ValidEmailChecker

How does VEC detect catch-all domains in real time?

Last updated May 19, 2026Email verification

Catch-all detection is step 6 of the Valid Email Checker engine. It exists because SMTP itself cannot tell you whether a specific mailbox is real on a catch-all domain — the server accepts every address the same way. To work around the protocol gap, the engine sends a second probe with a deliberately fake local part and reads what comes back.

The mechanic is straightforward. After the initial RCPT TO succeeds with the real address, the engine builds a second address that almost certainly does not exist (random characters before the @) and runs the same RCPT TO against it. Two outcomes are possible.

The two outcomes

  • The server rejects the fake address with a 550. The original 250 was a real "this mailbox exists" response. The verdict is Safe (assuming the other checks all pass).
  • The server accepts the fake address with a 250 too. The original 250 was just the server being permissive. The verdict is Catch-All, because we cannot tell whether the specific mailbox is real.

Catch-all detection runs only when the earlier steps look promising. If the address already failed syntax, DNS, or RCPT TO at step 5, the engine has its verdict and skips the catch-all probe entirely.

Why detection happens per-verification, not from a static list

Catch-all is a configuration choice the domain owner can change. A domain that was strict last month may be catch-all this month after the admin enabled an unknown-address handler, and vice versa. Maintaining a static list of catch-all domains would mean stale data every time a domain changed configuration. Running the probe per-verification means every result reflects the current state of the domain.

It is slightly more expensive in network terms — one extra round-trip per verification on top of the standard SMTP conversation — but the accuracy improvement is worth it. The engine batches the probes efficiently enough that the cost is not noticeable from your side.

How catch-all is reported in the result

A confirmed catch-all comes back with status catch_all and a confidence score around 71 — lower than Safe (98) because the underlying mailbox is unverifiable, but not low enough to mark as a hard remove. The result also sets is_catch_all: true in the API response, which lets you filter catch-all separately in your own workflow.

See the catch-all guide for the broader strategy and what does the confidence indicator on results mean for how the score is computed.

Catch-all does not mean Safe
Some free verifiers report catch-all addresses as Valid because the server accepted the probe. They cannot distinguish a real mailbox from a domain-level catch-all behavior. VEC reports them separately so the choice of how to handle them is yours.

Edge cases

A small fraction of mail servers respond to the catch-all probe inconsistently — accept the fake address on one connection, reject it on the next. The engine retries on a fresh connection when it detects inconsistency; if the second response still looks ambiguous, the verdict falls back to risky rather than committing to catch_all or safe without enough evidence.

Some greylisting servers refuse the second probe even though they accepted the first, which forces the engine to either retry or fall back to the secondary provider. See how VEC handles greylisting and fallback providers in verification.

Related questions

What is a catch-all email domain?
What does each step of the 11-step verification engine actually do?
How accurate is Valid Email Checker?
What does the confidence indicator on results mean?
Back to all FAQs

Still stuck? Email support