How to Read an Email Validation Report Without Getting Confused
A Report Full of Labels Isn't the Same as a Decision
You run your list through a validator and get a spreadsheet back. Every address now has a status: valid, invalid, risky, catch-all, unknown. Now what? The labels only help if you know what each one means and, more importantly, which ones justify removing a contact. Get this wrong and you'll either keep addresses that bounce or delete subscribers who were perfectly fine.
This guide walks through each result category and tells you what to actually do with it.
Valid
The address is correctly formatted, the domain exists, and it has a mail server configured to receive email. This is your keep pile. No action needed — these are safe to send to.
One caveat: "valid" means deliverable, not engaged. A valid address that hasn't opened anything in two years is still a deliverability risk for engagement reasons, even though it won't hard-bounce. That's a separate cleanup decision based on activity, not validity.
Invalid
Something is definitively wrong: malformed syntax, a domain that doesn't resolve, or a domain with no mail server. These are guaranteed hard bounces. Remove them — every one of these you send to actively damages your sender reputation.
Common causes are typos ("gmial.com"), made-up domains people enter to bypass forms, and addresses on domains that have since shut down. Catching them is the single highest-value thing validation does for you.
Catch-All (Accept-All)
This is the result that confuses people most. A catch-all domain is configured to accept mail for any address at that domain, whether or not the specific mailbox exists. So when a validator asks "does jane@company.com exist?", the server says yes — even if Jane left two years ago.
That means a catch-all result is genuinely ambiguous: the address might be real, or it might not be, and there's no reliable way to tell from outside. We've written a full explainer on why catch-all domains can't be verified. The practical rule: don't bulk-delete catch-alls, but treat them as lower-confidence and watch their bounce behaviour after sending.
Risky
A catch-all bucket of its own. "Risky" usually flags things like role-based addresses (info@, sales@), disposable/temporary domains, or addresses with traits that correlate with low engagement. They're not guaranteed to bounce, but they carry elevated risk.
Handle these case by case. Disposable addresses are usually safe to remove. Role-based addresses depend on your use case — see our guide on whether to keep info@ and sales@.
Unknown
The validator couldn't reach a verdict — typically because a mail server timed out or refused to answer probes. "Unknown" is not the same as "invalid." Re-run these later; many resolve to valid on a second pass. Don't delete an address purely because one check returned unknown.
A Simple Decision Table
| Result | What it means | Action |
|---|---|---|
| Valid | Deliverable | Keep |
| Invalid | Will hard-bounce | Remove |
| Catch-all | Ambiguous — can't confirm | Keep, monitor bounces |
| Risky | Elevated risk | Review case by case |
| Unknown | No verdict yet | Re-run later |
Where the Report Comes From Matters Too
One thing worth remembering: to generate that report, a cloud validator needs your full list on its servers. A local tool produces the same valid/invalid/catch-all breakdown without your addresses ever leaving your computer. BounceBuster runs the format, DNS, and MX checks on your machine and hands you a clean report you can act on with the rules above. Download it free and read your first report with confidence.
Clean your lists the way this post describes.
BounceBuster validates format, dead domains, and dead mailboxes locally. Free up to 600 emails.
Need unlimited? Get Professional for $19 →