DNS Forwarders - allow a separate selection for Mail Protection
If you've seen my DNS best practice (https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/32566/solved-dns-best-practice/109152#109152) post, you know that it recommends NOT using the DNS servers of your ISP and using Google or OpenDNS. The reason for this is that many providers hijack DNS, breaking rDNS.
When I started that post over eight (!) years ago, there were very few Content Delivery Networks (CDNs). Today, they abound, and that's a problem that may well trump thr rDNS problem. As Alexander Busch described this situati in a post near the end of the DNS Best Practice thread, "Essentially, it is about the provider operating a large network itself (MGN - Microsoft Global Network) and trying to connect the client to an access point with low latency. Of course, the geographical distance is important for this. Therefore, the resolution of a certain address e. g. outlook. office365. com to different targets, depending on the geographical position. If the DNS server is Google, for example, I will probably get an access point near the Google DNS servers, although I am in Germany myself."
If there were only a simple choice to allow a separate DNS choice for the SMTP Proxy, we could have our cake and eat it, too! ;-)