Home / Blog / What is a catch-all email address?

What is a catch-all email address?

By Andrej Užušienis · July 8, 2026 · 7 min read

If you have ever verified a list and seen a chunk of addresses come back as "catch-all," "accept-all," or "unknown," this is the article that explains what just happened. Catch-all domains are the single biggest source of ambiguity in email verification — they are neither clearly valid nor clearly invalid — and how you treat them has a real effect on your bounce rate and sender reputation. Here is exactly what they are, why they exist, and how to send to them without getting burned.

The definition

A catch-all (also called accept-all) domain is configured to accept email sent to any address at that domain — even mailboxes that do not exist. Mail to ceo@company.com and mail to zzz-nobody-123@company.com are both accepted at the server door.

Instead of rejecting mail for unknown local parts, the server takes it all in and routes anything unrecognised to a designated inbox (or silently discards it). From the outside, every address at the domain looks deliverable — because, at the SMTP level, every address is accepted.

Why domains use catch-all

Catch-all is not a trick or a spam tactic. It is a legitimate configuration with real business reasons:

Why catch-all breaks verification

Email verification works by asking the receiving mail server, over SMTP, whether a specific mailbox exists — the RCPT command. A normal domain answers honestly: 250 OK for a real mailbox, 550 No such user for a fake one. A catch-all domain answers 250 OK to everything. The signal that verification depends on is simply not there.

This is why a responsible verifier does not report catch-all addresses as "valid." Doing so would be selling false confidence — the mailbox behind that address might be a real person, or it might be a black hole. The honest verdict is a separate category: catch-all / accept-all / risky. (For the full protocol walkthrough of how this probe works, and the other edge cases that trip up naive verifiers, see how SMTP RCPT validation works.)

How a verifier detects catch-all

The standard technique is elegant: before checking the real address, the verifier sends a RCPT for a guaranteed-nonexistent address — a long random string like x8f3k9-does-not-exist@company.com. Then it interprets the response:

Valid vs catch-all vs invalid

ValidCatch-allInvalid
Domain accepts mail?YesYesNo / mailbox missing
Mailbox confirmed to exist?YesUnknownNo
Safe to send?YesWith cautionNo — will bounce
Bounce riskVery lowUncertainGuaranteed hard bounce

Are catch-all addresses risky to send to?

Yes — but the risk is uncertainty, not guaranteed failure. Here is the realistic picture:

The reputational danger is subtle: because catch-all mail does not hard-bounce, a list heavy with catch-all addresses can hide a large fraction of non-existent recipients. Your bounce rate looks great while your genuine deliverability (mail actually reaching a human) is poor — which shows up later as weak engagement and, eventually, spam-folder placement.

How to handle catch-all addresses

Do not blanket-delete them and do not blindly send to all of them. Segment by risk:

  1. Keep catch-all addresses that came from a trusted source. If someone typed their own address into your signup form, a catch-all verdict is low-risk — the address is almost certainly real; the domain just happens to be accept-all.
  2. Be cautious with catch-all addresses from scraped or purchased data. Here the local part is a guess, and catch-all means you have no confirmation the guess is right. These are the ones most likely to be black holes or traps.
  3. Warm up before volume. Send to catch-all segments in smaller batches and watch engagement. If opens and clicks are near zero, treat the segment as unverified and suppress.
  4. Cross-check the domain's reputation. Before mailing a large catch-all segment, confirm the domain and your own IP are clean using a blacklist lookup, and that your authentication is aligned with SPF and DMARC so the mail that does land is trusted.

See which of your addresses are catch-all

Mailcheq flags catch-all domains explicitly instead of pretending they're valid — plus syntax, MX, disposable, and live SMTP. Free in your browser.

Verify an address →

The bottom line

A catch-all domain accepts mail to every possible address, which means a "valid" SMTP response tells you nothing about whether the specific mailbox exists. That is why an honest verifier reports catch-all as its own category rather than lumping it in with valid. Treat catch-all addresses by source: trust them when they came from the person directly, be cautious when they came from scraping, and always watch engagement to catch the black holes. Handled that way, catch-all addresses are a manageable grey area rather than a hidden threat to your bounce rate and reputation.

Spotted an error in this article? Email hello@mailcheq.com and we will fix it.