diff --git a/howto/submission.md b/howto/submission.md
index 2fdd6474d59fa786f53fee0cdd0f2e10ab284baa..59d14a09afa4e16d314e5351d26f8ed08f0c3bb2 100644
--- a/howto/submission.md
+++ b/howto/submission.md
@@ -45,6 +45,9 @@ it will actually deliver emails to targets.
 ## Pager playbook
 
 TODO: pager playbook
+<!-- information about common errors from the monitoring system and -->
+<!-- how to deal with them. this should be easy to follow: think of -->
+<!-- your future self, in a stressful situation, tired and hungry. -->
 
 ## Disaster recovery
 
@@ -75,6 +78,23 @@ TODO: how to setup the service from scratch. puppet role and DNS?
 <!-- "architectural" document, which the final result might differ -->
 <!-- from, sometimes significantly -->
 
+<!-- a good guide to "audit" an existing project's design: -->
+<!-- https://bluesock.org/~willkg/blog/dev/auditing_projects.html -->
+
+<!-- things to evaluate here:
+
+ * services
+ * storage (databases? plain text files? cloud/S3 storage?)
+ * queues (e.g. email queues, job queues, schedulers)
+ * interfaces (e.g. webserver, commandline)
+ * authentication (e.g. SSH, LDAP?)
+ * programming languages, frameworks, versions
+ * dependent services (e.g. authenticates against LDAP, or requires
+   git pushes)
+ * deployments: how is code for this deployed (see also Installation)
+
+how is this thing built, basically? -->
+
 Some interesting "best practices" notes:
 
  * https://bridge.grumpy-troll.org/2020/07/small-mailserver-bcp/
@@ -84,11 +104,43 @@ Some interesting "best practices" notes:
 Project is coordinated in [ticket #30608][].
 
 There is no issue tracker specifically for this project, [File][] or
-[search][] for issues in the [team issue tracker][search] component.
+[search][] for issues in the [team issue tracker][search].
 
  [File]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/new
  [search]: https://gitlab.torproject.org/tpo/tpa/team/-/issues
 
+## Maintainer, users, and upstream
+
+This service is mostly written as a set of Puppet manifests. It was
+built by anarcat, and is maintained by TPA. There is no upstream.
+
+It depends on patches on `userdir-ldap` that were partially merged in
+the upstream, see [LDAP docs](howto/ldap#maintainer-users-and-upstream) for details.
+
+## Monitoring and testing
+
+TODO: monitoring and testing
+
+<!-- describe how this service is monitored and how it can be tested -->
+<!-- after major changes like IP address changes or upgrades. describe -->
+<!-- CI, test suites, linting, how security issues and upgrades are -->
+<!-- tracked -->
+
+## Logs and metrics
+
+TODO: logs and metrics
+
+<!-- where are the logs? how long are they kept? any PII? -->
+<!-- what about performance metrics? same questions -->
+
+## Backups
+
+No special backup of this service is required.
+
+## Other documentation
+
+TODO: <!-- references to upstream documentation, if relevant -->
+
 # Discussion
 
 ## Overview