From 75bd1e9986c042aaebe20d5867189380ae5f64b8 Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Thu, 30 Apr 2026 09:17:56 +0700
Subject: [PATCH] Update rules section

---
 README.md | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 1c37f7d..2a1bfb6 100644
--- a/README.md
+++ b/README.md
@@ -20,17 +20,17 @@ The checker parses every response, cross-checks the servers advertised
 by the different sources, and produces a rich HTML report with
 **paste-ready remediation snippets** for the most common failure modes.
 
-## Rules produced
+## Rules
 
-| Rule                                  | What it checks                                                       |
-|---------------------------------------|----------------------------------------------------------------------|
-| `autoconfig_presence`                 | At least one discovery method serves a valid clientConfig.          |
-| `autoconfig_preferred_endpoint`       | `autoconfig.<domain>` (Thunderbird's first try) is reachable.        |
-| `autoconfig_tls`                      | HTTPS is mandatory and certificates validate.                        |
-| `autoconfig_server_encryption`        | Advertised IMAP/SMTP servers use SSL/STARTTLS, not plaintext.        |
-| `autoconfig_consistency`              | clientConfig claims the queried domain and agrees with SRV.          |
-| `autoconfig_srv_records`              | RFC 6186 SRV records cover incoming + submission.                    |
-| `autoconfig_autodiscover`             | Microsoft Autodiscover responds (informational).                     |
+| Code                              | Description                                                                                                  | Severity            |
+|-----------------------------------|--------------------------------------------------------------------------------------------------------------|---------------------|
+| `autoconfig_presence`             | Checks that at least one email-autoconfiguration discovery method answers for the domain.                    | CRITICAL            |
+| `autoconfig_preferred_endpoint`   | Checks that `https://autoconfig.<domain>/mail/config-v1.1.xml` is reachable and serves a valid clientConfig. | WARNING             |
+| `autoconfig_tls`                  | Checks that autoconfig endpoints are served over HTTPS with a valid TLS certificate.                         | CRITICAL            |
+| `autoconfig_server_encryption`    | Checks that servers advertised by autoconfig use SSL or STARTTLS and a non-cleartext auth method.            | CRITICAL            |
+| `autoconfig_consistency`          | Cross-checks hostnames and ports reported by autoconfig, Autodiscover and SRV records.                       | WARNING             |
+| `autoconfig_srv_records`          | Checks that RFC 6186 SRV records (`_imaps._tcp`, `_submissions._tcp`, ...) complement the autoconfig XML.    | WARNING             |
+| `autoconfig_autodiscover`         | Reports whether Microsoft Autodiscover (POX) responds on the domain.                                         | WARNING             |
 
 ## Common failure modes the HTML report addresses