messages, get_message, send_email, mark_as_read Attachments & Management: send_email_with_attachments, get_attachments, save_attachments, move_messages, flag_message, create_mailbox, delete_messages Reply/Forward: reply_to_message, forward_message

Prerequisites

macOS 10.15 (Catalina) or later
Python 3.10 or later
Apple Mail configured with at least one account
uv (recommended) or pip

Installation

# From source (recommended for development)
git clone https://github.com/s-morgan-jeffries/apple-mail-mcp.git
cd apple-mail-mcp
uv sync --dev

Configuration

Add to your Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "apple-mail": {
      "command": "uv",
      "args": ["--directory", "/path/to/apple-mail-mcp", "run", "python", "-m", "apple_mail_mcp.server"]
    }
  }
}

Permissions

On first run, macOS will prompt for Automation access. Grant permission in: System Settings > Privacy & Security > Automation > Terminal (or your IDE)

Development

# Setup
uv sync --dev

# Common commands
make test              # Run unit tests
make lint              # Lint with ruff
make typecheck         # Type check with mypy
make check-all         # All checks (lint, typecheck, test, complexity, version-sync, parity)
make coverage          # Coverage report
make test-integration  # Integration tests (requires Mail.app)

# Validation scripts
./scripts/check_version_sync.sh          # Version consistency
./scripts/check_client_server_parity.sh  # Connector-server alignment
./scripts/check_complexity.sh            # Cyclomatic complexity
./scripts/check_applescript_safety.sh    # AppleScript safety audit

Branch Convention

{type}/issue-{num}-{description} — e.g., feature/issue-42-thread-support

Architecture

server.py (FastMCP tools — thin orchestration)
  -> mail_connector.py (AppleScript bridge — domain logic)
     -> subprocess.run(["osascript", ...])
        -> Apple Mail.app

server.py — MCP tool registration, input validation, response formatting
mail_connector.py — All AppleScript generation and execution
security.py — Input sanitization, audit logging, confirmation flows
utils.py — Pure functions: escaping, parsing, validation
exceptions.py — Typed exception hierarchy

Security

Local execution only (no cloud processing)
Uses existing Mail.app authentication (no credential storage)
All inputs sanitized and AppleScript-escaped
Destructive operations require confirmation
Operation audit logging
See SECURITY.md for policy and docs/SECURITY.md for detailed analysis

Contributing

See CONTRIBUTING.md for development workflow, coding standards, and PR process.

