how to detect catch all email servers
How to detect catch all email servers
Look for domains that accept every mailbox and return ambiguous reachability results.
Catch-all servers often accept any RCPT TO value.
A positive SMTP response is not enough to prove mailbox ownership.
Use catch-all as a risk flag in your decision tree.
220 mail.example.com ESMTP
EHLO emailverify.se
MAIL FROM:<[email protected]>
RCPT TO:<[email protected]>
QUITWhy are they hard to detect?
Because the server deliberately accepts many addresses even when the mailbox may not be real.
What should I do with the result?
Combine it with scoring and send a warning or require extra review.
Why catch-all is a risk signal
Catch-all servers accept many or all local parts, so a positive response does not strongly prove mailbox existence. That makes them useful for risk scoring but weak as a yes/no proof of deliverability.
How teams should treat it
The right response is usually to downgrade confidence, not immediately reject. High-value signups can be escalated to extra review or a stronger verification path, while low-value signups can be handled more strictly.
FAQ
How do I use this page?
Use it as a quickstart reference and link it from your docs, onboarding flow, or marketing page.
What should I do next?
Create an account, try the demo, and move the integration into your backend with a real API key.
Is catch-all the same as invalid?
No. It is usually valid, just less certain.
Why does it matter for onboarding?
Because it changes how much trust you should place in the address result.