I've been packaging rspamd for Gentoo, and it's pretty straightforward to build and run (more so now if you run Gentoo, of course), so that's good too.
In brief, rspamd can use the most of SA rules but it provides more optimization tricks than SA does. However, it is less mature and could be harder to setup than SA. You can also check my recent FOSDEM talk: https://www.youtube.com/watch?v=_fl9i-az_Q0
I'm really sorry that this information is not in the landing page of rspamd.com - that's obviously my fault.
Does this provide a way to replace links in a message so that they can be evaluated on click for continuous protection? Optionally of course since this would be more of a company policy type of protection than anything else.
(Apologies in advance to other contributors if I was incorrectly discounting their efforts; I made an assumption based on the number of commits on the repo.)
Both systems support statistics (rspamd uses 5-gramms hidden Markov model and SA uses naive bayes), they both support different backends for statistics (redis and sqlite for rspamd), per-user statistics, autolearning. Among network checks, they support URIBLs, RBLs, DMARC, DKIM, SPF. Obviously, both systems support regexp rules. However, I'm not an expert in SA features and might thus miss something...
I think it was either related to learning (but rspamd can do that, right?) or the db backend (I didn't want to run multiple database backends and anything that didn't support postgresql was out right away). Then again, I might be completely off.