DOCS

Free Catch-All Email Checker: Detect Catchall Domains

Check whether a domain accepts mail for every address. Catch-all domains pass standard SMTP verification even for fake addresses, so detecting them is the first step in any serious email cleaning workflow.
START FOR FREE
CONTACT SALES
Enter an email address to start
Need inspiration? Try
Try
test@abstractapi.com
Check catch-all status
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Checking
5
You have used all your daily credits
Sign up to get more free validations
Please, input a correct email address
Sign up to get more free validations
Results for
email
Catch-all:
Catch-all
Disposable email:
TEST
Deliverability:
TEST
Valid format:
TEST
Valid SMTP:
TEST
Valid MX record:
TEST
Get free credits, more data, and faster results
CREATE A FREE ACCOUNT

What is a catch-all email domain?

A catch-all domain is one whose mail server accepts every address at the domain, regardless of whether the mailbox actually exists. Send a message to anything@example.com on a catch-all domain and the server will say yes, even if anything is not a real user.

Catch-all (sometimes called "wildcard") is a normal email configuration. Many enterprise companies use it to consolidate inbound routing, prevent typo-related bounces, and forward unknown addresses to a default inbox. The behavior is not malicious or unusual.

The complication is verification. Standard SMTP checks ask the recipient server whether a specific mailbox exists. On a catch-all domain, the server says yes to every address, so the answer carries no information. A catch-all flag tells your verification system that SMTP confirmation cannot be trusted on its own and other quality signals need to carry more weight.

How catch-all detection works

When you submit an email or domain, the lookup runs three steps:

  1. MX resolution. The tool finds the mail servers responsible for the domain by reading its MX records.
  2. SMTP probe. The tool opens an SMTP session with the highest-priority mail server and asks whether a randomly-generated, almost-certainly-nonexistent address is deliverable. A response of 250 OK means the server accepts the random address, which means it accepts every address. The flag flips to true.
  3. Response. The result returns is_catchall as a boolean, plus the deliverability status, MX validity, and quality signals. If the server defers a final response (greylisting) or throttles the probe, the catch-all flag is set conservatively to avoid undercounting.

The probe runs during normal verification and adds no perceptible latency for the end user. It is read-only: no actual mail is sent, and the SMTP session is closed cleanly after the test.

Why catch-all status matters

Catch-all status changes how every other email signal should be interpreted.

For deliverability, catch-all means SMTP confirmation cannot be trusted as the final word on whether an address exists. A "deliverable" status from a catch-all domain has weaker meaning than the same status from a non-catch-all domain. Verification scoring reflects this by lowering confidence for catch-all addresses even when other checks pass.

For cold outreach and marketing sends, catch-all domains mask invalid addresses. The recipient server accepts everything, then bounces the bad ones asynchronously hours or days later. This produces delayed bounce data that hits sender reputation harder than synchronous rejections, since mailbox providers treat asynchronous bounces as a sign of poor list hygiene.

For B2B sales, catch-all is common at large enterprises. A catch-all flag on a Fortune 500 prospect's address is normal and does not mean the address is fake. A catch-all flag on a small business or unknown domain is a stronger negative signal because the use of catch-all there often correlates with low list hygiene or inactive ownership.

Use cases for catch-all detection

Email list cleaning before campaigns: Catch-all addresses are the leading cause of false-positive deliverability scoring on cleaned lists. Running existing contact lists through catch-all detection before a campaign tells you which addresses passed SMTP only because the server accepts everything, not because the mailbox is confirmed real. Down-weighting or quarantining catch-all addresses before a send produces more accurate engagement metrics and protects sender reputation.

Cold outreach prospect filtering: Cold outreach to a catch-all domain can still work, but you need to factor it in. For high-volume sequences, treat catch-all status as a yellow flag: send fewer touches, expect lower reply rates, and watch for asynchronous bounces. For small to mid-market prospects on catch-all domains, consider routing them through a different cadence (LinkedIn, manual research) instead of email-only sequences.

Email verification pipeline scoring: If you build email validation into your product (signup forms, payment flows, lead capture), catch-all detection is the difference between a verification system that returns useful confidence and one that returns false certainty. Combine the catch-all flag with disposable detection, role detection, and domain age to produce a calibrated quality score per address rather than a binary deliverable or not.

