How to Validate B2B Email Data Before a Cold Campaign
One campaign to an unvalidated list can do more damage to your sender reputation than a year of careful sending can repair. Mailbox providers read your bounce rate as a direct measure of whether you know your recipients — and a bought or aged B2B list routinely contains 10–30% dead addresses. This guide walks through the validation pipeline to run before any cold send, layer by layer, and what to do with the addresses each layer flags.
- Keep hard bounces under 2% per campaign; past roughly 5%, mailbox providers start treating the sender itself as suspect.
- Validation is a pipeline, not a single check: syntax, domain, MX, mailbox-level verification, then catch-all and risk classification.
- B2B data decays fast — people change jobs constantly, so a list validated six months ago is not validated.
- Catch-all domains are the hard case: the server accepts everything, so you manage them by risk, volume and evidence, not by a verifier verdict.
- Validation protects more than deliverability — every dead address in an address-based program is a targeting error worth fixing upstream.
Why bounce rate is the metric providers judge you by
When a mailbox provider decides whether your mail deserves the inbox, it works from behavioral evidence, and hard bounces are among the loudest signals available. A sender who repeatedly mails nonexistent addresses is, from the provider's perspective, a sender who did not obtain addresses legitimately — legitimate senders know their recipients. That inference is crude but statistically sound, and it is baked into filtering: keep hard bounces under 2% and you are unremarkable; drift past 5% and your domain and IPs start accumulating suspicion that outlasts the campaign.
B2B lists are especially perishable. People change roles and employers constantly, companies get acquired, domains get migrated, and IT departments delete departed employees' mailboxes within weeks. A list that was accurate when compiled loses a meaningful share of its valid addresses within months. This is why validation is not a one-time cleanup but a gate every list passes through immediately before sending — the verdicts have a shelf life measured in weeks, not quarters.
For address-based outreach there is a second, less obvious reason to validate: every invalid address is a targeting failure. If the contact left the company, your research about them is now aimed at nobody, and the real decision-maker in that seat goes untouched. Treating validation results as feedback on your data sources — which vendor, which scraping method, which enrichment step produced the dead rows — improves the whole pipeline, not just the bounce number.
Layer 1: syntax and domain sanity checks
The first layer is cheap and catches the embarrassing failures. Syntax validation confirms the address is structurally plausible: one @ sign, a valid local part, a domain with a plausible TLD. Real-world B2B data fails syntax more often than you would expect — CSV column shifts, trailing whitespace, "john.smith@company,com" typos, names pasted into email fields. Run it on import, not at send time, so garbage never enters the CRM in the first place.
Alongside syntax, run pattern-level hygiene that pure validators skip. Flag role accounts (info@, sales@, office@) — they are valid addresses but poor targets for a personal message to a decision-maker, and under GDPR they sit in a different category from personal business addresses. Flag free-mail domains (gmail.com, outlook.com) in a supposedly corporate list: for B2B outreach these are usually data errors, and mailing someone's personal account with a business pitch is both less effective and legally messier. Flag known disposable-mail domains outright.
Then check the domain itself exists and is alive: DNS resolution, and whether the domain matches the company you think you are targeting. A surprising share of stale B2B records point at domains that were abandoned after a rebrand or acquisition — the address may even technically accept mail while the company it belonged to no longer exists.
- Syntax: structurally valid address, no typos in common TLDs, no whitespace or mojibake.
- Domain resolves in DNS and is not parked or for sale.
- Not a disposable-mail domain.
- Role accounts flagged and routed to a separate, lower-priority track.
- Free-mail addresses in a corporate list flagged as probable data errors.
- Domain plausibly matches the target company (rebrands and acquisitions caught).
Layer 2: MX records and server-level reality
A domain can exist without being able to receive mail. The MX lookup answers the question directly: does this domain publish mail-exchanger records, and do those servers respond? No MX records (and no fallback A record accepting mail) means every address at that domain is undeliverable, no matter how plausible it looks. This single check removes entire blocks of dead rows from aged lists at nearly zero cost.
The MX response also tells you who handles the domain's mail, which is operationally useful. Domains on major business providers behave predictably. Domains on their own aging Exchange servers bounce in stranger ways and filter more erratically. Domains routed through security gateways will apply corporate-grade filtering, which affects how your message should be constructed — but that is a deliverability topic; at the validation stage you just record the infrastructure type.
MX checking is also your early-warning system for the next layer's limits. Some mail infrastructures throttle or block verification probes entirely, so knowing the provider behind each domain tells you which addresses will come back from mailbox-level verification with a confident verdict and which will come back unknown regardless of the tool you use.
Layer 3: mailbox verification and the catch-all problem
Mailbox-level verification asks the receiving server, in effect, whether a specific address exists — the verifier opens an SMTP conversation and observes whether the server would accept mail for that recipient, without actually sending anything. For most domains this yields a clean verdict: deliverable or not. Every serious validation tool automates this at scale, and it is the layer that actually separates live contacts from ghosts.
Then come catch-all domains, the permanent headache of B2B validation. A catch-all server accepts mail for any address at its domain, existent or not, so the probe returns "accepted" regardless of whether your target mailbox is real. A large minority of corporate domains are configured this way, so you cannot simply discard them — you would be throwing away a substantial slice of your genuine market. Verifiers label these accept-all or risky, which is an honest way of saying: we cannot know from here.
Handle catch-alls with evidence and risk management rather than a verdict. Evidence: an address found on the company's own website or in a professional profile is far more likely real than one guessed from a firstname.lastname pattern. Risk management: send to catch-all addresses in small portions, spread across the campaign, watching bounces per domain — if a domain starts hard-bouncing your guesses, stop mailing that domain's unverified addresses. Some teams also route catch-all contacts to their most warmed-up, most expendable sending mailbox first, keeping the primary infrastructure insulated.
A practical catch-all policy: verified-deliverable addresses go into the main campaign; catch-all addresses with source evidence (found on site or profile) go in at up to 20% of daily volume; pattern-guessed catch-all addresses go into a small probe batch of 10–20 per day, and any domain producing two hard bounces gets its remaining guesses suppressed.
Turning verdicts into sending decisions
Validation output is only useful if it maps to concrete handling rules. Deliverable addresses go into the campaign. Undeliverable addresses are suppressed — and logged against their data source, because a vendor or enrichment step producing 20% dead rows is a procurement problem, not a mailing problem. Unknown and risky verdicts get the graduated treatment described above. Duplicates, current customers, open opportunities and everyone on your suppression and opt-out lists come out before any of this — the most damaging email is not the one that bounces but the one that lands on someone who already said no.
Set numeric gates and enforce them mechanically. A useful standard: do not launch a campaign whose projected hard-bounce rate exceeds 2%; estimate it from the verdict mix (deliverables bounce rarely; catch-alls at some assumed risk share; unknowns higher). If the projection breaches the gate, cut the risky tail rather than hoping. During the send, watch actual bounces in near-real time with an automatic pause threshold — a campaign that trips 4–5% hard bounces should stop itself and wait for a human, because whatever is wrong will not improve by continuing.
And re-validate on every use. A verdict is a snapshot; for B2B data, treat anything older than about 30 days as expired for sending purposes. The cost of re-verification is trivial next to the cost of re-warming a domain that got itself filtered.
Common validation mistakes and a pre-send checklist
The classic mistakes are all shortcuts. Validating once at list purchase and never again. Treating catch-all as deliverable because the tool's green-ish label looked reassuring. Skipping validation for a "small" send of two hundred addresses — small sends into a small total volume still move your bounce percentage dramatically. Ignoring role-account and free-mail flags because the row count looked better with them in. And the subtle one: validating the list but not the sending setup, so perfectly valid addresses bounce anyway because SPF or DKIM was misconfigured on a new domain.
In our own stack at LDM, validation is wired into the campaign pipeline rather than left to memory: contacts are verified before they can enter a send queue, catch-alls are classified and dosed, suppression lists are enforced at the single point of send, and campaigns pause automatically on bounce anomalies. Whatever tools you use, aim for the same property — validation as a gate the process physically passes through, not a best practice someone is supposed to remember.
- Every address carries a verification verdict less than 30 days old.
- Projected hard-bounce rate under 2%; risky tail cut if not.
- Catch-alls classified by evidence and dosed, not sent as a block.
- Role accounts, free-mail and disposable domains flagged and handled separately.
- Suppression, opt-out, customer and open-deal lists applied after validation, before queueing.
- SPF, DKIM and DMARC verified on the sending domain — valid recipients still bounce off broken auth.
- Live bounce monitoring with an automatic pause threshold around 4–5%.
- Verdict statistics fed back to whoever owns data sourcing.
FAQ
What bounce rate is acceptable for a B2B cold campaign?
Aim to stay under 2% hard bounces per campaign. Between 2% and 5% you are drawing attention from mailbox providers; past 5% your domain reputation is actively deteriorating and sends should stop. A freshly validated list plus a correctly authenticated sending domain makes staying under 2% routine.
What exactly is a catch-all domain and why can't tools verify it?
A catch-all (accept-all) domain is configured to accept mail for any address at that domain, whether or not the mailbox exists. Verification works by asking the server if it would accept the address — and a catch-all says yes to everything, so the probe proves nothing. Handle these by evidence quality and controlled small-batch sending rather than expecting a verdict.
How often should a B2B list be re-validated?
Immediately before every campaign, and treat verdicts older than about 30 days as expired. B2B data decays quickly — job changes, mailbox deletions, domain migrations — and re-verification costs pennies per thousand compared with the weeks it takes to repair a domain reputation damaged by one stale send.
Should I email role addresses like info@ or office@?
Generally not as part of a decision-maker outreach program — they convert poorly, are often gatewayed to shared inboxes or filters, and a personal message addressed to nobody in particular undermines the whole premise of targeted outreach. If a role address is your only door into a priority account, use it as a research lead to find the actual person instead.
Does validation guarantee my emails reach the inbox?
No — validation only guarantees the mailbox exists, which protects your bounce rate. Inbox placement additionally depends on domain authentication (SPF, DKIM, DMARC), sender reputation, volume discipline and content. Validation is the mandatory floor: without it, nothing else you do about deliverability can hold up.
Is it worth validating a list I bought from a reputable data vendor?
Always. Even good vendors' data decays between their verification pass and your send, and their definition of deliverable may include catch-alls. Run your own validation, measure the vendor's real accuracy from the verdicts, and use those numbers in the renewal conversation — a vendor whose lists come back 15% dead is charging you twice: once in fees, once in reputation.
Want to apply this to your outreach?
We will map it to your segment and product — before any work starts.
Talk to us