You ran your list through verification. The results came back. Most addresses are clean — confirmed deliverable or confirmed invalid. Clear, actionable, done.
Then there's the segment your tool marked "accept-all" or "catch-all" or "unknown." Depending on your list, that's somewhere between 20% and 40% of your contacts. Your verification tool didn't miss them. It correctly identified that it can't give you a definitive answer for these addresses using the methods it has available. So it flagged them and moved on, leaving you with a chunk of your list in a state that's neither safe to send to nor clearly invalid.
That segment is the catch-all problem, and it's the single largest source of unexpected bounces for B2B senders who believe their list is clean.
What a Catch-All Domain Actually Is
A catch-all domain is a mail server configured to accept incoming email to any address at that domain, regardless of whether the specific mailbox exists. Send to real.person@company.com — accepted. Send to completely.fake.nonsense@company.com — also accepted. The server says yes to everything.
Companies configure catch-all for practical reasons. They don't want to miss emails sent to a misspelled name or an outdated alias. If a client writes to john.smith@company.com instead of jsmith@company.com, the catch-all ensures the message is received rather than bounced back. It's a safety net for the domain owner.
For anyone trying to verify whether a specific address on that domain is real, it's a wall. The standard way verification tools work is to connect to the mail server, present an address, and ask "does this mailbox exist?" On a normal domain, the server answers honestly — yes for real mailboxes, no for fake ones. On a catch-all domain, the server answers yes to every address, real or not. The verification tool gets the same positive response for a working mailbox and a completely nonexistent one.
That's not a tool deficiency. It's a structural limitation of the verification method. The server is configured to say yes to everything, so asking "does this exist?" always returns yes. No amount of asking the same question differently changes the answer.
Why This Hits B2B Lists Hardest
Catch-all configuration is a business IT decision, and it's disproportionately common in exactly the companies B2B outbound targets.
Small and mid-sized companies — the 10-to-500 employee segment that most outbound is aimed at — frequently use catch-all as a default because it's simpler than managing individual mailbox rejection rules. Law firms, agencies, consultancies, financial services, professional services broadly — these are heavy catch-all adopters. They set it up once when the domain is configured and rarely revisit it.
Consumer email providers (Gmail, Outlook, Yahoo) don't use catch-all. Individual accounts either exist or they don't, and the server says so clearly. So B2C lists built from personal addresses rarely have catch-all exposure. B2B lists built from company domains — especially in the professional services and SMB segments — carry 20-40% catch-all rates as a routine fact of the data.
This means the verification gap falls on the contacts that matter most for B2B senders. The consumer addresses verify cleanly. The business addresses — the ones you're actually trying to reach — are the ones sitting in the "we can't tell" bucket.
What Happens When You Send to Unresolved Catch-All Addresses
The server accepted the connection during verification, so the address looks fine in your tool's results. Then you send the actual campaign, and some of those addresses bounce — not because the server rejected them at the SMTP level, but because the individual mailbox doesn't exist, never existed, and the catch-all configuration was the only reason the address appeared valid.
The consequences are specific and they compound.
Bounce rate climbs on a list you believed was clean
You ran verification. You removed the invalids. You expected a clean send. But the catch-all addresses that passed verification include mailboxes that don't exist, and those produce hard bounces. If catch-all is 30% of your list and half of those are non-existent mailboxes, that's 15% of your send bouncing on a list your tool said was verified.
Sender reputation damage accumulates without a clear signal
Because the catch-all addresses weren't flagged as invalid — they were flagged as "accept-all" or "unknown" and you chose to include them — the bounce source isn't obvious in your reporting. The addresses looked plausible. The verification tool didn't flag them as bad. The bounces register against your sender reputation at your ESP and with receiving ISPs, and that reputation damage causes delivery problems on your next campaign, including to addresses that were perfectly good.
Campaign economics get distorted
Every credit, every send, every second of ESP processing spent delivering to a non-existent mailbox behind a catch-all domain is cost with zero possible return. On a 10,000-address send where 1,400 are unresolved catch-all and an estimated 600-700 of those are non-existent, that's 6-7% of your campaign budget producing nothing but bounce damage.
The Three Things Teams Actually Do — and Why None Is Good
Send to all of them and accept the risk
This is what happens by default when the verification tool flags them and the sender doesn't have a better option. Some of the addresses are real and will receive the email. Some will bounce. You find out which is which from the bounce report, by which point the reputation damage is done. This is gambling with sender reputation using your entire catch-all segment as the bet.
Skip all of them
Conservative, protects reputation, and loses 20-40% of your list. For a team that spent money and time building that list, cutting a third of it because the verification tool couldn't resolve them is a painful trade. Some of those addresses are perfectly deliverable — you're throwing out real contacts along with the fake ones because you can't tell them apart.
Send at reduced frequency with monitoring
A middle ground that limits exposure but doesn't eliminate it. You still bounce on the non-existent mailboxes, just less often. And monitoring bounce rates after the fact is damage measurement, not damage prevention — by the time you see the bounce rate, the sends already happened.
