Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to detect if domain has catch all policy to accept email?

I am almost done with a tool to detect if email is valid or not. I am stuck at small point where I have to detect If mail server or domain has catch-all policy enable.

Catch all: mail server will accept all email even if email address do not exits.

Thank you.

like image 301
Justin Avatar asked Jul 30 '13 12:07

Justin


People also ask

How do I know if my email is catch-all?

No email verification solution can validate the existence of an email address on a domain in Catch-All. An email verification test is different from a test of the actual sending of the email. If you send emails to a domain in Catch-All, you will sometimes get non-existent email returns. That is called a bounce.

What is a catch-all email domain?

A catch-all email account is an address that is specified to receive all messages that are addressed to an incorrect email address for a domain.

What does email Status catch-all mean?

A catch-all account is an email address that collects all the mail sent to your domain name not sent to the other email addresses known to the server. Any emails sent to misspelled recipients at your domain, for example, will be "caught" by the catchall account.


2 Answers

There is no 100% reliable way to detect a catch-all of a mail server you don't control yourself. The most promising way is to generate a random address in the target domain which is definitely not used as a real account and send a test message.

If you don't get a reject while sending and no bounce to the envelope sender address of your script within a few minutes, there could be a catch-all involved. But it could also simply mean that the target server quarantined or dropped your message or that the bounce didn't make it back to you.

If you go down that road, make sure your tool generates valid messages, with all the necessary headers, has correct dns/helo settings, doesn't use any non-rfc smtp shortcuts, etc. in order not to get filtered.

On a side note: if this tool is going to be public, make sure its properly protected. Tools that automatically send mails are popular targets for abuse.

like image 186
Gryphius Avatar answered Nov 14 '22 22:11

Gryphius


You can identify domain is catchall or not by using Telnet. Create invalid email address against that domain.

e.g.
domain : example.com
Email Adddress : [email protected], [email protected]

How to Telnet:

Step 1 - Find mail exchanger or mail server of example.com

Commmand : 
nslookup -q=mx example.com

Response:
Non-authoritative answer:
example.com mail exchanger = 10 aspmx.l.google.com.
example.com mail exchanger = 20 alt1.aspmx.l.google.com.
example.com mail exchanger = 30 alt2.aspmx.l.google.com.
example.com mail exchanger = 40 aspmx2.googlemail.com.
example.com mail exchanger = 50 aspmx3.googlemail.com.

Step 2 - Now we know mail server so let connect to it.

Command:
telnet aspmx.l.google.com 25

Response:
Trying 74.125.24.27...
Connected to aspmx.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP z79si2772641pfi.381 - gsmtp

Step 3 - Enter helo hi

Command:
helo hi

Response:
250 mx.google.com at your service

Step 4 - Email address from which you telnet to targeted email address

Command:
mail from: <[email protected]>

Response:
250 2.1.0 OK z79si2772641pfi.381 - gsmtp

Step 5 - Target email address which you want to validate

Command:
rcpt to: <[email protected]>

Response:
250 2.1.5 OK z79si2772641pfi.381 - gsmtp

If you got "ok" for invalid email address then that domain is catchall domain.

A catch-all domain in simple terms means, the server of that company will catch any email sent to that domain, even a non-existent address and store it in a section called the catch-all. When this happens, you have no clue if it’s a legitimate email address or not.

like image 35
Sachin Dane Avatar answered Nov 14 '22 23:11

Sachin Dane