How to detect if domain has catch all policy to accept email?

Question

I am almost done with a tool to detect if email is valid or not. I am stuck at small point where I have to detect If mail server or domain has catch-all policy enable.

C

Answer 1

You can identify domain is catchall or not by using Telnet. Create invalid email address against that domain.

e.g.
domain : example.com
Email Affffdress : dummyemail@example.com, invalid.email@example.com

How to Telnet:

Step 1 - Find mail exchanger or mail server of example.com

Commmand : 
nslookup -q=mx example.com

Response:
Non-authoritative answer:
example.com mail exchanger = 10 aspmx.l.google.com.
example.com mail exchanger = 20 alt1.aspmx.l.google.com.
example.com mail exchanger = 30 alt2.aspmx.l.google.com.
example.com mail exchanger = 40 aspmx2.googlemail.com.
example.com mail exchanger = 50 aspmx3.googlemail.com.

Step 2 - Now we know mail server so let connect to it.

Command:
telnet aspmx.l.google.com 25

Response:
Trying 74.125.24.27...
Connected to aspmx.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP z79si2772641pfi.381 - gsmtp

Step 3 - Enter helo hi

Command:
helo hi

Response:
250 mx.google.com at your service

Step 4 - Email address from which you telnet to targeted email address

Command:
mail from: <emailaddress@gmail.com>

Response:
250 2.1.0 OK z79si2772641pfi.381 - gsmtp

Step 5 - Target email address which you want to validate

Command:
rcpt to: <targetemailid@example.com>

Response:
250 2.1.5 OK z79si2772641pfi.381 - gsmtp

If you got "ok" for invalid email address then that domain is catchall domain.

A catch-all domain in simple terms means, the server of that company will catch any email sent to that domain, even a non-existent address and store it in a section called the catch-all. When this happens, you have no clue if it’s a legitimate email address or not.

Answer 2

There is no 100% reliable way to detect a catch-all of a mail server you don't control yourself. The most promising way is to generate a random address in the target domain which is definitely not used as a real account and send a test message.

If you don't get a reject while sending and no bounce to the envelope sender address of your script within a few minutes, there could be a catch-all involved. But it could also simply mean that the target server quarantined or dropped your message or that the bounce didn't make it back to you.

If you go down that road, make sure your tool generates valid messages, with all the necessary headers, has correct dns/helo settings, doesn't use any non-rfc smtp shortcuts, etc. in order not to get filtered.

On a side note: if this tool is going to be public, make sure its properly protected. Tools that automatically send mails are popular targets for abuse.