diff --git a/SC2087.md b/SC2087.md
new file mode 100644
index 0000000..c5abfb2
--- /dev/null
+++ b/SC2087.md
@@ -0,0 +1,31 @@
+## Quote 'EOF' to make here document expansions happen on the server side rather than on the client.
+
+### Problematic code:
+
+    ssh host.example.com << EOF
+      echo "Logged in on $HOSTNAME"
+    EOF
+      
+### Correct code:
+
+    ssh host.example.com << "EOF"
+      echo "Logged in on $HOSTNAME"
+    EOF
+
+### Rationale:
+
+When the end token of a here document is not quoted, parameter expansions and command substitutions will be expanded. This means that the hostname printed will be that of the client, and not of the server.
+
+In other words, before sending the commands to the server, the client replaces `$HOSTNAME` with localhost, thereby sending `echo "Logged in on localhost"` to the server.
+
+By quoting the here token, local expansion will not take place, so the server sees `echo "Logged in on $HOSTNAME"` which is expanded and printed with the server's hostname, which is usually the intention.
+
+### Exceptions:
+
+If the client should expand some or all variables, this message can and should be ignored. 
+
+To expand a mix of local and remote variables, the here doc end token should be unquoted, and the remote variables should be escaped, e.g. 
+
+    ssh host.example.com << EOF
+      echo "Logged in on \$HOSTNAME from $HOSTNAME"
+    EOF