Catch-all domain detection with conservative handling
Why it matters
Catch-all domains accept email to any local-part regardless of whether the mailbox exists — xyz1234@company.com and alice@company.com both succeed MX verification. This makes MX checks alone insufficient for validating contact quality. Contacts from catch-all domains appear deliverable but frequently bounce or are read by nobody, because many catch-all configurations feed unrouted mail to a trash mailbox. Mixing catch-all addresses with fully verified contacts inflates your apparent list size while depressing engagement rates, producing misleading health metrics and campaign analytics.
Severity rationale
Low because catch-all addresses are a list quality issue that degrades metrics and deliverability incrementally rather than causing immediate bounces or compliance exposure.
Remediation
Use an email validation API that returns a catch-all or accept_all status and store it on the contact record. Exclude catch-all addresses from cold outreach segments:
// Store validation status at ingest (example using ZeroBounce response shape):
await db.contact.upsert({
where: { email },
update: { validation_status: result.status },
create: { email, validation_status: result.status }
})
// Exclude from cold campaigns:
const campaignContacts = await db.contact.findMany({
where: {
NOT: { validation_status: 'catch-all' }
}
})
For budget-constrained situations, use the catch-all probe technique: during validation, send an SMTP RCPT TO command for a randomly generated address at the domain; if the server accepts it, flag the domain as catch-all. Many validation APIs perform this probe natively.
Detection
-
ID:
catchall-domain-handling -
Severity:
low -
What to look for: Count all validation status values the system tracks for contacts. Check whether the system detects catch-all (accept-all) domains — domains configured to accept email for any local-part, regardless of whether the mailbox exists. A catch-all domain will accept
xyz1234@company.comjust as readily asalice@company.com, making MX verification alone insufficient. Look for catch-all probe logic (sending a test to a randomly generated address and checking for acceptance) or tagging from an email validation API. -
Pass criteria: Contacts from catch-all domains are identified via at least 1 detection mechanism and treated conservatively — either excluded from cold sends or placed in a lower-confidence segment with adjusted send frequency.
-
Fail criteria: Catch-all domains receive no special treatment; their addresses are mixed with verified addresses in the main list.
-
Skip (N/A) when: The system sends only to explicitly confirmed addresses (double opt-in confirmed) and does not do cold outreach or single opt-in acquisition.
-
Detail on fail: Example:
"No catch-all detection — company domains that accept all mail are indistinguishable from verified individual mailboxes" -
Remediation: Use an email validation API that returns a
catch_alloraccept_allflag and store it:// Example using ZeroBounce API response structure: interface ValidationResult { status: 'valid' | 'invalid' | 'catch-all' | 'unknown' | 'spamtrap' | 'abuse' | 'do_not_mail' sub_status: string } // Store the validation status on the contact: await db.contact.upsert({ where: { email }, update: { validation_status: result.status }, create: { email, validation_status: result.status, ... } }) // Exclude catch-all addresses from cold campaigns: const campaignContacts = await db.contact.findMany({ where: { NOT: { validation_status: 'catch-all' } } })
External references
- iso-25010:2011 · functional-correctness — Functional Correctness (functional suitability)
Taxons
History
- 2026-04-18·v1.0.0·Initial import from data-quality-list-hygiene·automated