diff --git a/README.md b/README.md
index f9a70620..bf0c0321 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,12 @@ Chatmail relay servers are interoperable Mail Transport Agents (MTAs) designed f
 -  **Instant/Realtime:** sub-second message delivery, realtime P2P
    streaming, privacy-preserving Push Notifications for Apple, Google, and Huawei;
 
--  **Security Enforcement**: only strict TLS, DKIM and OpenPGP with minimized metadata accepted
+-  **Security Enforcement**: Only connections with strict TLS are accepted;
+   all messages must be correctly signed with DKIM and OpenPGP-encrypted with minimized metadata.
+   There are experimental exceptions for no-DNS relays,
+   which are allowed use self-signed TLS certificates
+   and which do not need to DKIM-sign their messages.
+   Unencrypted messages are allowed in neither case.
 
 -  **Reliable Federation and Decentralization:** No spam or IP reputation checks, federating
    depends on established IETF standards and protocols.