diff --git a/4.2.3-uMatrix.md b/4.2.3-uMatrix.md
index 29742db..761f5b9 100644
--- a/4.2.3-uMatrix.md
+++ b/4.2.3-uMatrix.md
@@ -1,5 +1,7 @@
 :small_orange_diamond: **Block TLDs**
 
+There are [over 1,500 TLDs in existence today](https://www.icann.org/registrar-reports/accredited-list.html), many of which widely abused - see [this](https://krebsonsecurity.com/2018/06/bad-men-at-work-please-dont-click/) Krebs on Security article. Also [this](https://krebsonsecurity.com/2018/03/omitting-the-o-in-com-could-be-costly/) one. Blocking TLDs can be overly broad and akin to playing whack-a-mole. A more precise and effective strategy is to use uMatrix / uBlockOrigin in hardened configurations.
+
 Example: blocking [.cm](https://en.wikipedia.org/wiki/.cm) which is the [ccTLD](https://en.wikipedia.org/wiki/Country_code_top-level_domain) for Cameroon. Note: you will need both lines if you allow 1st-party (`* 1st-party * allow`), as the way uMatrix works, narrow rules win over broader rules.
 
 ```