Menu
I am almost done with a tool to detect if email is valid or not. I am stuck at small point where I have to detect If mail server or domain has catch-all policy enable.
Catch all: mail server will accept all email even if email address do not exits.
Thank you.
301
No email verification solution can validate the existence of an email address on a domain in Catch-All. An email verification test is different from a test of the actual sending of the email. If you send emails to a domain in Catch-All, you will sometimes get non-existent email returns. That is called a bounce.
A catch-all email account is an address that is specified to receive all messages that are addressed to an incorrect email address for a domain.
A catch-all account is an email address that collects all the mail sent to your domain name not sent to the other email addresses known to the server. Any emails sent to misspelled recipients at your domain, for example, will be "caught" by the catchall account.
There is no 100% reliable way to detect a catch-all of a mail server you don't control yourself. The most promising way is to generate a random address in the target domain which is definitely not used as a real account and send a test message.
If you don't get a reject while sending and no bounce to the envelope sender address of your script within a few minutes, there could be a catch-all involved. But it could also simply mean that the target server quarantined or dropped your message or that the bounce didn't make it back to you.
If you go down that road, make sure your tool generates valid messages, with all the necessary headers, has correct dns/helo settings, doesn't use any non-rfc smtp shortcuts, etc. in order not to get filtered.
On a side note: if this tool is going to be public, make sure its properly protected. Tools that automatically send mails are popular targets for abuse.
186
You can identify domain is catchall or not by using Telnet. Create invalid email address against that domain.
e.g.
domain : example.com
Email Adddress : [email protected], [email protected]
How to Telnet:
Step 1 - Find mail exchanger or mail server of example.com
Commmand :
nslookup -q=mx example.com
Response:
Non-authoritative answer:
example.com mail exchanger = 10 aspmx.l.google.com.
example.com mail exchanger = 20 alt1.aspmx.l.google.com.
example.com mail exchanger = 30 alt2.aspmx.l.google.com.
example.com mail exchanger = 40 aspmx2.googlemail.com.
example.com mail exchanger = 50 aspmx3.googlemail.com.
Step 2 - Now we know mail server so let connect to it.
Command:
telnet aspmx.l.google.com 25
Response:
Trying 74.125.24.27...
Connected to aspmx.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP z79si2772641pfi.381 - gsmtp
Step 3 - Enter helo hi
Command:
helo hi
Response:
250 mx.google.com at your service
Step 4 - Email address from which you telnet to targeted email address
Command:
mail from: <[email protected]>
Response:
250 2.1.0 OK z79si2772641pfi.381 - gsmtp
Step 5 - Target email address which you want to validate
Command:
rcpt to: <[email protected]>
Response:
250 2.1.5 OK z79si2772641pfi.381 - gsmtp
If you got "ok" for invalid email address then that domain is catchall domain.
A catch-all domain in simple terms means, the server of that company will catch any email sent to that domain, even a non-existent address and store it in a section called the catch-all. When this happens, you have no clue if it’s a legitimate email address or not.
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
