[Rspamd-Users] Protect email server reputation from forwards/form submissions

[Taco de Wolff]

Hi,

I'm trying to keep up my server's email reputation. The problem is that
many clients have a WordPress installation and add contact forms with
little protection (but note that even ReCAPTCHA is far from perfect). I
enforce that those sites send from noreply@* of their domain, and I have
enabled outbound scanning with Rspamd, but the vast amount of spam that is
trying to be sent is difficult to tame. I have been installing protections
manually in those WPs, but that is an uphill battle. I've been boltening
the screws on Rspamd, whose neural net is getting better and whose reject
score has been lowered. This is not enough. Does anybody have an idea on
how to solve this?

I use the following setting for outbound mails:

outbound {
    priority = high;
    authenticated = yes;
    apply {
        actions {
            reject = 5;
            add_header = null;
            greylist = null;
        }
    }
}

*Can I add another setting that is stricter for from-addresses that start
with noreply@*?*

Secondly, Some inboxes redirect to an external address, such as when
visitor at gmail.com sends a mail to user at myserver.com that is then forwarded
to user at gmail.com. This uses the SRS scheme so that the sender becomes
SRS0=nopU=5I=gmail.com=noreply at myserver.com (otherwise Gmail does not
accept mail from its own servers that has been forwarded by another
server). *If I forward a spam message with SRS, does this affect my
server's reputation, or does it affect the original sender's reputation?*

Thank you in advance for your help!

Kind regards,
Taco de Wolff