Currently, we do not recommend that Umbrella filtering be used by an MTA (Mail Transfer Agent) that is handling email. It is not a supported configuration and unexpected results will occur.
- Categorization filtering rules can block legitimate mail. For example, an email to firstname.lastname@example.org will be blocked if Social Media category is not allowed. The mail delivery may be legitimate, but you want to block employees from using Facebook.
- Security filtering: domains may be blocked for a Security Threat; however, email is still desired to be sent to this domain. This can occur when a site is temporarily compromised and is flagged for Malware but still needs to have mail send to it's domain.
- Due to the large number of queries that can occur from our DNS resolvers, some DNSBLs do not allow queries from us. This will potentially affect your spam catch rate.
The following article (step 6) deals with the configuration of DNS in Exchange 2010: