climactic/laravel-spam
Composer 安装命令:
composer require climactic/laravel-spam
包简介
Anti-spam protection for Laravel: disposable-email and blocklist rules, StopForumSpam lookups, middleware, and a check API.
README 文档
README
Laravel Spam
A pragmatic anti-spam toolkit for Laravel applications. Block disposable and throwaway email signups, reject known bad actors via StopForumSpam, and configure your own allow/blocklists — with validation rules, middleware, and a check API.
📖 Table of Contents
- Laravel Spam
Features
- 🚫 Block disposable / throwaway email providers (bundled list of 70k+ domains)
- 🌐 StopForumSpam lookups with caching and a fail-open default
- 📋 Configurable blocklists for domains and TLDs
- ✅ Drop-in validation rules for any
FormRequestorValidator::make()call - 🛡️ Route middleware for protecting any endpoint that accepts an email
- 🔍 A single
Spam::check()API that returns a typed reason - 🔄 Artisan command to refresh the disposable-email list from upstream
- 🧪 Zero database tables, zero external auth, zero required API keys
🌟 Sponsors
Your logo here — Become a sponsor and get your logo featured in this README and on our website.
Interested in title sponsorship? Contact us at sponsors@climactic.co for premium placement and recognition.
📦 Installation
You can install the package via composer:
composer require climactic/laravel-spam
Optionally publish the config file:
php artisan vendor:publish --tag="laravel-spam-config"
Optionally publish the bundled disposable-email list to local storage (only needed if you plan to refresh it yourself — see below):
php artisan vendor:publish --tag="laravel-spam-data"
⚙️ Configuration
The config file lives at config/spam.php. Every option is documented inline:
return [ 'default_field' => env('SPAM_DEFAULT_FIELD', 'email'), 'message' => env('SPAM_MESSAGE', 'This email address is not allowed. Please use a different one.'), // `blocked_tlds` / `blocked_domains` accept a comma-separated // env override — see the .env snippet below. 'blocked_tlds' => ['tk', 'ml', 'cf', 'ga', 'gq'], 'blocked_domains' => [ // 'example.com', ], 'disposable' => [ 'enabled' => env('SPAM_DISPOSABLE_ENABLED', true), 'storage_path' => env('SPAM_DISPOSABLE_STORAGE_PATH', storage_path('app/laravel-spam/disposable-domains.json')), 'source_url' => env('SPAM_DISPOSABLE_SOURCE_URL', 'https://cdn.jsdelivr.net/gh/disposable/disposable-email-domains@master/domains.json'), 'cache_ttl' => env('SPAM_DISPOSABLE_CACHE_TTL'), // null = forever ], 'stopforumspam' => [ 'enabled' => env('STOPFORUMSPAM_ENABLED', true), 'frequency' => (int) env('STOPFORUMSPAM_FREQUENCY', 3), 'cache_ttl' => (int) env('STOPFORUMSPAM_CACHE_TTL', 3600), 'timeout' => (int) env('STOPFORUMSPAM_TIMEOUT', 5), ], ];
Everything is env-driven, so you can tune the package from .env without publishing the config:
SPAM_DEFAULT_FIELD=email SPAM_MESSAGE="This email address is not allowed. Please use a different one." SPAM_BLOCKED_TLDS="tk,ml,cf,ga,gq" SPAM_BLOCKED_DOMAINS="example.com,another.test" SPAM_DISPOSABLE_ENABLED=true SPAM_DISPOSABLE_STORAGE_PATH= # Override the JSON path SPAM_DISPOSABLE_SOURCE_URL= # Override the upstream list URL SPAM_DISPOSABLE_CACHE_TTL= # null = forever STOPFORUMSPAM_ENABLED=true STOPFORUMSPAM_FREQUENCY=3 # Min appearances to count as spam STOPFORUMSPAM_CACHE_TTL=3600 STOPFORUMSPAM_TIMEOUT=5
No API key required — StopForumSpam lookups are anonymous and this package does not submit reports.
🚀 Usage
The Spam::check() API
Get a structured verdict for any email:
use Climactic\Spam\Facades\Spam; use Climactic\Spam\Enums\SpamReason; $result = Spam::check($email); if ($result->isSpam) { Log::warning('Blocked signup', [ 'email' => $email, 'reason' => $result->reason->value, // 'disposable', 'blocked_tld', … ]); }
SpamReason cases: Clean, InvalidEmail, BlockedDomain, BlockedTld, Disposable, StopForumSpam.
