diff --git a/core/admin/mailu/__init__.py b/core/admin/mailu/__init__.py
index 9b712512..51532968 100644
--- a/core/admin/mailu/__init__.py
+++ b/core/admin/mailu/__init__.py
@@ -29,6 +29,7 @@ def create_app_from_config(config):
     utils.migrate.init_app(app, models.db)
 
     app.temp_token_key = hmac.new(bytearray(app.secret_key, 'utf-8'), bytearray('WEBMAIL_TEMP_TOKEN_KEY', 'utf-8'), 'sha256').digest()
+    app.srs_key = hmac.new(bytearray(app.secret_key, 'utf-8'), bytearray('SRS_KEY', 'utf-8'), 'sha256').digest()
 
     # Initialize list of translations
     config.translations = {
diff --git a/core/admin/mailu/internal/views/postfix.py b/core/admin/mailu/internal/views/postfix.py
index 330fed5b..928f4faf 100644
--- a/core/admin/mailu/internal/views/postfix.py
+++ b/core/admin/mailu/internal/views/postfix.py
@@ -108,7 +108,7 @@ def postfix_recipient_map(recipient):
 
     This is meant for bounces to go back to the original sender.
     """
-    srs = srslib.SRS(flask.current_app.config["SECRET_KEY"])
+    srs = srslib.SRS(flask.current_app.srs_key)
     if srslib.SRS.is_srs_address(recipient):
         try:
             return flask.jsonify(srs.reverse(recipient))
@@ -123,7 +123,7 @@ def postfix_sender_map(sender):
 
     This is for bounces to come back the reverse path properly.
     """
-    srs = srslib.SRS(flask.current_app.config["SECRET_KEY"])
+    srs = srslib.SRS(flask.current_app.srs_key)
     domain = flask.current_app.config["DOMAIN"]
     try:
         localpart, domain_name = models.Email.resolve_domain(sender)
diff --git a/towncrier/newsfragments/1999.enhancement b/towncrier/newsfragments/1999.enhancement
new file mode 100644
index 00000000..bd025141
--- /dev/null
+++ b/towncrier/newsfragments/1999.enhancement
@@ -0,0 +1 @@
+Derive a new subkey (from SECRET_KEY) for SRS