A catch-all email server accepts messages for any address at a domain — even if the mailbox does not exist. This creates a problem for email verification and a risk for senders. Here is what it means and how to handle it.
A catch-all email server (also called a wildcard mailbox) is a mail server configured to accept all incoming messages sent to any address at a domain — regardless of whether the specific mailbox exists. SMTP verification cannot confirm individual mailbox existence on catch-all servers.
When a mail server receives an incoming message, it checks if the recipient mailbox exists before accepting or rejecting. A catch-all server skips this check — it accepts everything.
The catch-all server accepts both addresses — one may exist and one does not. SMTP verification returns the same response for both, making it impossible to determine which addresses are truly deliverable via SMTP alone.
The standard technique is to send RCPT TO for two obviously non-existent random addresses. If both return 250, the domain is catch-all.
BounceZero performs catch-all detection automatically before scoring. If a domain is catch-all, verification moves to ML Stage 5 for risk scoring rather than treating the 250 as proof of mailbox existence.
Does the address map to a LinkedIn, GitHub, or Twitter profile? Real addresses are far more likely to match social profiles than non-existent ones.
How old is the domain? What is the MX provider? How many other deliverable addresses exist from the same domain in the global sending graph?
Does the local part follow human name patterns (firstname.lastname) or random strings? Real employee addresses typically follow company naming conventions.
Has this address appeared in known data breaches? Breached addresses were active at breach time, adding strong evidence of prior existence.
All signals feed into gradient boosted models trained on millions of verified outcomes. Results are returned as likely_valid or likely_invalid with a percentage confidence.
BounceZero shows whether an address is catch-all and provides ML confidence scoring for free.
A catch-all email address is at a domain configured to receive all messages regardless of whether the specific mailbox exists. Companies use catch-all to avoid missing emails from typos. For senders, catch-all addresses are risky without ML scoring because you cannot confirm the specific mailbox is real.
Send RCPT TO commands for two obviously non-existent random addresses (e.g., [email protected]). If both return 250, the server is catch-all. BounceZero detects this automatically during Stage 3 SMTP verification before applying ML scoring.
Depends on ML confidence. BounceZero classifies catch-all addresses as likely_valid (safe to send, >70% confidence) or likely_invalid (expected to bounce). Sending only to high-confidence likely_valid addresses keeps bounce rates below 1%.
Approximately 20-30% of corporate domains. Most common on Microsoft Exchange, Google Workspace, and Postfix. Consumer providers like Gmail.com and Outlook.com are not traditional catch-alls but they withhold SMTP mailbox existence responses.
A shared inbox is a real mailbox that multiple users access. A catch-all intercepts all undelivered messages and routes them to a single mailbox (or discards them). They are technically different configurations but both appear as 250 responses to SMTP verification.
ML scoring turns ambiguous catch-all results into actionable likely_valid / likely_invalid. 100 free verifications.
Start FreeDeep-dive guides on how email verification and inbox placement work
How the 5-stage pipeline checks a mailbox without sending email
The RCPT TO handshake explained — codes, catch-alls, limits
Temp addresses, how to detect them, and why they matter
Hard vs soft bounces, SMTP codes, and how to fix them
Get from 5-15% to under 0.5% in 6 steps
Authentication, list hygiene, IP warmup, ISP monitoring
Follow BounceZero