DNS black list databases contain a list of IP addresses that are known to send spam. They also contain IP addresses that have open mail relays, because a spammer can easily hijack these systems to send out spam. Each black list has different reasons for why an IP address is blacklisted. Among the more common reasons are: dialups, bulk mailers, spammers and open relays.
Just as black lists have different criteria for including IP addresses, they also have different ways of categorizing the IP addresses. Some black lists use different domains (called query domains) to separate IP addresses based on the reason they are blacklisted. One domain will contain only IP addresses for dialup accounts, another domain will contain only IP addresses for bulk mailers. This type of categorization allows you to select the reasons for which you do not want to accept black listed mail, and use the domain that contains IP addresses for that reason.
Other black lists return a reason code/IP address (i.e. 127.0.0.3) as to why an IP address is black listed. Although all IP addresses are listed in one domain, each will contain a reason code that explains why it is included. For example, a code of 127.0.0.3 may represent a dial-up account, and a code of 127.0.0.4 might represent a bulk mailer. The Fiveten black list is an example of one of these black lists.
Unfortunately, there is no standard across black lists. One black list may use separate query domains, and another may use reason/IP codes. Likewise, there is no standard across the reason/IP codes that are returned. For one black list, 127.0.0.3 may represent dial-ups, and on another black list this code may represent bulk mailers. The best resources for finding out this information are the black lists themselves. By going to their web sites, you can learn how each black list classifies the listed IP addresses.