How to detect if domain has catch all policy to accept email?

Question

I am almost done with a tool to detect if email is valid or not. I am stuck at small point where I have to detect If mail server or domain has catch-all policy enable.

C

Answer 1

There is no 100% reliable way to detect a catch-all of a mail server you don't control yourself. The most promising way is to generate a random address in the target domain which is definitely not used as a real account and send a test message.

If you don't get a reject while sending and no bounce to the envelope sender address of your script within a few minutes, there could be a catch-all involved. But it could also simply mean that the target server quarantined or dropped your message or that the bounce didn't make it back to you.

If you go down that road, make sure your tool generates valid messages, with all the necessary headers, has correct dns/helo settings, doesn't use any non-rfc smtp shortcuts, etc. in order not to get filtered.

On a side note: if this tool is going to be public, make sure its properly protected. Tools that automatically send mails are popular targets for abuse.