Developers6 min read

Catch-All Email: Unlimited Disposable Aliases on Your Domain

How a catch-all email address lets you create unlimited disposable aliases on your own domain, how to set one up, and the spam tradeoffs to plan for before you flip it on.

By Achyuth Kumar · Founder, TempMailKit

Published · Last reviewed by the TempMailKit editorial team

A catch-all email address is the developer-friendly cousin of temp mail. Instead of generating a throwaway inbox on a shared public domain, you turn on a single setting on a domain you own and instantly get unlimited disposable aliases, each one created on the fly the first time you use it. Sign up for a service as github@yourdomain.com, a newsletter as news@yourdomain.com, a shop as that-shop@yourdomain.com, and every one of them lands in the same mailbox without any prior setup. This guide explains how a catch-all email works, how to set one up, why it beats a disposable inbox for accounts you keep, and the spam tradeoff you need to plan for before flipping it on.

What a Catch-All Email Actually Does

Normally an email server only accepts mail sent to addresses that exist. Send a message to a typo or an address nobody created and it bounces. A catch-all changes that rule for a whole domain: the server accepts mail sent to any address at the domain and routes it to one destination mailbox. So you never have to create alex@, billing@, or random-alias-2026@ ahead of time. They all just work the instant something arrives for them.

The practical effect is unlimited aliases without configuration. Every time a form asks for your email, you invent a fresh address on the spot using the service's own name, type it in, and the confirmation lands in your catch-all mailbox seconds later. There is no provisioning step, no waiting, and no list of aliases to maintain. Compared with a shared temporary email address, the difference is that this runs on a domain you control rather than a public one.

Why a Catch-All Beats Public Temp Mail for Accounts You Keep

Public disposable inboxes are perfect for one-and-done sign-ups, but they have two limits that a catch-all removes. First, public temp mail domains appear on widely shared blocklists, so a growing number of services reject them outright. Your own domain is not on any of those lists, so it is treated as ordinary mail and gets through almost everywhere. Second, a disposable inbox expires, which means it is no good for an account you might need to log back into months later. A catch-all alias persists for as long as you want.

That makes a catch-all the right tool for the middle ground: accounts that matter enough that you need durable access, but where you still do not want to hand over your one real address to every company on earth. You get the per-service isolation of disposable aliases with the permanence and deliverability of a normal inbox. For genuine throwaways, a disposable inbox is still faster and leaves nothing tied to you, which is why a lot of people run both side by side.

How to Set Up a Catch-All Email

You need two things: a domain you control and an email host that supports catch-all routing. Most managed hosts make this a single toggle.

Pick a host. Fastmail, Zoho Mail, and Migadu all support catch-all on a custom domain, and Migadu in particular is popular with developers because it does not charge per mailbox. If you prefer to self-host, a server running Postfix can do catch-all with a virtual alias map, though you take on the deliverability work yourself.

Point your MX records at the host. In your domain registrar's DNS settings, set the MX records to the values your host provides. Add the SPF, DKIM, and DMARC records they give you too, because without them your outbound mail will land in spam and some inbound senders will distrust the domain.

Enable the catch-all route. In the host's settings, find the catch-all or wildcard option and point it at your main destination mailbox. On a self-hosted Postfix box this is a wildcard entry in your virtual alias file mapping @yourdomain.com to your real mailbox.

Test it. Send a message to a made-up address like test-anything@yourdomain.com and confirm it lands. If it bounces, your MX or catch-all setting is not live yet. The same delivery-speed expectations apply as anywhere else; if you want a refresher on why codes sometimes stall, our piece on email verification codes covers it.

The Killer Feature: Tracing Who Leaked Your Email

The single best reason developers love catch-all is accountability. Because you give each service a unique alias named after it, the address itself becomes a tracking label. If spam or a breach notification suddenly arrives at acmeshop@yourdomain.com, you know with certainty that Acme Shop either leaked, sold, or got breached, because that alias has never been given to anyone else. No guessing, no plausible deniability for the company.

When that happens, the cleanup is trivial. You add a rule that rejects or trashes mail to that one alias and the spam stops dead, while every other alias keeps working untouched. This is the same isolation principle behind disposable inboxes, just applied at the domain level. If you have ever had to figure out which company exposed you after a leak, our guide on what to do when your email is in a data breach shows how much easier this makes the whole process.

