Add context for limiting `before` timestamp

1 files changed, 4 insertions, 2 deletions

diff --git a/26.md b/26.md
index b8fa902..9117699 100644
--- a/26.md
+++ b/26.md
@@ -52,7 +52,9 @@ For example, the following condition strings are valid:
 - `kind=0&kind=1&created_at>1675721813`
 - `kind=1&created_at>1674777689&created_at<1675721813`
 
-For the vast majority of use-cases, it is advisable that query strings should include a `created_at` ***after*** condition reflecting the current time, to prevent the delegatee from publishing historic notes on the delegator's behalf.
+For the vast majority of use-cases, it is advisable that:
+1. Query strings should include a `created_at` ***after*** condition reflecting the current time, to prevent the delegatee from publishing historic notes on the delegator's behalf.
+2. Query strings should include a `created_at` ***before*** condition that is not empty and is not some extremely distant time in the future. If delegations are not limited in time scope, they expose similar security risks to simply using the root key for authentication.
 
 #### Example
 
@@ -105,4 +107,4 @@ Clients should display the delegated note as if it was published directly by the
 
 Relays should answer requests such as `["REQ", "", {"authors": ["A"]}]` by querying both the `pubkey` and delegation tags `[1]` value.
 
-Relays SHOULD allow the delegator (8e0d3d3e) to delete the events published by the delegatee (477318cf).
\ No newline at end of file
+Relays SHOULD allow the delegator (8e0d3d3e) to delete the events published by the delegatee (477318cf).