Re: [Asrg] Development of an object assessment format/protocol

"Emanuele Balla (aka Skull)" <> Mon, 04 March 2013 20:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 17F4E21F9000 for <>; Mon, 4 Mar 2013 12:42:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Y+NEHF79rVwd for <>; Mon, 4 Mar 2013 12:42:03 -0800 (PST)
Received: from ( [IPv6:2a02:9a8:94::b]) by (Postfix) with ESMTP id 5AC1821F8FDF for <>; Mon, 4 Mar 2013 12:41:40 -0800 (PST)
Received: from enlil.local ( []) by (Postfix) with ESMTPSA id E364A6C376 for <>; Mon, 4 Mar 2013 21:41:37 +0100 (CET)
Message-ID: <>
Date: Mon, 04 Mar 2013 21:41:35 +0100
From: "Emanuele Balla (aka Skull)" <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130216 Thunderbird/17.0.3
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <>
References: <> <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] Development of an object assessment format/protocol
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 04 Mar 2013 20:42:04 -0000

On 3/4/13 7:28 PM, Martijn Grooten wrote:
>> Straight to the point: abusive URLs on legit domains . There's no
>> (easy/effective) way to encode an entire URL in a DNS request.
>> At least, that's the reason why I've been thinking about this topic for the last
>> 4 years... :-\
> Can't you just use HTTP for that?

You could, for sure.
But you won't have redundancy/loaf_balancing/best_peer_selection in the
client: you'd need to wrap something around it (through SRV records for
the client, and clustering, anycast, geoDNS to direct the client to the
best server, etc).
This will increase the requirements for running such services significantly.

Also you'll move the entire thing to TCP, requiring sessions/sockets,
much more expensive to scale properly, and also much more susceptible to
DDoS than UDP-based protocols.

Then take into account the amount of queries major DNSBLs satisfy at the
moment (on DNS, where there's at least some caching in place): >100Kqps.

All in all, I'm quite confident there are not many entities wanting to
provide service to the internet at large over a similar infrastructure...