the wildcard problem, solved

Catch-All Email Verifier

A field guide to accept-all domains — and the tool that resolves them

Deliverability · The catch-all problem

The Catch-All Email Verifier That Turns “Risky” Into an Answer

Somewhere between a third and forty percent of the B2B addresses you care about live on domains that accept every email — which means ordinary verification tools can’t tell you anything about them. They shrug, stamp the lead risky, and bill you anyway. This page explains why that happens, what it costs, and how mailbox-level identity verification gets those leads back.

Updated June 2026 · 7-minute read · Free check below, no signup

The free check

Test an address against a catch-all-aware verifier

Real SMTP handshake plus catch-all resolution. Five free checks a day — no account needed.

01

What a catch-all domain actually is

When a verifier tests an address, it opens a conversation with the domain’s mail server and asks, in effect: would you accept mail for jane@acme.com? On a normally configured server, a fake address gets refused and a real one gets accepted, and that difference is the whole basis of SMTP verification.

A catch-all — or accept-all — domain breaks that logic deliberately. Its mail server is configured to accept mail for any local part: jane@, j.smith@, completely-made-up@. All of it gets a yes. Administrators do this for sensible reasons: so misspelled addresses still reach someone, so nothing is lost during staff changes or migrations, and sometimes specifically to starve spammers’ dictionary attacks of useful signal.

An accept-all server answers yes to every question — which means its yes is worth nothing.

02

Roughly a third of B2B domains behave this way

Catch-all configuration is not an edge case. Across the corporate world, somewhere around 30–40% of B2B domains accept all mail — and the proportion climbs as companies get bigger, because catch-all is a common default posture for organisations running Microsoft 365 or Google Workspace with managed IT. The companies most likely to be catch-all are, inconveniently, exactly the mid-market and enterprise accounts most outbound teams want to reach.

So if you run a 10,000-contact prospect list through a typical verifier, it is entirely normal for 3,000–4,000 rows to come back stamped risky, accept-all or unknown. Not invalid — just unanswered.

03

Why most verifiers give up — and what that costs you

The handshake is the only probe a conventional verifier has. When the server accepts everything, the probe carries no information, and the honest thing for the tool to do is admit it. So it does: risky. The label isn’t wrong. It’s just useless — and in most tools you were charged full price to receive it.

What happens next is where the real cost hides. You have two options with a “risky” column, and both are bad:

  1. Send anyway. Some of those addresses are fake, and on a catch-all domain a fake address often bounces only after acceptance — or gets silently dropped. Enough hard bounces and your sending domain’s reputation starts to decay; the campaigns to your good addresses suffer too.
  2. Cut the column. The safe choice, and the one most teams make. You just deleted a third of your pipeline — disproportionately the larger companies — because your tooling couldn’t form an opinion.

A third of your pipeline should not die in a spreadsheet column labelled “risky”.

04

Mailbox-level identity verification: asking a better question

The way out is to stop interrogating the domain’s mail edge — which has been configured to tell you nothing — and ask the provider behind it instead.

The majority of corporate catch-all domains are hosted on one of two platforms: Microsoft 365 or Google Workspace. Both maintain an identity layer that is separate from the mail-acceptance layer, and that identity layer knows precisely which accounts exist. Our catch-all email verifier runs provider-level identity checks against it: rather than asking will this domain accept mail for jane@acme.com?, we establish does an account for jane@acme.com exist in this tenant?

That question has a real answer. When the account exists, the address comes back deliverable. When it doesn’t, undeliverable. The wildcard stops mattering, because we are no longer talking to the part of the system that wildcards.

Every check still begins with the fundamentals — syntax, DNS and MX records, and a real SMTP handshake — plus the hygiene flags you’d expect: disposable-address detection, role-based addresses (info@, sales@), and a free-provider flag. Identity resolution is the extra step that fires exactly where the handshake goes blind.

And when a domain sits outside Microsoft 365 and Google Workspace coverage and genuinely cannot be resolved, we say so — the result is unknown, and unknowns are never charged. On bulk jobs, the credits are refunded automatically.

05

What this looks like in practice

Take that same 10,000-contact list. Instead of a 3,500-row write-off, the catch-all segment resolves into mostly clear verdicts: deliverable addresses you can confidently contact, undeliverable ones you can cut without regret, and a small honest remainder of unknowns — which cost you nothing. Run it as a CSV upload with per-row results, wire the REST API into your signup form or CRM, or check a single address in the card above. The engine is the same in every case, and results are cached for 90 days so re-running a list doesn’t re-bill the overlap.

Rates

Pay-as-you-go credits. One credit, one verification. No subscription, and no card needed to start — every new account begins with 100 free credits.

PackageCreditsPricePer 1,000
Starter1,000$10$10.00
Growth most popular5,000$40$8.00
Pro10,000$70$7.00
Scale50,000$300$6.00
Enterprise100,000$500$5.00

Unknown results are never charged on single checks and refunded automatically on bulk jobs.

Create a free account — 100 free credits

Questions, answered

What is a catch-all (accept-all) email domain?

A catch-all domain is one whose mail server is configured to accept mail for any address at that domain — real or not. Because the server says yes to everything during the SMTP conversation, a standard handshake test cannot tell whether a specific mailbox actually exists.

Why do most verifiers mark catch-all addresses as risky?

The SMTP handshake is the only probe most verifiers have. When a server accepts every recipient, that probe carries no information, so the tool labels the address “risky”, “accept-all” or “unknown” and moves on. The classification is honest about the method’s limits — but it leaves you to guess.

How does this catch-all email verifier resolve accept-all addresses?

Instead of asking the domain’s mail edge, we run identity checks against the underlying provider. Most corporate catch-all domains are hosted on Microsoft 365 or Google Workspace, and both expose mailbox-level signals that reveal whether a specific account exists in the tenant. That lets us return deliverable or undeliverable where other tools return “risky”.

What happens when an address genuinely can’t be resolved?

It comes back as “unknown” — and you don’t pay for it. Unknown results are never charged on single checks and are refunded automatically on bulk jobs.

Do I need a credit card to try it?

No. The check on this page is free — 5 checks a day, no signup. A free account adds 100 credits, bulk CSV cleaning and API access, still with no card required.

Stop guessing on catch-all domains

100 free credits on signup. No card, no subscription — and no more pipeline lost to a column called “risky”.

Start verifying free