How to Detect Disposable Email Addresses in Laravel

Steven Carver
Blog
Tutorials
How to Detect Disposable Email Addresses in Laravel

Free trial abuse and fake signups are a real problem for SaaS products built on Laravel.

A user registers with a throwaway address, exploits your onboarding flow, and disappears when the inbox expires. The fix is a single API call at the point of registration, before the email address ever reaches your database.

This guide shows you how to integrate Spamova's disposable email detection into a Laravel application cleanly and idiomatically.

What You Will Need

A Spamova API key from your account. Add it to your Laravel configuration so it is never hardcoded anywhere in your application.

In config/services.php:

'spamova' => [ 'key' => env('SPAMOVA_API_KEY'), ],

In your .env:

SPAMOVA_API_KEY=your_api_key_here

Checking a Single Email Address

Laravel's HTTP client makes the integration clean and readable. The /api/v1/check endpoint accepts a POST request with a single email and returns a full result object.

use Illuminate\Support\Facades\Http;   $result = Http::withToken(config('services.spamova.key')) ->acceptJson() ->post('https://spamova.com/api/v1/check', [ 'email' => 'james847@mailinator.com', ]) ->json();

The response looks like this:

{ "email": "james847@mailinator.com", "syntax": "valid", "is_disposable": true, "risk_score": 98, "mx": "valid", "website_status": "redirect" }

syntax catches formatting errors. is_disposable is the primary flag. risk_score gives you a 0-100 signal for handling ambiguous domains that are suspicious but not yet confirmed on any list. mx validates real mail infrastructure. website_status tells you whether the domain has an active website, redirects, or resolves to nothing.

Adding a Custom Validation Rule

The cleanest way to integrate this into Laravel is as a custom validation rule. This lets you drop it into any FormRequest alongside your existing rules without touching controller logic.

namespace App\Rules;   use Closure; use Illuminate\Contracts\Validation\ValidationRule; use Illuminate\Support\Facades\Http;   class NotDisposableEmail implements ValidationRule { public function validate(string $attribute, mixed $value, Closure $fail): void { $result = Http::withToken(config('services.spamova.key')) ->acceptJson() ->timeout(3) ->post('https://spamova.com/api/v1/check', ['email' => $value]) ->json();   if (($result['is_disposable'] ?? false) || ($result['risk_score'] ?? 0) >= 70) { $fail('Disposable email addresses are not allowed.'); } } }

Then use it in your FormRequest:

use App\Rules\NotDisposableEmail;   public function rules(): array { return [ 'email' => ['required', 'email', 'unique:users', new NotDisposableEmail], ]; }

Clean, reusable, and fits naturally into Laravel's validation pipeline.

Checking Multiple Emails at Once

To audit an existing user base or check a batch of imported contacts, use the /api/v1/bulk endpoint. It accepts up to 100 emails per request and returns a results array alongside a meta object with your remaining quota.

use Illuminate\Support\Facades\Http;   $result = Http::withToken(config('services.spamova.key')) ->acceptJson() ->post('https://spamova.com/api/v1/bulk', [ 'emails' => [ 'james847@mailinator.com', 'sarah115@tempmail.com', 'steve.wozniak@gmail.com', ], ]) ->json();   // $result['results'] - array of check results // $result['meta']['checks_remaining'] - remaining quota

Requests with more than 100 emails are rejected in full. Use Laravel's Collection chunking for larger batches:

collect($emails)->chunk(100)->each(function ($chunk) { $result = Http::withToken(config('services.spamova.key')) ->acceptJson() ->post('https://spamova.com/api/v1/bulk', ['emails' => $chunk->values()->all()]) ->json(); // Process $result['results'] });

Get Started

Get your API key from your account, add it to your .env, and drop the validation rule into your FormRequest. Disposable email protection is live at every signup in your Laravel application.

Get your API key →