Convenience predicates:
Spam::isSpamEmail($email); // bool — any spam signal Spam::isDisposable($email); // bool Spam::isBlockedDomain($email); // bool — exact domain *or* TLD match Spam::isStopForumSpam($email); // bool
Validation rules
Use Spam::emailRules() in any FormRequest or inline validator. It returns Laravel's standard email rules plus the three spam rules — append your own extras (like unique:) as needed:
use Climactic\Spam\Facades\Spam; public function rules(): array { return [ 'email' => Spam::emailRules([ 'unique:'.User::class, ]), ]; }
Or drop it into an inline validator:
Validator::make($data, [ 'email' => Spam::emailRules(), ])->validate();
Route middleware
Protect any endpoint that accepts an email field with the spam.email middleware alias. A flagged email yields a standard 422 validation response.
Route::post('/register', RegisterController::class) ->middleware('spam.email'); Route::post('/contact', ContactController::class) ->middleware('spam.email:contact_email'); // custom field name
If no parameter is passed, the middleware reads config('spam.default_field') (default: email).
Individual rules
If you want to reach for a specific rule directly:
use Climactic\Spam\Rules\BlockedEmailDomain; use Climactic\Spam\Rules\DisposableEmail; use Climactic\Spam\Rules\StopForumSpamEmail; $data->validate([ 'email' => [ 'required', 'email', app(BlockedEmailDomain::class), app(DisposableEmail::class), app(StopForumSpamEmail::class), ], ]);
🔄 Keeping the disposable list fresh
The package ships with a snapshot of disposable/disposable-email-domains. To refresh from upstream on your own schedule, run:
php artisan spam:update
The command writes to config('spam.disposable.storage_path') (default: storage/app/laravel-spam/disposable-domains.json) and clears the cache. Recommended: schedule it monthly:
use Illuminate\Support\Facades\Schedule; Schedule::command('spam:update')->monthly();
📚 API Reference
Facade methods
| Method | Description |
|---|---|
Spam::check(string $email): SpamResult |
Full check; returns {isSpam, reason} |
Spam::isSpamEmail(string $email): bool |
True if any signal fires |
Spam::isDisposable(string $email): bool |
True if the domain is in the disposable list |
Spam::isBlockedDomain(string $email): bool |
True if the domain or TLD is blocklisted |
Spam::isStopForumSpam(string $email): bool |
True if StopForumSpam flags the email |
Spam::emailRules(array $extra = []): array |
Email validation rules; append extras |
Validation rules
| Rule | Class |
|---|---|
| Blocked domain / TLD | Climactic\Spam\Rules\BlockedEmailDomain |
| Disposable email | Climactic\Spam\Rules\DisposableEmail |
| StopForumSpam lookup | Climactic\Spam\Rules\StopForumSpamEmail |
Middleware
| Alias | Class | Parameter |
|---|---|---|
spam.email |
Climactic\Spam\Http\Middleware\BlockSpamEmails |
Request field (defaults to config) |
Console
| Command | Description |
|---|---|
spam:update |
Refresh the disposable-email list |
🧪 Testing
composer test
📋 Changelog
Please see CHANGELOG for more information on what has changed recently.
🤝 Contributing
Please see CONTRIBUTING for details. You can also join our Discord server to discuss ideas and get help: Discord Invite.
🔒 Security Vulnerabilities
Please report security vulnerabilities to security@climactic.co.
💖 Support This Project
Laravel Spam is free and open source, built and maintained with care. If this package has saved you development time or helped power your application, please consider supporting its continued development.
⭐ Star History
📦 Other Packages
Other open-source Laravel packages from Climactic:
| Package | Description |
|---|---|
| climactic/laravel-credits | Ledger-based credit system for virtual currencies, reward points, and credit-based features. |
| climactic/laravel-polar | Seamless Polar.sh integration for subscriptions, payments, and webhooks. |
| climactic/laravel-altcha | Drop-in ALTCHA proof-of-work spam protection — privacy-first, self-hosted, no third-party services. |
📄 License
The MIT License (MIT). Please see License File for more information.
⚖️ Disclaimer
This package is not affiliated with Laravel. It's for Laravel but is not by Laravel. Laravel is a trademark of Taylor Otwell. Disposable-domain data is sourced from the disposable/disposable-email-domains community project.
climactic/laravel-spam 适用场景与选型建议
climactic/laravel-spam 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1 次下载、GitHub Stars 达 4, 最近一次更新时间为 2026 年 04 月 17 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「spam」 「laravel」 「anti-spam」 「stopforumspam」 「disposable-email」 「climactic」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 climactic/laravel-spam 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 climactic/laravel-spam 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 climactic/laravel-spam 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Simple captcha generator
reCAPTCHA library
Client library for reCAPTCHA with proxy support, a free service that protects websites from spam and abuse.
Increase your Flarum forum's security with hCaptcha.
PHP CAPTCHA Library
Display clickable eMail-Adresses without being spamed
统计信息
- 总下载量: 1
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 4
- 点击次数: 46
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-04-17