From e3bcef06b70372138c1576149cb4c995b8c198fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@debian.org>
Date: Tue, 12 Apr 2022 11:14:32 -0400
Subject: [PATCH] mention another dropped option

---
 policy/tpa-rfc-15-email-services.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/policy/tpa-rfc-15-email-services.md b/policy/tpa-rfc-15-email-services.md
index 57907d08..0b9a4c78 100644
--- a/policy/tpa-rfc-15-email-services.md
+++ b/policy/tpa-rfc-15-email-services.md
@@ -649,6 +649,30 @@ replication for a "warm" spare.
 Multi-primary setups would require "sharding" the users across
 multiple servers and is definitely considered out of scope.
 
+## Personal SPF/DKIM records and partial external hosting
+
+At Debian.org, it's possible for members to configure their own DKIM
+records which allows them to sign their personal, outgoing email with
+their own DKIM keys and send signed emails out to the world from their
+own email. We will not support such a configuration, as it is
+considered too complex to setup for normal users.
+
+Furthermore, it would not *easily* help people currently hosted by
+Gmail or Riseup: while it's technically possible for users to
+*individually* delegate their DKIM signatures to those entities, those
+keys could change without notice and would immediately break.
+
+DMARC has similar problems, particularly with monitoring and error
+reporting.
+
+Delegating SPF records might be slightly easier (because delegation is
+built into the protocol), but has also been rejected for now. It is
+considered risky to grant *all* of Gmail the rights to masquerade as
+`torproject.org` (even though that's currently the status quo). And
+besides delegating SPF alone wouldn't solve the more general problem
+of *partially* allowing third parties to send mail as
+`@torproject.org` (because of DKIM and DMARC).
+
 ## Status quo
 
 The current status quo is also an option. But it is our belief that it
-- 
GitLab