Designing a usable DNS Blocklist result format
It's relatively common for DNS blocklists to want to encode a certain amount of information in their results, ranging from the source of the information to how reliable they consider the results. For sensible reasons, DNS blocklists have to encode this information in the IP address or addresses that they return.
As it turns out, there is a useful way and a not so useful way to encode this information, because of the limitations of mailer support for DNSBL lookups. Most mailers can ask only two questions: 'is this host listed at all?' and 'is this host listed with a specific IP address?'
(Even when mailers support more, I believe that those two are the easiest two conditions to use.)
There are two natural ways to encode multiple pieces of information in
DNSBL results. One of them is to return multiple IP addresses, each
one representing one piece of information; the other is to encode all
of the information into a single IP address (using several octets, or
encoding an octet by
ORing flags together, or both). Now consider
what happens if you want to know only one piece of information in your
mailer, for example 'is this host blocked with high confidence'.
If the DNSBL encodes multiple pieces of information in a single IP address and you want only one piece, you probably have no good way of extracting it and matching on it; instead you have to inventory all of the different IP addresses that it might be encoded into. However, if the DNSBL encodes the information into multiple IP addresses, you have a simple check; 'does the DNSBL return IP <X> for this host'.
Thus, I believe that the most useful and best way for DNSBLs to encode multiple pieces of information is to return multiple IP addresses for each lookup, each one encoding one specific bit of information. Encoding several pieces of information in one IP address only makes sense if you are very confidant that most people will want to use them together and will never want to check just one.