Look into how Cloudflare handles detecting abuse of bulk automated http requests (hint: browser trickery). RBLs will help, as well as basic rate limiting. You can also do heuristics on the rate of mails going out from multiple users in similar ways and impose a timeout on users when you detect something 'feels spammy'. Basically you just want to make it so annoying to send spam that they'll use someone else's service. You can also use obfuscation techniques to make it difficult for spammers to determine the method to use to automate requests.