Currently this is not possible. Emails sent to postmaster _at_ forums.lawrencesystems.com returns to MTA server with Error code 400.
<email@example.com> delayed: forums.lawrencesystems.com:
400 Network error: Could not connect to forums.lawrencesystems.com:25
Reporting-MTA: dns; mailrelay2-2.pub.mailoutpod1-cph3.one.com
Received-from-MTA: smtp; [IPv6:2a03:5440:2030:801:e141:c945:2851:e29] (2a03:5440:2030:801:e141:c945:2851:e29)
Arrival-Date: Sun, 05 May 2019 15:32:19 +0000
Final-Recipient: rfc822; firstname.lastname@example.org
Status: 5.4.7 (Message could not be delivered in the allotted time frame)
Remote-MTA: dns; forums.lawrencesystems.com
Diagnostic-Code: smtp; 400 Network error: Could not connect to forums.lawrencesystems.com:25
You could enable Reply via Email to only be available after a certain trust level or with a custom badge earned by $account.
That way new members will not have access to the feature right away. But only after having being active in the community to a certain extent or otherwise proven themselves otherwise worthy of “privileges”.
That may vary well be true. Depending on if $mailDomain is not protected adequately with the use of v=spf1(and optionally DKIM and/or DMARC, too)
Thou I would dispute a mail account being impersonated or a forum account not using 2FA to protect against unauthorized access. Is about equally bad in my opinion(!)
comment: I will add with spf validation. You could configured your receiving smtp daemon to reject (optionally with error message) all senders failing validation state -eq true.
(If everyone used 2FA for every website login they could and only used mail hosting solutions supporting SPF and DKIM. We could be a better road ahead of stopping mail impersonation and preventing brute-forcing and stolen account credentials being used in many current instances happening all over the globe every day because of inadequate security steps taken to protect oneself and solutions provided to customers, fooes and friends alike.)