As a best practice, use address objects
as the Destination Address to enable access
to only specific servers or specific groups of servers especially
for commonly exploited services, such as DNS and SMTP. By restricting
users to specific destination server addresses, you can prevent
data exfiltration and command-and-control traffic from establishing
communication through techniques such as DNS tunneling.