Audit your own domain configuration: Run your own marketing and transactional domains through the checker to confirm whether they're catch-all. Many companies inherit catch-all configuration from old mail servers or DNS migrations and never realize. If your sending domain is catch-all when it shouldn't be, you may be receiving (and silently dropping) bounce notifications for addresses that don't exist. The fix is a configuration change, but the diagnosis starts here.

See what the API returns

Every MX record lookup returns a structured JSON response. Here is what a request returns for a domain:

Response parameters

email_address

String
The email address you submitted for analysis.

email_deliverability.status

String
Whether the email is considered deliverable, undeliverable, or unknown.

email_deliverability.status_detail

String
Additional detail on deliverability (e.g., inbox_full, full_mailbox, invalid_format).

email_deliverability.is_format_valid

Boolean
Is true if the email follows the correct format.

email_deliverability.is_smtp_valid

Boolean
Is true if the SMTP check was successful.

email_deliverability.is_mx_valid

Boolean
Is true if the domain has valid MX records.

email_deliverability.mx_records

Array
List of MX records associated with the domain.

email_quality.score

Float
Confidence score between 0.01 and 0.99 representing email quality.

email_quality.is_free_email

Boolean
Is true if the email is from a known free provider like Gmail or Yahoo.

email_quality.is_username_suspicious

Boolean
Is true if the username appears auto-generated or suspicious.

email_quality.is_disposable

Boolean
Is true if the email is from a disposable email provider.

email_quality.is_catchall

Boolean
Is true if the domain is configured to accept all emails.

email_quality.is_subaddress

Boolean
Is true if the email uses subaddressing (e.g., user+label@domain.com).

email_quality.is_role

Boolean
Is true if the email is a role-based address (e.g., info@domain.com, support@domain.com).

email_quality.is_dmarc_enforced

Boolean
Is true if a strict DMARC policy is enforced on the domain.

email_quality.is_spf_strict

Boolean
Is true if the domain enforces a strict SPF policy.

email_quality.minimum_age

Integer
Estimated age of the email address in days, or null if unknown.

email_sender.first_name

String
First name associated with the email address, if available.

email_sender.last_name

String
Last name associated with the email address, if available.

email_sender.email_provider_name

String
Name of the email provider (e.g., Google, Microsoft).

email_sender.organization_name

String
Organization linked to the email or domain, if available.

email_sender.organization_type

String
Type of organization (e.g., company).

email_domain.domain

String
Domain part of the submitted email address.

email_domain.domain_age

Integer
Age of the domain in days.

email_domain.is_live_site

Boolean
Is true if the domain has a live website.

email_domain.registrar

String
Name of the domain registrar.

email_domain.date_registered

Datetime
Date when the domain was registered.

email_domain.date_last_renewed

Datetime
Last renewal date of the domain.

email_domain.date_expires

Datetime
Expiration date of the domain registration.

email_domain.is_risky_tld

Boolean
Is true if the domain uses a top-level domain associated with risk.

email_risk.address_risk_status

String
Risk status of the email address: low, medium, or high.

email_risk.domain_risk_status

String
Risk status of the domain: low, medium, or high.

email_breaches.total_breaches

Integer
Total number of data breaches involving this email.

email_breaches.date_first_breached

Datetime
Date of the first known breach.

email_breaches.date_last_breached

Datetime
Date of the most recent breach.

email_breaches.breached_domains

Array
List of breached domains.

email_breaches.breached_domains[].domain

String
Domain affected by the breach.

email_breaches.breached_domains[].date_breached

Datetime
Date when the breach occurred.

