diff --git a/README.md b/README.md
index a3bd5ea..43d0737 100644
--- a/README.md
+++ b/README.md
@@ -4,9 +4,17 @@ MineWall is a Layer 3 mitigation toolset for protocol specifications like Minecr
 
 It is mainly targeted at Minecraft servers, or applications having a similar networking footprint as the former. However, it may work well for other applications where proxies are the main tool used for attacks. It is highly recommended to test pre-deployment, and to take proper measures to optimize for your own end use-case.
 
+# A 3 layered approach
+The application is comprised of 3 different layers of mitigation, depending on the validity of the source user:
+- The whitelist is used for IPs that are already validated as safe users.
+- The graylist is based on low risk countries that rarely are the source of bots. The behavior is to limit the connection speed with a permissive ratelimit.
+- The graylist (default) behavior is to strongly limit incoming connections via strict ratelimit.
+
+
+
 
 # Sources
 We believe transparency in our forensic research is key to replicability and the effectiveness of our solution. We've appended our sources below:
 
 https://radar.cloudflare.com/
-https://github.com/herrbischoff/country-ip-blocks
\ No newline at end of file
+https://github.com/herrbischoff/country-ip-blocks