Email List Cleaning: How to Clean a List Without Nuking a Third of It
By Aria Pramesi, founder of InboxPolicy · Updated July 9, 2026
Cleaning a list means three steps in order: dedupe, verify, then route each address by action, not delete-if-not-valid. The mistake that wrecks the most pipelines is treating catch-all and unknown results as invalid and deleting them — that single move can remove 30-40% of a B2B list, most of which are real prospects sitting on domains that just don't confirm mailboxes over SMTP.
The cleaning process, in order
- Dedupe first. Normalize case, strip plus-tags and trailing whitespace, then dedupe before anything gets verified. This isn't just tidiness — every duplicate row gets billed as a separate verification and separately skews your stats (a 40% bounce rate on a list with 3x duplication of the same bad address is not what it looks like). Dedupe before you spend a cent on verification.
- Strip malformed addresses. Anything missing an @, with no valid TLD, or otherwise syntactically broken doesn't need an SMTP check — it needs a regex. InboxPolicy rejects malformed addresses locally and never bills for them, so run this pass first and let it filter for free.
- Verify what's left, in batch. Send the remaining addresses through a batch verification call rather than one-by-one — see the bulk verification API guide for the mechanics (up to 50,000 per call with an API key, 5,000 keyless via x402). Batch verification is where you get an actual result — send, caution, review, retry-later, or avoid — for every address instead of a single valid/invalid flag.
- Route by action, not by status. This is the step most cleaning advice skips. See the table below.
- Set a re-verify cadence. Lists decay — see the FAQ below for why a specific rate isn't something to trust blindly. Because InboxPolicy caches a result for 72 hours at no charge, re-running a list that overlaps a recent verification pass is cheap; you're only billed for addresses that weren't checked recently.
Route by action, not delete-if-not-valid
The single biggest mistake in list cleaning is collapsing every non-"valid" result into "delete." A catch-all result and a hard bounce are not the same failure mode, and treating them the same either torches real pipeline or lets bad addresses back into your send list. Five actions, five segments:
| Action | Segment | What to do with it |
|---|---|---|
send | Send list | Confirmed mailbox. Send normally, no extra guardrails needed. |
send_with_caution | Caution list | Send, but with tighter reputation guardrails — lower volume, a secondary sending domain, closer bounce monitoring. Some policies route catch-all here instead of to review. |
review | Review queue | Catch-all or otherwise unresolved. Don't bulk-send and don't bulk-delete — hold for manual check, enrichment, or a lighter-touch send test. This is the queue that protects the catch-all third. |
retry_later | Retry-later pool | Usually greylisted — the receiving server deferred the check, not rejected it. Requeue for a retry after a delay rather than treating it as unresolved forever. |
avoid | Suppress list | Hard failure — invalid mailbox, disposable domain, known-bad pattern. Suppress permanently; this is the only segment that should actually be removed from active sending. |
Under InboxPolicy's default policy, catch-all evidence maps to review; under a more aggressive policy setting it can map to send_with_caution instead. Either way, it never collapses into avoid — that's the routing decision that keeps a third of a B2B list out of the trash.
The catch-all third
Roughly 30-40% of B2B email addresses sit on catch-all domains — company mail servers configured to accept mail for any address, real or not, so SMTP verification can confirm the domain accepts mail but not that a specific mailbox exists behind it. See the catch-all verification guide for the mechanics and whether catch-all emails are safe to send to for the routing tradeoffs in more depth.
Deleting every catch-all result as "not valid" costs roughly a third of your addressable B2B pipeline — often the exact prospects you spent the most effort sourcing, since larger and more security-conscious companies are more likely to run catch-all mail. Keeping every catch-all result and sending to all of them uncritically pushes your bounce rate up instead, since a meaningful share of those mailboxes genuinely don't exist. The fix isn't picking a side — it's routing catch-all addresses to the review queue or a caution send, not to either extreme.
Honest tooling: when a bulk specialist beats a decision API
If you're cleaning a multi-million-row list once — a one-time database purchase, an old CRM export you're finally getting around to — a bulk specialist built for lowest-cost-per-row one-shot cleaning, like MillionVerifier, is usually cheaper than a per-decision API. See the InboxPolicy vs MillionVerifier comparison for the actual cost breakdown.
InboxPolicy fits a different shape of problem: repeat, ongoing, or agent-driven hygiene, where the same list gets touched again as new leads flow in, where an outreach agent needs a decision per address at send time rather than a batch job run monthly, or where the 72-hour free cache means overlapping lists barely cost anything to re-check. If your cleaning happens once and never again, a bulk specialist wins on price. If it's a recurring part of your pipeline, a decision API earns its cost back on the re-verification side. See real per-1,000 pricing across vendors for the full picture.
Frequently asked questions
How do I clean an email list?
Dedupe the list first, strip syntactically malformed addresses, then run the remainder through a verification API in batch. Once each address has a result, route it by action rather than deleting anything not marked valid: a clean send list, a caution list for lower-confidence sends, a review queue for catch-all and unknown results, a retry-later pool for greylisted addresses, and a suppress list for hard failures.
Should I delete catch-all emails from my list?
No. Catch-all domains make up roughly 30-40% of B2B addresses, so deleting every catch-all result deletes a third of your list along with real prospects. SMTP verification genuinely cannot confirm a mailbox on a catch-all domain, but that means the result is unresolved, not invalid. Route catch-all addresses to a review queue or a caution send instead of deleting them outright.
How often should I clean my email list?
It depends on how fast the list grows and how it's sourced, so there's no universal cadence that fits every list. As a general pattern, lists fed by continuous scraping or enrichment need cleaning closer to every send, while static lists that don't grow can go longer between passes. Addresses do decay over time as people change jobs and domains get reconfigured, but treat any specific decay percentage you see quoted as a rough guide, not a guarantee, since it varies by list source and industry.
How much does it cost to clean a 10,000-email list?
With InboxPolicy's Builder pack at $3.80 per 1,000 decisions, verifying 10,000 addresses costs $38; on keyless x402 pay-per-call at $0.01 per decision it's $100 before any discount. Dedupe and malformed stripping typically cut the billable count below 10,000, and re-verifying overlapping lists within 72 hours is free from cache. For a single one-shot clean of a large static list with no repeat verification planned, a bulk specialist like MillionVerifier is usually cheaper per row — see the comparison for the actual numbers.