All three approaches share the same underlying problem: they treat catch-all addresses as a single undifferentiated bucket where every address is equally unknown. The reason they all fall short is that the tool stopped at "catch-all domain detected" without answering the question that actually matters: does this specific mailbox exist on this catch-all domain?
Resolving Catch-All to a Definitive Answer
The alternative to flagging and guessing is resolving each catch-all address individually — confirming whether each specific mailbox is real and deliverable, or non-existent and will bounce, despite the domain accepting everything at the server level.
This is what filtrat.io does with catch-all domains. The standard SMTP-level check that returns the same answer for every address on the domain is not where the process ends. Each individual address on a catch-all domain is verified through additional methods that determine whether that specific mailbox exists — not whether the domain accepts connections (it does, for everything), but whether the particular address you're sending to reaches a real inbox.
The result is the same kind of definitive answer you get for addresses on non-catch-all domains: deliverable or will-bounce. Not "accept-all," not "unknown," not "risky." A confirmed status for each individual address.
10,000-email list with 1,400 catch-all addresses
No rows left in "unknown" or "accept-all." Every address has a definitive answer.
If the catch-all address can't be definitively resolved, you're not charged for it. You pay only for the addresses where filtrat returns a confirmed answer. Catch-all detection itself — identifying that a domain is catch-all in the first place — is free.
The Economics
Standard verification costs 0.5 credits per address. On a 10,000-row list: 8,600 non-catch-all addresses × 0.5 = 4,300 credits for the straightforward segment.
Catch-all resolution costs 3 credits per confirmed result. On 1,400 catch-all addresses: 1,400 × 3 = 4,200 credits for the hard segment.
Total: 8,500 credits — within the $10 Starter plan's 12,000 credits. Resolving the entire list, including the segment every other tool leaves unresolved, costs less than $10.
For comparison, running the same 10,000-row list through most verification tools costs $30-99, and the 1,400 catch-all addresses come back unresolved regardless of what you paid. You spend more and get less — a verified list with a 14% hole in it.
The 3-credit price for catch-all resolution reflects that it requires substantially more processing than a standard SMTP check. Standard verification is a single interaction with the mail server. Catch-all resolution involves confirming an individual mailbox on a server that accepts everything — more work per address, different infrastructure, and a definitive answer where other tools return a question mark.
What This Looks Like in Practice
You upload a list. The verification run handles all 10,000 addresses:
No rows are left in an "unknown" or "accept-all" bucket. No guessing about which catch-all addresses are safe. No second tool, no manual segment, no "send and see what bounces."
How to Run It
Bulk list upload
Drag your CSV into the dashboard. Results for the full list, catch-all resolution included.
Upload a list →API
Single-email or bulk endpoints. Set resolve_catchall: true in the request body to resolve catch-all domains rather than just detecting them.
API docs →Same credits, same results, regardless of how you connect.
What the Statuses Mean in Your Results
Deliverable
The mailbox is confirmed to exist and accept email. Safe to send. This applies to both regular and catch-all-resolved addresses — once resolved, a catch-all address carries the same confidence as a regular verification.
Will bounce
The mailbox does not exist or is permanently undeliverable. Remove from your list, add to your suppression list. On catch-all domains, this is the answer your previous tool couldn't give — these are the addresses that would have bounced if you'd sent to the "accept-all" bucket.
Catch-all detected
The domain is catch-all but you haven't opted into resolution (resolve_catchall: false). The address may or may not be deliverable; the domain accepts everything and the individual mailbox hasn't been checked yet. This is the same result other tools give as their final answer. With filtrat, it's an interim result you can resolve whenever you're ready.
Could not determine
Resolution was attempted but a definitive answer couldn't be reached for this specific address. Rare. You're not charged. Handle conservatively — either exclude from high-stakes sends or accept the small risk if the list is large enough that a few uncertain addresses don't meaningfully impact overall bounce rate.
Common Questions
How is this different from what my current tool does?
Most verification tools detect catch-all domains and flag them. Filtrat detects them and resolves each individual address to deliverable or will-bounce. The detection is the same; the resolution is the difference. If your current tool returns "accept-all" or "catch-all" as a final status, those are the addresses filtrat resolves further.
What if I already verified my list with another tool?
Run the filtrat catch-all resolution on just the unresolved segment. Filter your list to the rows your current tool marked as catch-all/accept-all/unknown, upload that subset, and resolve them. You don't need to re-verify the addresses your tool already confirmed — just the ones it couldn't.
How long does catch-all resolution take?
Longer than standard verification, because it's doing more work per address. Individual addresses typically resolve in 1-30 seconds depending on the domain. A bulk list of 1,400 catch-all addresses processes in the background — you don't wait for each one.
What's the resolution rate?
On established B2B domains (the ones that typically use catch-all), the resolution rate is high — the vast majority of catch-all addresses come back with a definitive answer. Addresses that can't be definitively resolved are flagged as such and not charged. Your cost scales with results, not attempts.
Can I use this on its own, or do I need another verification tool too?
Filtrat runs full verification, not just catch-all resolution. You can use it as your only verification tool — every address gets standard verification first, and catch-all domains get the additional resolution step. You don't need a separate tool for the standard segment.