mention another dropped option

policy/tpa-rfc-15-email-services.md

@@ -649,6 +649,30 @@ replication for a "warm" spare.
 Multi-primary setups would require "sharding" the users across
 multiple servers and is definitely considered out of scope.
 
+## Personal SPF/DKIM records and partial external hosting
+
+At Debian.org, it's possible for members to configure their own DKIM
+records which allows them to sign their personal, outgoing email with
+their own DKIM keys and send signed emails out to the world from their
+own email. We will not support such a configuration, as it is
+considered too complex to setup for normal users.
+
+Furthermore, it would not *easily* help people currently hosted by
+Gmail or Riseup: while it's technically possible for users to
+*individually* delegate their DKIM signatures to those entities, those
+keys could change without notice and would immediately break.
+
+DMARC has similar problems, particularly with monitoring and error
+reporting.
+
+Delegating SPF records might be slightly easier (because delegation is
+built into the protocol), but has also been rejected for now. It is
+considered risky to grant *all* of Gmail the rights to masquerade as
+`torproject.org` (even though that's currently the status quo). And
+besides delegating SPF alone wouldn't solve the more general problem
+of *partially* allowing third parties to send mail as
+`@torproject.org` (because of DKIM and DMARC).
+
 ## Status quo
 
 The current status quo is also an option. But it is our belief that it