To verify a catch-all email, run it through a verifier that resolves individual mailboxes—not just one that flags the domain as accept-all. A standard SMTP check fails on catch-all domains because the server says "yes" to every address. A dedicated catch-all email verifier analyzes signals beyond the SMTP handshake to decide which specific addresses are actually deliverable, marking each one valid or invalid instead of "risky." Enrichley does this with 98% accuracy and no test email ever sent to the recipient.
How do you verify a catch-all email?
You verify a catch-all email at the individual-mailbox level, because the domain-level answer is useless. A catch-all (or accept-all) domain is configured to accept mail for every address, so asking the server "does this mailbox exist?" always returns "yes"—even for a typo or an address nobody has ever used. (For the full background on what catch-all domains are and why they exist, start with the hub guide: What is a Catch-All Email?)
That leaves three realistic paths once a verification tool flags an address as catch-all:
| Approach | What it does | Verdict |
|---|---|---|
| Standard SMTP check | Detects the domain is accept-all, then marks every address "risky" or "unknown." | Can't verify |
| Send a test email | Lands a real message in the prospect's inbox; bounces still hit your reputation. | Risky & intrusive |
| Catch-all verifier | Resolves individual mailboxes from signals beyond SMTP; returns valid / invalid. | Verifies cleanly |
Only the third path actually answers the question you care about—is this one address real?—without putting a message in front of the recipient. The rest of this guide is how that works and how to run it.
Why can't standard verification check catch-all addresses?
Standard verification can't check catch-all addresses because it relies on the mail server's answer, and a catch-all server is configured to accept everything. Most verifiers run an SMTP check without sending an email: they open a connection, issue an RCPT TO command for the address, and read whether the server accepts or rejects it.
On a standard domain
- Valid address → server accepts
- Invalid address → "550 user unknown"
- The accept/reject answer is the verification
On a catch-all domain
- Valid address → server accepts
- Invalid address → server also accepts
- "Accepted" tells you nothing
Because the accept/reject signal collapses on a catch-all domain, the verifier has no honest way to call the address valid—so it plays it safe and labels it "risky," "unknown," or "accept-all." That label is accurate but unhelpful: roughly 40-60% of B2B email addresses live on catch-all domains, so a tool that gives up here is leaving the majority of your enterprise contacts unverified.
How does a catch-all email verifier work?
A catch-all email verifier works by looking past the SMTP accept/reject answer and weighing additional signals to decide whether a specific mailbox is real. Instead of trusting a server that accepts everything, it builds a confidence judgment for each individual address and resolves it to valid or invalid—all without delivering a message to the recipient.
Signals a catch-all verifier weighs
- 1.Mail-server behavior — how the provider responds across multiple probes and timing patterns, not a single handshake.
- 2.Address & pattern analysis — whether the local part matches the formats real mailboxes on that domain actually use.
- 3.Out-of-band signals — corroborating evidence that a person is genuinely reachable at that address, beyond what the SMTP conversation reveals.
- 4.No test email — the recipient never receives anything, so verification stays invisible and reputation-safe.
This is the difference between detecting a catch-all and verifying one. Enrichley's catch-all verifier uses a proprietary algorithm built specifically for this, which is why it can return a valid/invalid answer where general-purpose tools stop at "risky."
How to verify catch-all emails, step by step
Verifying a catch-all address—or a list full of them—comes down to four steps:
Enter the address or upload your list
Paste a single email to spot-check it, or upload a CSV to verify thousands of catch-all addresses at once with the catch-all verifier.
Let the verifier resolve each mailbox
Each address is checked at the individual-mailbox level and returned as valid or invalid—not lumped together as "accept-all." No message reaches the recipient.
Keep the valid addresses, drop the dead ones
Send only to the confirmed-deliverable catch-alls; set aside the ones marked invalid. This is what recovers contacts other tools would have you delete.
Re-verify before each campaign
Email data decays at ~2-3% per month, so re-verify catch-all lists before major sends to keep your bounce rate under 2%.
Not sure whether to send to catch-alls at all once they're verified? See Are catch-all emails safe to send? for the cold-email risk breakdown.
Verifying catch-alls in bulk and via API
Most teams don't verify one catch-all at a time—they have a list, a signup form, or a CRM full of them. There are three ways to run catch-all verification, and they all draw on the same credits (1 credit per email):
Single check
Paste one address to confirm a high-value prospect before you reach out.
Bulk CSV
Upload an exported list from Apollo, ZoomInfo, or your CRM and verify every catch-all in one pass.
Real-time API
Verify at signup, on list import, or inside your app so catch-alls never enter dirty.
The API is the right fit when verification needs to happen automatically—gating a signup form, cleaning a list on import, or enriching records in your CRM. The bulk uploader is the fastest route for a one-time list clean before a campaign.
How accurate is catch-all email verification?
Enrichley verifies catch-all addresses with 98% accuracy and typically recovers 20-30% more usable emails than a tool that simply marks the whole domain "risky" and walks away. That recovery rate is the practical payoff: catch-all addresses make up roughly 40-60% of a typical B2B list, so the choice is rarely trivial.
Mark them all "risky"
- Strands 40-60% of B2B contacts as unusable
- Forces a delete-or-gamble decision
- Wastes data you already paid for
Verify at 98% accuracy
- Recovers 20-30% more valid emails
- Returns a clear valid/invalid answer
- Protects deliverability and reputation
Accuracy is what makes the recovered contacts worth keeping. A verifier that recovers catch-alls but gets them wrong would just trade deletion for bounces—so the 98% figure and the 20-30% recovery have to come together.
What to look for in a catch-all email verifier
Most tools that advertise "catch-all verification" only detect catch-all domains. When you're choosing one that actually verifies them, check for:
Individual-mailbox resolution
It should return valid/invalid for a specific address—not just "this domain is accept-all." If the result is a domain-level label, it isn't verifying.
No test emails sent
Verification should be invisible to the recipient. A tool that "verifies" by sending a probe message risks your reputation and tips off the prospect.
Stated accuracy and recovery
Look for a concrete accuracy figure (Enrichley: 98%) and an honest recovery range (20-30% more usable emails)—not vague "higher accuracy" claims.
Bulk and API support
Single checks, CSV uploads, and a real-time API on shared credits so verification fits both one-off cleans and automated workflows.
Frequently Asked Questions
How do you verify a catch-all email?
Can catch-all emails be verified at all?
Does verifying a catch-all email send a test message?
Is there an API for catch-all email verification?
How accurate is catch-all email verification?
Verify Your Catch-All Emails
Resolve individual mailboxes on accept-all domains with 98% accuracy—and recover the 20-30% of valid contacts other tools tell you to delete.