From cb1e4ff5bbfc179139749df2e218fc61e631fd63 Mon Sep 17 00:00:00 2001
From: Hocuri <hocuri@gmx.de>
Date: Wed, 17 Jun 2026 12:38:37 +0200
Subject: [PATCH] docs(README.md): Clarify security enforcement (#1011)

Make it clear which security enforcement properties a chatmail server has
---
 README.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f9a70620..bf0c0321 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,12 @@ Chatmail relay servers are interoperable Mail Transport Agents (MTAs) designed f
 -  **Instant/Realtime:** sub-second message delivery, realtime P2P
    streaming, privacy-preserving Push Notifications for Apple, Google, and Huawei;
 
--  **Security Enforcement**: only strict TLS, DKIM and OpenPGP with minimized metadata accepted
+-  **Security Enforcement**: Only connections with strict TLS are accepted;
+   all messages must be correctly signed with DKIM and OpenPGP-encrypted with minimized metadata.
+   There are experimental exceptions for no-DNS relays,
+   which are allowed use self-signed TLS certificates
+   and which do not need to DKIM-sign their messages.
+   Unencrypted messages are allowed in neither case.
 
 -  **Reliable Federation and Decentralization:** No spam or IP reputation checks, federating
    depends on established IETF standards and protocols.