A catch-all domain is one where the mail server accepts every address at the SMTP layer, regardless of whether a mailbox actually exists. anything@catchalldomain.com returns 250 OK. Some of those addresses lead to real inboxes. Some end up in a single forwarding mailbox. Some get silently discarded. The verifier cannot tell the difference. Neither can you, until you try to send.
Why catch-all exists
Domain owners turn on catch-all for legitimate reasons:
- To prevent typos from bouncing. An employee tells a client to email
jane@acme.combut the client typesjan@acme.com. Catch-all forwards everything to a fallback inbox so the message gets read. - To create infinite addresses per team member.
jane.support@acme.com,jane.sales@acme.com,jane.recruiting@acme.comall route to Jane without manual setup. - To handle inbound from a single email parser. All addresses route to a tool like Help Scout or Front.
The verification problem
When you verify name@acme.com against a catch-all domain, the SMTP probe returns 250 OK whether or not Jane actually has a mailbox. You cannot distinguish a real address from a guessed one.
Good verifiers detect catch-all behavior (typically by probing a guaranteed-fake address first; if that also returns OK, the domain is catch-all) and mark the result as catch-all with a confidence score around 70 instead of 95.
What to do with catch-all addresses
You have three options:
Option 1: Send carefully
Many catch-all domains do route to real mailboxes, just behind a catch-all routing rule. Names that look real (jane.smith@acme.com) are very likely to land somewhere. Random strings (x7k3@acme.com) probably bounce or vanish.
The pattern: send to catch-all addresses at a slower pace, monitor engagement (opens, clicks, replies). If you see signals, the address is real. If you see nothing for 30 days, mark it dead.
Option 2: Filter by name plausibility
Heuristic: if the local part looks like a real human name (capitalized, common patterns like first.last), keep it. If it looks generated, drop it. This is brittle but quick.
Option 3: Skip catch-all entirely
For high-stakes campaigns where one bounce is too many, just remove catch-all addresses. You will lose some real addresses but you will protect deliverability.
How to know your domain is catch-all
Run a verifier against a definitely-fake address at your own domain: x9z7q3pq@yourdomain.com. If you get back valid, you are catch-all and probably did not realize.
To turn it off: in Microsoft 365, Exchange admin centre, Mail flow, Accepted domains, change Match for this accepted domain from "Internal Relay" to "Authoritative". In Google Workspace, the corresponding setting is in the Routing section of Apps > Gmail.
FAQ
Are catch-all domains rare?
No. About 15 to 30% of business domains we verify are catch-all. The percentage is highest for small companies and consultancies.
Can a verifier ever give a definitive answer on catch-all?
Not from SMTP alone. The only sources of truth are engagement data (did they open) or asking the domain admin directly.
Does MailoClean separate catch-all from valid?
Yes. Catch-all returns as its own status, separately from valid and invalid. You can segment and act on the three groups differently.
Verify and segment
Upload your list and download three CSVs: valid, invalid, risky (which is where catch-all lands). Treat each segment with the right strategy.