NAMECHEAP · MCP-NATIVE

Namecheap, on autopilot. Privacy on by default. Forever.

Authwright is the MCP server that runs your Namecheap account for you — DNS, SSL, renewals, and especially WhoisGuard — directly from Claude, Cursor, or ChatGPT. Bulk privacy in one command. Bulk renewals in another. No more dashboard archaeology.

Join the Namecheap waitlistCheck a domain free

Early access · Namecheap ingest in development

A real Namecheap implementation. Talks to the registrar API directly, not through someone else's reseller layer.

mcp · authwright + namecheap
  1. turn whoisguard on for every public domain in my account
  2. 48 Namecheap domains scanned
  3. 9 had privacy off → flipped on
  4. drift check scheduled · daily 09:00 UTC
  5. audit dnssec across all zones
2 live · 3 early access
  • GoDaddy
  • NamecheapEarly
  • Cloudflare
  • PorkbunEarly
  • Route 53Early
Namecheap is taking waitlist signups.

THE PRIVACY DRIFT

You turned WhoisGuard on. Then you turned it on again. And again.

Namecheap got privacy right — it's free, it's the default for new registrations, and most of the time it sticks. Most of the time. Then a billing failure rolls a domain off and privacy quietly flips off with it. Or a bulk import skips the flag. Or a transfer-in lands without it. You don't notice until the spam starts.

You also don't notice that three certs are about to expire and one of your DNSSEC keys is silently wrong. You don't want a dashboard. You want a daemon.

Domain privacy is a state your registrar should hold for you, not a checkbox you babysit.

42 TOOLS, ONE MCP SESSION

Every Namecheap account-management task, callable from your editor.

42 MCP tools wired to the Namecheap API, callable from Claude, Cursor, or ChatGPT. Built around the specific shapes of Namecheap's API — including the parts that aren't pretty.

  • whoisguard_on()Flip WhoisGuard on across the whole portfolio in one command. Daily drift check included.
  • bulk_renew()Any subset of domains by expiry window, by tag, or by TLD.
  • dns_diff()Edit records with diff preview. Namecheap's DNS API is replace-all per zone; we snapshot first to make that fact invisible.
  • ssl_track()Surface PositiveSSL certs about to expire, queue renewals.
  • dnssec_audit()Audit DNSSEC across every zone. Namecheap requires a support ticket for some TLDs — we surface that constraint clearly instead of failing silently.
  • health_score()0-100 score on each domain — expiry, DNSSEC, SSL, MX, SPF, DKIM, DMARC, MTA-STS, BIMI, blocklist.
  • email_auth()And, if you want, set up email authentication too.

You stay in your editor. The Namecheap dashboard becomes the place you visit twice a year.

MCP, not SaaS

If your team lives in Claude, Cursor, or ChatGPT, this is the tool your stack was missing.

Every other DMARC vendor shipped a web dashboard in 2019 and never looked up. Authwright is built as a Model Context Protocol server — which means it's callable directly from the AI environments your operators already use.

A tech in Cursor can resolve a deliverability ticket without opening a browser tab. A founder in Claude can onboard a new client domain in a single prompt.

This is not a wrapper around someone else's API. It's a first-class MCP server designed for the way technical teams actually work in 2026.

Claude CodeLookup online
> Set up DMARC on acme.com with a reject policy.

Lookup calling email_auth_wizard...
  [ok] diagnose - score 32/100
  [ok] propose - 4 changes (SPF, DKIM, DMARC, MTA-STS)
  [ok] apply   - GoDaddy adapter, snapshot saved
  [ok] host    - mta-sts.acme.com live
  [ok] propagation - 8/8 resolvers
  [ok] re-diagnose - score 94/100

Email EasyPass complete in 47s.

What makes it different

Four things the dashboard won't do.

  • 01BULK_PRIVACY

    Bulk privacy as a one-liner.

    "Turn WhoisGuard on for every domain in my account that's currently public" — one call. No script. No manual loop through 80 detail pages.

