You could do something like this,
function validEmail($email){
if (filter_var($email, FILTER_VALIDATE_EMAIL)){
list($user,$domain) = explode('@',$email);
return checkdnsrr($domain, 'MX');
}
return false;
}
it may not pick up every fake email, but I always validate their email by sending them a validation email with a link.
EDIT:
As for spam on a form use CSRF, that should prevent most spam (at least in my experience)