API Endpoint

curl --request GET \
  --url https://emailreputation.abstractapi.com/v1
{
  "email_address": "benjamin.richard@abstractapi.com",
  "email_deliverability": {
    "status": "deliverable",
    "status_detail": "valid_email",
    "is_format_valid": true,
    "is_smtp_valid": true,
    "is_mx_valid": true,
    "mx_records": [
      "gmail-smtp-in.l.google.com",
      "alt3.gmail-smtp-in.l.google.com",
      "alt4.gmail-smtp-in.l.google.com",
      "alt1.gmail-smtp-in.l.google.com",
      "alt2.gmail-smtp-in.l.google.com"
    ]
  },
  "email_quality": {
    "score": 0.8,
    "is_free_email": false,
    "is_username_suspicious": false,
    "is_disposable": false,
    "is_catchall": true,
    "is_subaddress": false,
    "is_role": false,
    "is_dmarc_enforced": true,
    "is_spf_strict": true,
    "minimum_age": 1418
  },
  "email_sender": {
    "first_name": "Benjamin",
    "last_name": "Richard",
    "email_provider_name": "Google",
    "organization_name": "Abstract API",
    "organization_type": "company"
  },
  "email_domain": {
    "domain": "abstractapi.com",
    "domain_age": 1418,
    "is_live_site": true,
    "registrar": "NAMECHEAP INC",
    "registrar_url": "http://www.namecheap.com",
    "date_registered": "2020-05-13",
    "date_last_renewed": "2024-04-13",
    "date_expires": "2025-05-13",
    "is_risky_tld": false
  },
  "email_risk": {
    "address_risk_status": "low",
    "domain_risk_status": "low"
  },
  "email_breaches": {
    "total_breaches": 2,
    "date_first_breached": "2018-07-23T14:30:00Z",
    "date_last_breached": "2019-05-24T14:30:00Z",
    "breached_domains": [
      { "domain": "apollo.io", "date_breached": "2018-07-23T14:30:00Z" },
      { "domain": "canva.com", "date_breached": "2019-05-24T14:30:00Z" }
    ]
  }
}

API Response

Powered by the Email Reputation API · View pricing · See the full API reference

Catch-all email checker FAQ

What is a catch-all email domain?

A catch-all domain is one whose mail server accepts every address at the domain, even if the mailbox does not exist. If you send a message to anything@example.com and the domain is catch-all, the server says yes regardless of whether anything is a real user. Many enterprise companies configure catch-all to avoid losing mail from typos and to consolidate inbound routing. The behavior is normal, but it complicates email verification because you cannot tell from an SMTP check alone whether a specific address is real.

How is catch-all status detected?

Detection works by probing the domain with a randomly-generated, almost-certainly-nonexistent address. If the SMTP server responds 250 OK to that random address, the domain is treated as catch-all. The technique is reliable when the server responds during the initial SMTP handshake. Some servers defer the response and only bounce later, in which case the catch-all flag is set conservatively. The check happens during normal email verification and adds no extra latency for the user.

Why does catch-all complicate email verification?

Standard SMTP verification asks the recipient server whether a specific mailbox exists. On a catch-all domain, the server says yes to every address, so the answer carries no information. An address at a catch-all domain might be a real user, a typo, a fake signup, or a discarded alias. Verification scoring treats catch-all status as a separate signal and combines it with other quality indicators (disposable, role, free provider) instead of relying on SMTP alone.

Can I send email to a catch-all domain?

You can, but expect higher bounce rates and longer feedback loops. Catch-all servers accept the message at SMTP time, then bounce it asynchronously if the mailbox does not exist or route it to a quarantine folder if it does. For transactional mail (signup confirmations, password resets), this is usually fine. For cold outreach and large marketing sends, catch-all domains depress engagement metrics and can hurt sender reputation if a meaningful share of addresses are typos or fakes.

Is catch-all the same as a wildcard email?

They describe the same behavior. Catch-all is the term most email verification services use; wildcard is more common in mail server documentation (a wildcard rule routes any unmatched address to a default mailbox). Functionally, both mean the domain accepts mail for any local-part. A catch-all domain might forward all mail to one inbox, drop it after acceptance, or sort it by rules. The difference is invisible to the sender.

How accurate is catch-all detection?

Detection is highly accurate when the receiving server responds during the SMTP handshake, which most do. Accuracy drops with greylisting servers that defer the response, with mail providers that throttle verification probes, and with domains running custom mail filters that reject some random patterns. In those cases, the catch-all flag tends to be set conservatively (closer to true) to avoid undercounting. False positives are rare, false negatives slightly more common.

More email intelligence tools

Disposable Email Checker
Detect disposable email addresses before they enter your database.
Try it free
Domain Age Checker
Check when a domain was registered and how long it has been active.
Try it free
Email Verifier
Check if an email address is deliverable, disposable, or misspelled.
Try it free
MX Record Lookup
Look up the mail servers that accept email for any domain.
Try it free
Explore all Abstract tools
Get started
Need to check thousands of domains?
stars rating
4.8 from 1,863 votes
The same lookup the tool runs, available as an API. No credit card required.
get free api key
No credit card required