Why We Guarantee Our Accuracy (And What It Means for Catch-All Domains)
Most email validation providers mark catch-all emails as 'valid' and leave you to eat the bounces. Here's why that happens, how MailSentry handles it differently, and why we put credits behind our results.
MailSentry·Email Validation API
TL;DR
- •Catch-all domains accept mail for any address — so SMTP verification always says 'yes,' even for mailboxes that don't exist. Most providers mark these as 'valid' to inflate their accuracy numbers, and customers eat the bounces.
- •MailSentry scores catch-all emails separately using local-part analysis: john.smith@ gets a mild penalty (likely a real person), while xq7z@ gets a steep one (probably junk). You get a usable signal instead of a blind flag.
- •If more than 3% of emails we mark 'valid' bounce within 30 days, we credit your account — no questions asked. We're confident enough in our scoring to put revenue behind it.
If you have ever validated a list with another provider, sent the “valid” segment, and still hit a 3–5% bounce rate, you have probably run into the catch-all problem. It is the single biggest source of false positives in email validation, and most providers handle it in a way that quietly shifts the cost to you.
What Catch-All Domains Actually Do
A catch-all (or “accept-all”) domain is configured to accept email sent to any address at that domain. Send to john@company.com, xq7z@company.com, or santa.claus@company.com — the server responds 250 OK to all of them. The mailbox might exist, might not, might be a black hole. The SMTP handshake cannot tell you.
This is not a niche edge case. Roughly 20–30% of B2B domains run catch-all configurations. If your product sells to businesses, a meaningful chunk of your list is catch-all.
The Structural Incentive Problem
Here is where it gets interesting — and where most providers quietly fail their customers.
Email validation providers are judged on accuracy. The simplest way to inflate your accuracy number is to mark catch-all addresses as “valid.” Technically, the server accepted the message. Technically, the SMTP handshake said yes. The provider’s accuracy dashboard looks great. And when 2–5% of those “valid” addresses bounce? That is your problem, not theirs.
This is not speculation. Forum threads on AppSumo and the Marketo community are full of reports like: “I verified 1,000 emails, 700 came back as valid, and I still had a 2.5% bounce rate.” The pattern is always the same: catch-all domains marked as valid, bounces absorbed by the customer, provider takes no accountability.
Why a Catch-All Flag Alone Is Not Enough
Some providers do flag catch-all domains. That is a step in the right direction, but it still passes the problem entirely to the customer. You get a flag that says “this is catch-all” and you are left to decide: do I send, or don’t I? With no additional signal, you are guessing.
Suppressing all catch-all emails is too aggressive — you would lose 20–30% of your B2B list, including many valid addresses. Sending to all of them is too risky — you will bounce and damage your sender reputation. The flag alone creates a lose-lose choice.
How MailSentry Handles Catch-All Differently
We score catch-all emails separately using local-part analysis. Instead of a flat penalty or a binary flag, we examine the part before the @ to estimate how likely the address is to belong to a real person.
Here is what the analysis considers:
- Name patterns —
john.smith@,sarah-jones@,michael_chen@look like real people. These get a mild penalty (−5 to −8) and typically score 90+. - Single common names —
sarah@,michael@could be real, but have less structural evidence. Moderate penalty. - Gibberish and random strings —
xq7z@,asdkjf@,test123abc@are unlikely to be real mailboxes. These get steep penalties (−25 to −35) and score in the risky or invalid range. - Numeric-heavy patterns —
user928374@suggests auto-generated or bot-created addresses. Heavy penalty.
The result: john.smith@catchall-domain.com might score 92 (safe to send), while xq7z@catchall-domain.com might score 45 (risky — suppress or quarantine). You get a usable signal instead of a shrug.
The Accuracy Guarantee
We are confident enough in our scoring to put revenue behind it.
If more than 3% of emails we mark “valid” bounce within 30 days, we credit your account. No questions, no forms, no sales call. Credits are issued within 48 hours of a valid claim.
This guarantee applies to all paid plans. It covers emails with a “valid” verdict — the ones we are telling you are safe to send. Catch-all addresses that score high enough to earn a “valid” verdict are included in the guarantee. If we tell you it is safe, we stand behind it.
We can offer this because we do not take shortcuts with catch-all. Instead of inflating our accuracy by marking everything as valid, we do the analysis, assign a score that reflects actual deliverability, and only give the “valid” verdict to addresses we are genuinely confident about.
What This Means for Your Workflow
For most teams, this changes the catch-all decision from a guess to a data-driven choice:
- Score 80+, verdict “valid” — Safe to send. Covered by the accuracy guarantee.
- Score 60–79, verdict “caution” — Proceed carefully. These are catch-all addresses with weaker name signals. Consider sending a confirmation email before adding to your main campaigns.
- Score below 60, verdict “risky” — Suppress or quarantine. The local part does not look like a real person.
You are no longer choosing between “suppress all catch-all” and “hope for the best.” You have a score that differentiates real-looking addresses from junk, and a guarantee that holds us accountable if we get it wrong.
The Yahoo / AOL / Verizon Problem
There is one category of false positive that no email validation provider has solved, and we want to be upfront about it: disabled Yahoo-family accounts.
When a Yahoo, AOL, or Verizon.net user abandons or deactivates their account, the address enters a disabled state. It is not deleted — the domain still resolves, the MX records are valid, and the SMTP server does not reject it with a definitive “mailbox does not exist” response. From the outside, a disabled Yahoo account looks exactly like an active one. There is no SMTP signal, no DNS flag, and no public API to distinguish them.
This is a known, vendor-acknowledged limitation across the industry. ZeroBounce’s COO has stated publicly that “traditional email validation methods can’t detect disabled Yahoo-related accounts because they show as valid until they are deleted.” The same constraint applies to every provider, including MailSentry.
Here is what we do differently: we do not pretend to have solved it. When we cannot confirm a mailbox exists — which is the case for all Yahoo-family addresses, since Yahoo blocks SMTP probes by design — we return an SMTP-inconclusive result with a “caution” verdict, not “valid.” The score reflects the uncertainty. You see it clearly in the response and can decide how to handle it based on your own risk tolerance.
Addresses that receive a “caution” verdict are not covered by our accuracy guarantee, because we are explicitly telling you we could not fully confirm them. That is the honest framing: if we are not sure, we say so, rather than marking it “valid” and letting you absorb the bounce.
Over time, as customers report delivery outcomes through our feedback loop, we will build a signal layer on top of this. But today, no one can reliably detect disabled Yahoo accounts at the validation layer. The difference is whether your provider tells you that or not.
Key Takeaways
Catch-all domains are the biggest blind spot in email validation. Most providers handle them by either marking everything as valid (inflating accuracy at your expense) or flagging them and leaving you to decide (passing the problem back with no useful signal). MailSentry does neither — we analyze the local part, assign a variable penalty, and give you a score that reflects actual deliverability. And if more than 3% of our “valid” verdicts bounce, we credit you. That is the shape of a product that is aligned with your outcomes, not just its own accuracy dashboard.