License

MIT

Release History

Version	Changes	Urgency	Date
v0.9.0	Minor release. The theme is hardening the destructive-operation surface and the IMAP fast path: explicit user-confirmation gates now front the remaining unguarded deletes and rule mutations, `save_attachments` is bounded against disk-fill, a contributor-reported IMAP CRLF command-injection vector is closed, and a STRIDE threat model now documents the trust boundaries those defenses sit on. Alongside the security work: an opt-in read-only server mode, a new recency search filter, several IMA	High	6/1/2026
v0.8.2	Patch release. Three substantive bug fixes — one security regression in our own gate chain, one regression introduced at v0.8.1, and one long-latent AppleEvent timeout bug surfaced by use on slow Exchange/EWS accounts. Two of the three are contributor-authored: [@fmasi](https://github.com/fmasi) reported and fixed the v0.8.1 regression they noticed within hours of release; [@allenpan05](https://github.com/allenpan05) reported and fixed the AppleEvent timeout bug. Thanks to both. ### Fixed **`	High	5/20/2026
v0.8.1	Patch release. Three user-facing bug fixes — two reported by external contributor [@fmasi](https://github.com/fmasi) with full reproductions — plus a refactor sweep that drops every remaining function below the CC 20 threshold (complexity allowlist now empty). ### Fixed `_resolve_imap_config` prefers Mail.app's `user name` for IMAP LOGIN; CLI keychain key matches runtime (#201): `AppleMailConnector._resolve_imap_config` previously preferred `email_addresses[0]` over Mail.app's `user name`	High	5/17/2026
v0.8.0	Performance + correctness release. The headline arc is IMAP fast paths for every single-field mutation (#149 move / #150 delete / #151 read / #152 flag): when callers provide `account` + `source_mailbox`, the four mutation paths skip the AppleScript `whose message id is` linear scan (~57s on a 47k-message Gmail INBOX per #147's bench) and run server-side via `UID MOVE` / `UID STORE`. The dual-emit `rfc_message_id` field (#148) means callers naturally have an ID in the right form regardless	High	5/13/2026
v0.7.0	API-surface release. Two parallel arcs landed: (1) the #129 audit-driven consolidation that collapsed seven near-duplicate tools into shared verbs (`update_message`, `update_rule`, `get_messages`, expanded `search_messages` filters), and (2) the mailbox + drafts CRUD additions that complete the write-side surface (`update_mailbox`, `delete_mailbox`, `create_draft` / `update_draft` / `delete_draft`). The IMAP thread-discovery work from v0.6.0 is now fully tiered with Tier 1.5 (Gmail per-mailbox	High	5/10/2026
v0.6.0	Performance and ergonomics release. The IMAP delegation arc started in v0.5.0 is now complete: , , , and all delegate to IMAP transparently when configured, with a clean cross-provider fallback story. Headline numbers: search drops 60s → 2.7s on a populous mailbox, the IMAP fast path is wired through every read tool, and a small per-account circuit breaker keeps offline / stale-credential bursts bounded. Setup is no longer a four-line raw-shell incantation — there's a real CLI with verificatio	High	5/3/2026
v0.5.0	Major minor release. Fifteen new MCP tools across four feature areas (account discovery, rule management, email templates, IMAP-backed performance), several long-standing AppleScript-injection bugs closed, and contributor-experience tightening prompted by an honest look at how earlier external PRs got handled. The README, CONTRIBUTING.md, and were all reworked to make the project safer and more welcoming to contribute to. ### Added Rule CRUD (#63): , , , . Addresses rules by 1-based posi	High	4/27/2026
v0.4.1	Patch release: dep hygiene and v0.4.0 follow-ups. Four connector bugs that unit tests couldn't catch were surfaced by running the three new integration tests against real Mail.app. ### Added - Integration tests for , , and against real Mail.app, fulfilling the #23 design doc commitment (#57) ### Changed - Bumped transitive deps to clear findings from the v0.4.0 release: 1.6.9 → 1.7.0, 46.0.6 → 46.0.7, 9.0.2 → 9.0.3, 0.0.22 → 0.0.26. //// unchanged (#57) ### Fixed - with no filter cond	High	4/20/2026
v0.4.0	Quality and infrastructure milestone. No new MCP tools; focus on test coverage, safety, and parsing robustness. ### Added - Test-mode safety system (, ) — account-gated destructive operations are constrained to a designated test account and sends are constrained to RFC 2606 reserved domains (#19) - Three-tier sliding-window rate limiting (general / send / expensive) replacing the previous stub (#17) - Proper MCP elicitation for destructive operation confirmation, replacing the previous stub (#	High	4/19/2026
main@2026-04-19	Latest activity on main branch	High	4/19/2026
0.0.0	No release found — using repo HEAD	High	4/11/2026

Dependencies & License Audit

Loading dependencies...

Similar Packages

che-apple-mail-mcp📧 Unlock Apple Mail's potential with 42 powerful tools for full scripting control, enabling advanced mailbox and email management.main@2026-05-31

discord.py-self-mcpcomprehensive Discord selfbot MCP server using discord.py-selfv1.3.0

mcp-taiwan-legal-db台灣司法院判決 + 全國法規資料庫 MCP server · Query Taiwan legal data from any MCP AI agentmain@2026-06-05

antigravity-awesome-skills🌌 Explore 255+ essential skills for AI coding assistants like Claude Code and GitHub Copilot to enhance your development workflow.main@2026-06-05

pattern8Enforce zero-trust rules for AI agents to prevent hallucinations, unsafe actions, and policy bypassesmain@2026-06-05

More in MCP Servers

AstrBotAgentic IM Chatbot infrastructure that integrates lots of IM platforms, LLMs, plugins and AI feature, and can be your openclaw alternative. ✨

agentscopeBuild and run agents you can see, understand and trust.

claude-plugins-officialOfficial, Anthropic-managed directory of high quality Claude Code Plugins.

langchain4jLangChain4j is an open-source Java library that simplifies the integration of LLMs into Java applications through a unified API, providing access to popular LLMs and vector databases. It makes impleme