I have done a bit more work on my stats-gathering script, and I'm a little
more confident in the numbers. I'm attaching a CSV file... these are my
results upon running the script for 4 hours or so.
I haven't really drawn any conclusions from the numbers, and in itself it's
probably not enough to conclude or decide anything, other than "we need
more data about X and Y areas". But, I wanted to get the information out
there, to see if other folks have opinions, questions, comparisons, etc.
The plain-text, single-column version appears below, in case the CSV
doesn't make it through.
Some SPF results are broken down further by:
/local-policy : best guess was applied
/sgi.com : override for our company which doesn't actually publish
spf yet
Complete tally of SPF results, not broken down by action/disposition. This
is all with best guess on, and trusted-forwarder whitelist.
85.77% (null sender)
0.06% error
0.45% error/local policy
0.00% error/sgi.com
0.06% error/*.sgi.com
0.59% fail
1.26% fail/*.sgi.com
0.09% fail/sgi.com
2.06% neutral
7.79% neutral/local policy
0.17% pass
0.43% pass/local policy
0.01% pass/sgi.com
1.20% softfail
0.06% unknown
Each section below represents an action that our mail server (a spam
appliance box) took for the message, such as rejecting for various reasons,
accepting with possible spam tag, quarantine, etc. Inside each section I
have broken down the SPF results found when examining the items in that
category. (Currently SPF is not checked when receiving or handling the
message, only logged and analyzed after the fact.)
"bad recipient" : total 9.46%
"bad recipient" means that the mailserver rejected the mail due to user
unknown, hostname unknown, or recipient blocked from receiving from
outside.
"bad recipient" breaks down as follows:
(null sender) 0.12%
error 0.05%
error/local policy 0.25%
error/sgi.com 0.00%
error/*.sgi.com 0.01%
fail 0.40%
fail/*.sgi.com 1.19%
fail/sgi.com 0.08%
neutral 1.47%
neutral/local policy 4.83%
pass 0.02%
pass/local policy 0.09%
softfail 0.91%
unknown 0.03%
"bad sender" : total 0.31%
"bad sender" means something wrong with the sender's address, syntax or so;
it breaks down like this:
(null sender)
error
error/local policy 0.00%
error/sgi.com
error/*.sgi.com
fail 0.00%
fail/*.sgi.com 0.02%
fail/sgi.com
neutral 0.03%
neutral/local policy 0.25%
pass
pass/local policy
pass/sgi.com
softfail
unknown 0.00%
"blocked_spam" : total 1.01%
Message was identified as spam by its content or links.
(null sender) 0.03%
error 0.01%
error/local policy 0.01%
fail 0.04%
neutral/local policy 0.67%
pass 0.01%
pass/local policy 0.03%
softfail 0.08%
unknown 0.00%
Blocked_virus : 0.02%
(null sender)
error/sgi.com 0.00%
fail 0.00%
fail/*.sgi.com 0.00%
fail/sgi.com 0.00%
neutral/local policy 0.01%
softfail 0.00%
"delivered" : 2.20%
Means the message was allowed through and not marked as spam.
(null sender) 0.17%
error 0.01%
error/local policy 0.04%
fail 0.08%
fail/*.sgi.com 0.02%
fail/sgi.com 0.00%
neutral 0.19%
neutral/local policy 1.26%
pass 0.08%
pass/local policy 0.23%
pass/sgi.com 0.01%
softfail 0.10%
unknown 0.01%
"miscerror" : 0.82%
Things like sender quit, abort, etc.
(null sender) 0.11%
error 0.00%
error/local policy 0.04%
error/*.sgi.com 0.02%
fail 0.04%
fail/*.sgi.com 0.02%
neutral 0.14%
neutral/local policy 0.31%
pass 0.05%
pass/local policy 0.04%
pass/sgi.com
softfail 0.05%
unknown 0.00%
quarantined: total 0.03%
fail 0.00%
neutral 0.00%
neutral/local policy 0.02%
pass 0.00%
pass/local policy 0.01%
softfail 0.00%
ratelimit: host reconnecting too fast (usually on a BL)
1.32%
rbl: sender is on an RBL- we cut off communications before getting to MAIL
FROM. (I am used to seeing this number lower, like 70% - I think due to
syslog dropping some lines, I may be over-representing short transactions
and under-reporting longer transactions, because multi-line transactions
are more likely to have email address, IP or result missing.)
83.85%
syntaxerr
0.10%
"tagged" : 0.44%
tagged means the message went through to someone's inbox, but with a
"suspected spam" header.
(null sender) 0.02%
error 0.00%
error/local policy 0.02%
fail 0.01%
neutral 0.05%
neutral/local policy 0.29%
pass 0.00%
pass/local policy 0.02%
softfail 0.03%
unknown 0.00%
"temperror" : 0.44%
Some temporary dns lookup or other come-back-later response.
(null sender) 0.04%
error/local policy 0.09%
error/*.sgi.com 0.03%
fail 0.01%
fail/*.sgi.com 0.00%
fail/sgi.com 0.00%
neutral 0.05%
neutral/local policy 0.16%
pass 0.01%
pass/local policy 0.02%
softfail 0.03%
unknown 0.00%
Let me know if they are interesting, and if you have numbers of your own,
tell me if these numbers are way off or anything too.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
SPFstats.csv
Description: Binary data