Mail Rate Limiting question

A site on my server was hacked several weeks ago and began spewing out thousands of spam emails.

I thought I found the exploit, removed that wp theme, backed up all my sites, destroyed the virtual server, rebuilt a new server, and deployed my sites on that.

All was good for a week, and then my server started spewing out hundreds of spam emails through that same domain.

I went through the process again. Removed a suspect plugin, moved to new server, etc.

A week later, more spam emails spewing from my domain - argh!

Went through the process again, this time I think I’ve got the program they were using to hack the server removed. I’ve pretty much removed and updated and redone everything on that domain.

However, I want to put some extra precautions in place. I found that I can bcc anything the server mails to myself, so I’ve done that so I find out about this earlier now.

But that brings me to this… I just discovered (I’m a little slow with these things sometimes) the “Mail Rate LImiting” option. Oh, that’s cool !

I’m the only one that should be logging into the server to send email. I can limit it to about 40 emails an hour - that’s the most I’ll send out. I get an occasional email through my contact form, but that’s minimal.

However, I do have some clients who have an alias email address on my domain - their email then gets forwarded on to their regular email at gmail or whatever.

Is email that comes in on an alias and then forwarded on counted by the mail limiter? Or in other words, are forwarded emails counted?