  • 02DNS_SAFE

    DNS that doesn't fight you.

    Namecheap's API replaces the entire DNS record set per zone — no atomic "add one record" verb. We snapshot before every write, so a botched record set rolls back cleanly.

  • 03PORTFOLIO

    Health audits at portfolio scale.

    One command tells you which domains are expiring, which have stale DNSSEC, which have an SSL cert under 30 days, and which are blocklisted.

  • 04REGISTRAR

    Every registrar, one tool surface.

    The same call works on GoDaddy, Cloudflare, Porkbun, or Route 53. You're never locked into Namecheap's UX by tooling inertia.

Pricing

Priced for the way independent owners actually work.

Per-account pricing, not per-seat. Same tools, same pricing, every registrar.

RECOMMENDED
Team$99 /mo
25 domains · 5 registrars
  • RBAC + SSO
  • Up to 10 seats
  • 30-day snapshots
Choose Team
Free$0 /mo
1 domain · 1 registrar
  • Public audit, unlimited
  • MCP server access
  • 7-day snapshots
Choose Free
Pro$29 /mo
5 domains · 1 registrar
  • Everything in Free
  • 30-day snapshots
  • Email + chat support
Choose Pro
Agency$299 /mo
100 domains · 15 registrars
  • Multi-tenant workspaces
  • Priority support
Choose Agency
Agency Plus$799 /mo
500 domains · unlimited
  • Dedicated success mgr
  • 99.95% SLA
Choose Agency Plus
EnterpriseTalk to us
500+ · unlimited
  • Custom contract
  • VPC peering
Contact sales

Free public audit

Not ready to sign up? Audit a domain in 30 seconds.

Drop any domain into our free checker. We'll show you the current DMARC posture, SPF lookup count, DKIM selector status, MTA-STS presence, and a grade against the current Gmail and Yahoo requirements. No login. No email gate. No upsell pop-up.

Run a free check →

FAQ

Questions Namecheap power users actually ask.

Technically accurate against the broker's capability matrix. If something is unsupported: today, we say so here.

Q1Do I need a Namecheap reseller account?
No. You enable API access on your standard Namecheap account at ap.www.namecheap.com → Profile → Tools → API Access. Namecheap's API requires you to allowlist source IPs, which Authwright handles during onboarding.
Q2Namecheap's DNS API is replace-all. How does Authwright handle partial edits safely?
We snapshot the full zone before every write. If the new record set is malformed or you need to roll back, the snapshot is one call away. Every write also runs dns_changeset_preview first so the diff is explicit.
Q3What about DNSSEC?
Namecheap supports DNSSEC for some TLDs natively and requires a support ticket for others. Authwright surfaces that distinction cleanly — if your TLD needs a ticket, the tool returns unsupported:needs_support_ticket and tells you so. No silent failures.
Q4Can Authwright manage my PositiveSSL certs?
List, get, check expiry, renew, reissue — yes, where the Namecheap reseller API exposes it. Provisioning new certificates through Namecheap's reseller flow is on the roadmap.
Q5How do you handle Namecheap's rate limits?
Namecheap publishes per-endpoint rate limits. The broker queues and back-pressures inside the request path so your LLM session never sees a 429 — only a small delay on extremely large bulk runs.
Q6I have domains across Namecheap and other registrars. One tool, right?
Right. One MCP session, same call signatures. List, renew, edit DNS, manage SSL — registrar-agnostic at the verb level.
Q7What about the privacy email forwarding feature?
WhoisGuard's "anonymous forwarding" inbox is currently controlled in the Namecheap dashboard; Authwright reads its state but doesn't mutate it. On the roadmap.

Early access

Get early access to Authwright for Namecheap.

Namecheap portal ingest is in development. Join the waitlist and we'll reach out the day it ships.

Primary registrar

Namecheap

How many domains do you own?

We reply within one business day. No drip campaigns. No reseller calls.