Another attempt at showing some stats

I have done a bit more work on my stats-gathering script, and I'm a little 
more confident in the numbers.  I'm attaching a CSV file... these are my 
results upon running the script for 4 hours or so.
I haven't really drawn any conclusions from the numbers, and in itself it's 
probably not enough to conclude or decide anything, other than "we need 
more data about X and Y areas".  But, I wanted to get the information out 
there, to see if other folks have opinions, questions, comparisons, etc.
The plain-text, single-column version appears below, in case the CSV 
doesn't make it through.

Some SPF results are broken down further by:
 /local-policy : best guess was applied
 /sgi.com      : override for our company which doesn't actually publish 
spf yet

Complete tally of SPF results, not broken down by action/disposition.  This 
is all with best guess on, and trusted-forwarder whitelist.
85.77%  (null sender)
0.06%   error
0.45%   error/local policy
0.00%   error/sgi.com
0.06%   error/*.sgi.com
0.59%   fail
1.26%   fail/*.sgi.com
0.09%   fail/sgi.com
2.06%   neutral
7.79%   neutral/local policy
0.17%   pass
0.43%   pass/local policy
0.01%   pass/sgi.com
1.20%   softfail
0.06%   unknown


Each section below represents an action that our mail server (a spam 
appliance box) took for the message, such as rejecting for various reasons, 
accepting with possible spam tag, quarantine, etc.  Inside each section I 
have broken down the SPF results found when examining the items in that 
category.  (Currently SPF is not checked when receiving or handling the 
message, only logged and analyzed after the fact.)

"bad recipient" : total 9.46%
"bad recipient" means that the mailserver rejected the mail due to user 
unknown, hostname unknown, or recipient blocked from receiving from 
outside.
"bad recipient" breaks down as follows:
(null sender)   0.12%
error   0.05%
error/local policy      0.25%
error/sgi.com   0.00%
error/*.sgi.com 0.01%
fail    0.40%
fail/*.sgi.com  1.19%
fail/sgi.com    0.08%
neutral 1.47%
neutral/local policy    4.83%
pass    0.02%
pass/local policy       0.09%
softfail        0.91%
unknown 0.03%


"bad sender" : total 0.31%
"bad sender" means something wrong with the sender's address, syntax or so; 
it breaks down like this:
(null sender)   
error   
error/local policy      0.00%
error/sgi.com   
error/*.sgi.com 
fail    0.00%
fail/*.sgi.com  0.02%
fail/sgi.com    
neutral 0.03%
neutral/local policy    0.25%
pass    
pass/local policy       
pass/sgi.com    
softfail        
unknown 0.00%


"blocked_spam" : total 1.01%
Message was identified as spam by its content or links.

(null sender)   0.03%
error   0.01%
error/local policy      0.01%
fail    0.04%
neutral/local policy    0.67%
pass    0.01%
pass/local policy       0.03%
softfail        0.08%
unknown 0.00%


Blocked_virus : 0.02%

(null sender)   
error/sgi.com   0.00%
fail    0.00%
fail/*.sgi.com  0.00%
fail/sgi.com    0.00%
neutral/local policy    0.01%
softfail        0.00%


"delivered" : 2.20%
Means the message was allowed through and not marked as spam.
(null sender)   0.17%
error   0.01%
error/local policy      0.04%
fail    0.08%
fail/*.sgi.com  0.02%
fail/sgi.com    0.00%
neutral 0.19%
neutral/local policy    1.26%
pass    0.08%
pass/local policy       0.23%
pass/sgi.com    0.01%
softfail        0.10%
unknown 0.01%


"miscerror" : 0.82%
Things like sender quit, abort, etc.
(null sender)   0.11%
error   0.00%
error/local policy      0.04%
error/*.sgi.com 0.02%
fail    0.04%
fail/*.sgi.com  0.02%
neutral 0.14%
neutral/local policy    0.31%
pass    0.05%
pass/local policy       0.04%
pass/sgi.com    
softfail        0.05%
unknown 0.00%


quarantined: total 0.03%
fail    0.00%
neutral 0.00%
neutral/local policy    0.02%
pass    0.00%
pass/local policy       0.01%
softfail        0.00%


ratelimit: host reconnecting too fast (usually on a BL)
1.32%   


rbl: sender is on an RBL- we cut off communications before getting to MAIL 
FROM.  (I am used to seeing this number lower, like 70% - I think due to 
syslog dropping some lines, I may be over-representing short transactions 
and under-reporting longer transactions, because multi-line transactions 
are more likely to have email address, IP or result missing.)
83.85%


syntaxerr
0.10%


"tagged" : 0.44%
tagged means the message went through to someone's inbox, but with a 
"suspected spam" header.
(null sender)   0.02%
error   0.00%
error/local policy      0.02%
fail    0.01%
neutral 0.05%
neutral/local policy    0.29%
pass    0.00%
pass/local policy       0.02%
softfail        0.03%
unknown 0.00%



"temperror" : 0.44%
Some temporary dns lookup or other come-back-later response.
(null sender)   0.04%
error/local policy      0.09%
error/*.sgi.com 0.03%
fail    0.01%
fail/*.sgi.com  0.00%
fail/sgi.com    0.00%
neutral 0.05%
neutral/local policy    0.16%
pass    0.01%
pass/local policy       0.02%
softfail        0.03%
unknown 0.00%



Let me know if they are interesting, and if you have numbers of your own, 
tell me if these numbers are way off or anything too.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription, 
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

SPFstats.csv
Description: Binary data