diff --git a/docs/configuration.rst b/docs/configuration.rst
index 4d60a64a..b2a71d4a 100644
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -254,12 +254,18 @@ The ``TZ`` sets the timezone Mailu will use. The timezone naming convention usua
 .. _`TZ database name`: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
 
 The ``PROXY_PROTOCOL`` (default: unset) allows the the front container to receive TCP and HTTP connections with
-the PROXY protocol. It can be set to:
+the `PROXY protocol`_ (originally introduced in HAProxy, now also configurable in other proxy servers).
+It can be set to:
 * ``http`` to accept the ``PROXY`` protocol on nginx's HTTP proxy ports
 * ``mail`` to accept the ``PROXY`` protocol on nginx's mail proxy ports
 * ``all`` to accept the ``PROXY`` protocol on all nginx's HTTP and mail proxy ports
 
-This requires to have a valid ``REAL_IP_FROM``.
+.. _`PROXY protocol`: https://github.com/haproxy/haproxy/blob/master/doc/proxy-protocol.txt
+
+This requires to have a valid ``REAL_IP_FROM`` (default: unset). Setting ``PROXY_PROTOCOL`` without setting
+``REAL_IP_FROM`` *will not work*. Make sure to set a ``REAL_IP_FROM`` only pointing to IP addresses or networks
+that you trust; accepting the ``PROXY`` protocol from untrusted sources is a serious security vulnerability,
+allowing a potential attacker to spoof his source address.
 
 Antivirus settings
 ------------------