Electronic Mail (more commonly called “E-mail”) enables individuals to communicate text (perhaps even with attachments) across the Internet. This is often advantageous when individuals desire to communicate with each other. Some individuals choose, however, to use the Internet to send unwanted e-mails to other individuals. Often, the unwanted e-mail may be multi-cast to many recipients. Such e-mails are often referred to as “spam”.
In many cases, the amount of spam received can often overwhelm a recipient's e-mail account, decreasing the utility of the account. Accordingly, spam filters have been developed that detect suspected spam, and either prevent the suspected spam from being delivered to the recipient, or perform some other action that distinguishes the spam from normal received e-mails.
The detection of spam can occur in multiple stages. Often, a first stage in spam detection is to inspect the source Internet Protocol (IP) address of the e-mail. If the source IP address corresponds to a known spammer, the e-mail originating from that source IP address is categorized as spam. On the other hand, if the source IP address corresponds to a known legitimate non-spammer (also referred to as a “known source”), then the e-mail might be categorized as non-spam. Of course, there are cases in which the identity of the source IP address alone is not sufficient to determine whether or not the e-mail is spam. Thus, further processing may be performed to identify the spam state of the e-mail.
Conventionally, the spam state of the source IP address is obtained by doing a lookup over a network using a Domain Name Server lookup. The source IP address is provided by the e-mail server to the reverse DNS server. The reverse DNS server in turn identifies whether or not that source IP address corresponds to a known spammer, a known non-spammer, or perhaps whether the reverse DNS server simply does not know whether the source IP address is that of a spammer. The result is then passed to the e-mail server, which may then act appropriately depending on whether the e-mail is spam, not-spam, or unknown. This approach is commonly called a DNS Block List (DNSBL).
Specialized implementation of DNS servers optimized for this use are available, such as RBLDNSD. RBLDNSD uses a zone file compressed by expressing it using a notation called Variable-length Subnet Masking (VLSM). The same notation is more commonly called Classless-Inter-Domain Routing (CIDR). An advantage of this notation is that it allows contiguous blocks of addresses to be represented with a single entry.