I am operating a Postfix email server for my domain, say mydomain.com. It mostly acts as a forwarding email server: users receive an email address @mydomain.com, but usually elect to have their address forward to an external inbox (Gmail, Yahoo, etc). There are a few thousand addresses being forwarded, so the server handles a fairly significant volume of mail traffic.
In the past, the server did not use SRS rewriting. This of course meant that forwarded mail would fail SPF checks, as my ip address is not technically authorized to send email on behalf of the original sender's domain. However, from what I can see it doesn't seem to be causing any significant issues. Generally no complaints from users as Gmail, Yahoo, etc. seem to be smart enough to ignore the SPF failures and deliver the messages anyway.
With this in mind, is it really necessary to enable SRS rewriting? I am considering enabling it but my main concern is that my domain will get blacklisted for sending spam when spam inevitably gets fowarded. Wouldn't the rewrite make it appear as if I'm the originator of the spam? (At least, this is my understanding from reading Gmail's Best Practices for Forwarding Mailservers).
Granted, I am already taking some of the recommended precautions like using SpamAssassin to add "SPAM" to the subject line of suspected spam before forwarding, not forwarding high confidence (score 15+) spam, and using the spamhaus blocklist, but these measures aren't perfect and spam can still slip through unmarked.
Is enabling SRS rewriting worth it, if it increases the risk of getting wrongly marked as a spammer? Or would it be safer to just leave it as is and ignore SPF failures?