Catch-All Domains: What They Are and Why They Matter
What is a Catch-All Domain?
A catch-all (or wildcard) email domain is configured to accept messages sent
to any address at that domain — even addresses that don't exist.
[email protected] still reaches the inbox rather than bouncing.
This is legitimate for organisations that want to catch mistyped addresses, but it's a problem for email validation: you can't verify whether a specific mailbox exists using SMTP probing, because the server accepts everything.
How to Detect Catch-All Domains
Send an SMTP probe to a randomly generated, definitely-non-existent address
at the domain (e.g., [email protected]). If the server accepts it,
the domain is catch-all.
The Email Toolkit API does this automatically:
curl -X POST https://api.toolkitapi.io/v1/email/validate \
-H "X-API-Key: $API_KEY" \
-H "Content-Type: application/json" \
-d '{"email": "[email protected]"}'
{
"email": "[email protected]",
"valid": true,
"catch_all": true,
"smtp_verified": false,
"reason": "catch_all_domain"
}
What catch_all: true Means for Your Workflow
You know the domain is reachable but you cannot confirm the mailbox. Options:
- Accept and monitor bounce rate — send and track bounces as a signal
- Mark as low-confidence — show a "please double-check" notice to the user
- Require confirmation — send a transactional email and require click-through
Common Catch-All Domains
Large corporations, schools, and government domains often run catch-all configs. You'll also see it on custom domains where the owner hasn't set up individual mailboxes yet.
MX Record Check First
Before SMTP probing, always resolve MX records. If there are no MX records, the domain cannot receive email at all — there's no need to probe.