The Spam Tradeoff You Have to Plan For

A true catch-all has one real downside, and you should plan for it before turning it on rather than after. Because the domain accepts everything, spammers who discover it can fire mail at common guesses like info@, admin@, sales@, and contact@, and every single one reaches your mailbox. Domains that have been around a while tend to attract this dictionary-style probing, and it can turn a clean inbox noisy.

There are two clean defences. The first is to start with a true catch-all, watch which aliases you actually create over the first few weeks, then switch to explicit per-alias rules so only addresses you have used are accepted and everything else bounces again. The second is to keep the catch-all but route it through aggressive filtering, tagging anything sent to an alias you never created as suspect. Most developers land on the per-alias approach once their list of real aliases stabilises, because it gives back the strict bounce behaviour while keeping the convenience for new sign-ups.

Catch-All Versus Alias Services Like SimpleLogin

If running your own domain sounds like more than you want, hosted alias services like SimpleLogin and AnonAddy give you most of the same benefits with none of the DNS work. They let you generate unlimited aliases that forward to your real inbox, and they handle deliverability for you. The tradeoff is that you depend on their domains and their service staying alive, whereas a catch-all on your own domain is yours permanently and portable to any host.

Our comparison of disposable email versus burners and aliases lays out where each fits. The rough split: catch-all when you own a domain and want full control, a hosted alias service when you want the isolation without the infrastructure, and public temp mail when you just need to clear a one-time gate and disappear.

The Short Version

A catch-all email address turns a domain you own into an unlimited supply of disposable aliases, each created the instant you first use it, all landing in one mailbox. It beats public temp mail for accounts you intend to keep, because your own domain is never blocklisted and the aliases never expire, and it lets you trace exactly which company leaked your address. The catch is dictionary spam once the domain is discovered, which you handle by tightening to per-alias rules after your real aliases settle. Set up the MX, SPF, DKIM, and DMARC records properly, enable the catch-all route, and you have inbox-level isolation under your own control, with public disposable inboxes still handy for the true throwaways.

Frequently Asked Questions

What is a catch-all email address?

A catch-all is a setting on your own domain that accepts mail sent to any address at that domain, even addresses you never explicitly created. So netflix@yourdomain.com, github@yourdomain.com, and anything-else@yourdomain.com all land in the same inbox. It effectively gives you unlimited disposable aliases without configuring each one in advance.

How do I set up a catch-all email on my own domain?

You need a domain you control and an email host that supports catch-all, such as Fastmail, Zoho Mail, Migadu, or a self-hosted server. In your host's settings you point the catch-all or wildcard route to one destination mailbox, then confirm your MX records are correct. After that, mail to any address at the domain flows into that mailbox automatically.

Is a catch-all email better than temp mail?

They solve different problems. A catch-all uses your own domain, so it is never on public disposable-blocklists and the aliases persist as long as you want, which makes it better for accounts you intend to keep. Temp mail is faster for true one-and-done sign-ups and leaves nothing tied to you. Many people use both: a catch-all for accounts that matter and disposable inboxes for throwaway gates.

Does a catch-all email get more spam?

It can, because once spammers learn the domain accepts anything, they may guess at addresses like info@ or sales@ and every one of those reaches you. The fix is to switch from a true catch-all to per-alias rules once you know which addresses you actually use, or to filter aggressively. Plan for this before you turn it on rather than after the spam starts.

Can I tell which company leaked or sold my email with a catch-all?

Yes, and it is one of the best reasons to use one. Because you give each service a unique alias like servicename@yourdomain.com, any spam or breach mail arriving at that exact alias points straight at the company you gave it to. You learn precisely who leaked or sold your address, and you can kill that single alias without affecting anything else.

Sources & further reading

External links are provided for verification and are not endorsements. Reviewed against these sources per our editorial policy.

Achyuth Kumar

Founder & editor, TempMailKit

Achyuth builds privacy tools and writes TempMailKit’s guides on email security, spam, and online privacy. Every article is checked against primary sources and our editorial policy before it is published. Questions or a correction? Get in touch.

Ready to protect your inbox?

Generate a free temporary email address in one click. No sign-up required.

Get a Free Temp Email