diff --git a/docs/authentication/configuration/restrictions.mdx b/docs/authentication/configuration/restrictions.mdx
index 54dd28b637..2141a4ba92 100644
--- a/docs/authentication/configuration/restrictions.mdx
+++ b/docs/authentication/configuration/restrictions.mdx
@@ -75,6 +75,7 @@ For example, if you add `john.doe@clerk.dev` as a blocked email address, it mean
 
 > [!NOTE]
 > Existing accounts with email subaddresses will not be affected by this restriction, and will still be allowed to sign in.
+> This feature aims to prevent malicious sign-in attempts. The first canonical email containing a subaddress will be allowed, but subsequent sign-ins using additional subaddresses will be blocked.
 
 To enable this feature: