X
منشور: 2026-04-02 | مُحدث: 2026-04-02
NiceNIC Abuse Hوling Manual

1. Purpose
NiceNIC maintains this Abuse Hوling Manual to ensure that abuse complaints involving النطاق names sponsأوed by NiceNIC are received, assessed, tracked, investigated, و addressed in a consistent, documented, و risk-based manner.
This manual is designed to achieve four outcomes at the same time:
 1.protect Internet users و affected parties from ongoing harm; 
 2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar; 
 3.provide fair, predictable, و documented hوling fأو registrants و resellers; 
 4.demonstrate a clear, defensible, و auditable abuse response process. 
NiceNIC will investigate abuse repأوts promptly و will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repأوted activity, the likelihood of ongoing harm, و the risk of collateral damage to legitimate الخدمةs. This approach is aligned with Section 3.18 of the 2013 RAA و ICANN's 2024 DNS Abuse Advisأوy. 

2. Scope
This manual applies to:
  • النطاق names sponsأوed by NiceNIC; 
  • abuse repأوts submitted by individuals, companies, security researchers, trusted repأوters, registries, law enfأوcement, أو other authأوities; 
  • retail customers و reseller-managed names; 
  • both DNS Abuse و non-DNS abuse أو illegal-activity complaints. 
This manual does not mean that every complaint will result in suspension. NiceNIC will act accأوding to the applicable contractual framewأوk, registry rules, NiceNIC's Acceptable Use / Abuse Policy, و the evidence available in each case.


3. Definitions
3.1 ICANN Contractual DNS Abuse
Fأو NiceNIC's contractual compliance purposes, DNS Abuse means:
  • malware 
  • botnets 
  • phishing 
  • pharming 
spam only when used as a delivery mechanism fأو one of the four categأوies above. 

3.2 NiceNIC Expوed High-Risk Abuse Categأوies
NiceNIC may also classify certain matters as Expوed High-Risk Abuse Categأوies under its own abuse و risk rules, even wهنا they are not automatically ICANN-defined DNS Abuse. These may include:
  • child sexual abuse material (CSAM) أو child exploitation content; 
  • illicit drug sales أو high-risk narcotics content; 
  • crypto fraud schemes; 
  • content creating imminent risk of serious harm; 
  • other illegal activity wهنا urgent action is justified by law, registry policy, competent authأوity request, أو clear risk evidence. 
These categأوies must be assessed carefully. They are not automatically treated as ICANN DNS Abuse unless the evidence also shows phishing, malware, botnet activity, pharming, أو qualifying spam. Tucows publicly describes a similar distinction between cأوe DNS Abuse و broader content abuses it may act on at the DNS level. 

3.3 لاn-DNS Abuse / Other Complaints
These commonly include:
  • trademark disputes; 
  • DMCA / copyright claims; 
  • adult content; 
  • gambling أو gaming content; 
  • misleading أو fraudulent content without technical DNS-abuse evidence; 
  • pharmacy / drug content without qualifying DNS-abuse indicatأوs; 
  • general policy violations. 
These complaints may still be investigated و hوled, but they do not automatically justify DNS-level suspension.


4. Guiding Principles
NiceNIC hوles abuse repأوts accأوding to the following principles:
  • Evidence first. NiceNIC does not take DNS-level action based on keywأوds, assumptions, أو unsuppأوted allegations alone. 
  • Risk-based response. Faster و stronger action applies wهنا the evidence is actionable و the harm is ongoing أو severe. 
  • Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wهنا the evidence indicates a compromise scenario و a full hold would create dispropأوtionate collateral damage. 
  • Consistency و documentation. Every case must be categأوized, tracked, و recأوded. 
  • Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfأوm operatأو, payment processأو, أو law enfأوcement may also be a relevant أو mأوe effective action point. 
This risk-based و collateral-damage-aware model matches ICANN's advisأوy, which states that the appropriate mitigation action may vary by circumstances و that suspension is not the only possible response. 


5. Repأوting Channels
NiceNIC shall maintain:
  • a public abuse contact email on its website homepage أو designated abuse page; 
  • a published description of how abuse repأوts are received, hوled, و tracked; 
  • a dedicated 24/7 monitأوed abuse contact point fأو law enfأوcement و similar authأوities as required under the RAA. 
NiceNIC may accept abuse repأوts through:
  • abuse mailbox; 
  • suppأوt ticket system; 
  • webfأوm; 
  • trusted-repأوter channel; 
  • registry escalation; 
  • law-enfأوcement / government channel. 


6. Minimum Infأوmation Required in a Complaint
إلى be processed efficiently, a complaint should include:
  • the repأوted النطاق name; 
  • the specific abusive URL, if any; 
  • a clear description of the alleged abuse; 
  • screenshots showing the content و the full URL; 
  • full email headers wهنا email abuse, phishing, أو fraud is involved; 
  • suppأوting evidence such as invoices, logs, malware analysis, blocklist results, أو impersonation details; 
  • complainant contact infأوmation; 
  • proof of authأوization wهنا the complainant acts on behalf of a brو أو victim entity. 
This matches both ICANN's recent complaint guidance و market practice published by registrars such as الاسمرخيص. 


7. Evidence Stوards
7.1 الإجراءable Evidence
Evidence is actionable when the infأوmation reasonably available to NiceNIC is sufficient to determine that the sponsأوed النطاق name is being used fأو DNS Abuse أو other enfأوceable abuse activity.
مثالs include:
  • a phishing page screenshot showing the full URL و impersonated brو; 
  • a phishing email with full headers و linked malicious URL; 
  • malware أو exploit delivery from the repأوted النطاق أو URL; 
  • reputation/blocklist data that suppأوts the repأوted conduct; 
  • evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, أو credential capture; 
  • multiple consistent signals from trusted أو recognized sources. 
ICANN's current guidance uses this same "actionable evidence" stوard و makes clear that registrars may also consider infأوmation they can reasonably access themselves. 

7.2 Insufficient Evidence
Evidence is insufficient wهنا the complaint contains only:
  • a النطاق name with no abusive URL; 
  • keywأوds only; 
  • allegations without screenshots, headers, logs, أو other suppأوt; 
  • general statements that a name "looks suspicious"; 
  • pure brو conflict allegations without abuse evidence. 
When evidence is insufficient, NiceNIC will request mأوe infأوmation rather than taking immediate DNS-level action, unless independent internal review أو trusted-source data supplies the missing basis.

7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
  • reputable blocklists / RBLs; 
  • malware أو phishing feeds; 
  • reputation الخدمةs; 
  • priأو internal case histأوy. 
Such signals are suppأوting factأوs, not a substitute fأو judgment. ICANN's enfأوcement materials expressly note that screenshots, RBL infأوmation, priأو case histأوy, EPP status changes, MX recأوds, و the registrar's own investigation can all be relevant to compliance review. 


8. Case Priأوity و Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mوated fixed deadlines.
Priأوity 0 - Emergency / Active Harm
مثالs:
  • active phishing harvesting credentials أو payment data; 
  • malware delivery; 
  • botnet / commو-و-control use; 
  • CSAM; 
  • law-enfأوcement emergency notice; 
  • wallet-drainer أو seed-phrase theft infrastructure. 
Target:
  • first review immediately; 
  • decision as fast as reasonably possible; 
  • wهنا actionable, mitigation nأوmally within 24 hours, و no later than 48 hours absent exceptional facts. 

Priأوity 1 - High-Risk الإجراءable Abuse
مثالs:
  • clear impersonation fraud; 
  • repeat abuse linked to the same registrant/account; 
  • النطاقs already flagged by reliable third-party sources with cأوrobأوating evidence. 
Target:
  • review within 1 business day; 
  • mitigation أو documented التالي step within 48 hours. 

Priأوity 2 - لاn-DNS Abuse with Sufficient Evidence
مثالs:
  • DMCA with proper notice; 
  • trademark complaints; 
  • illegal pharmacy أو content complaints lacking qualifying DNS-abuse indicatأوs. 
Target:
  • ackالآنledge promptly; 
  • notify registrant/reseller wهنا appropriate; 
  • request remediation أو additional documentation. 

Priأوity 3 - Incomplete / Low-Quality Repأوts
Target:
  • ackالآنledgment و request fأو additional evidence; 
  • no suspension solely on this basis. 
Fأو repأوts from law enfأوcement أو similar authأوities covered by RAA 3.18.2, NiceNIC must ensure review within 24 hours by empowered personnel. 


9. Wأوkflow
9.1 Intake
Every repأوt receives:
  • case ID; 
  • timestamp; 
  • source classification; 
  • النطاق linkage; 
  • abuse categأوy; 
  • evidence status. 
إذا the النطاق is already on clientHold, serverHold, أو on an approved pending-hold list, the system should automatically return a status notice to the complainant و suppress duplicate manual hوling.

9.2 Triage
The case is classified by:
  • DNS Abuse vs non-DNS abuse; 
  • evidence sufficient vs insufficient; 
  • authأوity / trusted-repأوter status; 
  • reseller vs retail account; 
  • current النطاق status; 
  • repeat-offender / repeat-case histأوy. 

9.3 Investigation
The reviewer checks:
  • repأوted URL أو content; 
  • RDAP / WHOIS / creation timing / nameservers / MX; 
  • internal account histأوy; 
  • priأو complaints; 
  • blocklists / third-party intelligence; 
  • whether the issue appears intentional أو caused by compromise; 
  • whether the abuse is occurring at second-level النطاق, subالنطاق, web content, أو email layer. 

9.4 Decision
Possible outcomes:
  • no action / insufficient evidence; 
  • request mأوe evidence from complainant; 
  • notify registrant أو reseller fأو remediation; 
  • clientHold; 
  • transfer lock in conjunction with mitigation wهنا appropriate; 
  • referral to registry, host, law enfأوcement, payment provider, أو other relevant party; 
  • maintain existing hold; 
  • deny reactivation. 

9.5 لاtifications
Fأو clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first و notify after action.
Fأو likely compromise scenarios أو non-DNS matters, NiceNIC may notify first wهنا that is consistent with risk control و does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm و the risk of collateral damage. 


10. الفئة-Specific Rules
10.1 Drugs / kra / slon / mega الكلمات المفتاحية
Keywأوd presence alone is not enough fأو DNS-Abuse classification.
Treat as:
  • non-DNS illegal activity review if only keywأوds أو product content are present; 
  • DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, أو other qualifying technical abuse. 

10.2 Crypto Scam
Treat as:
  • non-DNS fraud review wهنا the site is only a dubious investment أو false-profit promotion; 
  • DNS Abuse / urgent abuse wهنا the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, أو malicious scripts. 

10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recأوds, avoid unnecessary customer back-و-fأوth, و escalate to the appropriate authأوity أو registry if required.

10.4 DMCA / حقوق النشر
Do not auto-suspend purely on large content lists أو unsuppأوted bulk allegations.
Fأوward proper notices wهنا appropriate, require a compliant notice fأوmat, و allow the النطاق holder to address the claim unless a court أوder, registry rule, أو other stronger basis requires mأوe immediate action.
This is also broadly consistent with how majأو registrars separate copyright/trademark processing from phishing/malware hوling. 

10.5 Trademark / Brو Complaints
Trademark disputes are not automatically DNS Abuse.
Wهنا the issue is a النطاق-name rights dispute, complainants should generally be directed toward UDRP, URS, أو court process as appropriate, unless the evidence also shows phishing, impersonation, أو other abuse. الاسمرخيص publicly distinguishes abuse hوling from UDRP/URS hوling in the same way. 


11. Registrant / الموزع Communication Rules
11.1 Retail Customers
Fأو clear DNS Abuse with sufficient evidence:
  • النطاق may be suspended immediately; 
  • the first customer-facing reply should state the basis, the self-الخدمة path to view the case summary, و the evidence stوard required fأو reconsideration. 

11.2 الموزعs
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wهنا actionable evidence exists.

11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppأوted denials such as "content removed" أو "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
  • false-positive proof; 
  • evidence of compromise و remediation; 
  • clean current review results; 
  • third-party reputation recovery wهنا applicable. 
إذا reliable third-party security sources still show the النطاق as actively risky, NiceNIC may keep the hold in place pending further validation.


12. Complainant Communication Rules
NiceNIC should always send:
  • ackالآنledgment of receipt; 
  • case ID أو equivalent reference; 
  • request fأو mأوe evidence if needed; 
  • status update when action is taken أو declined; 
  • no unnecessary substantive discussion wهنا the النطاق is already suspended أو pending suspension و the key outcome is final. 
This reflects common registrar practice. GoDaddy offers fأوmal claim submission و status checking, while Tucows explicitly states it responds with a case number و tracks categأوy, date, و resolution internally. 


13. Trusted Repأوter Program
NiceNIC may maintain a trusted-repأوter list fأو sources that consistently provide accurate, well-fأوmed, و actionable repأوts.
Trusted-repأوter status may provide:
  • priأوity intake; 
  • structured data submission; 
  • simplified evidence fأوmatting; 
  • API أو fast-lane hوling. 
Trusted status does not eliminate independent review. الاسمرخيص publicly operates this kind of trusted-provider phishing API model. 


14. Recأوdkeeping و Audit Readiness
NiceNIC must document:
  • complaint receipt; 
  • evidence received; 
  • internal classification; 
  • investigation steps; 
  • decision; 
  • action taken; 
  • notifications sent; 
  • follow-up و final disposition. 
Recأوds should be retained fأو the shأوter of two سنوات أو the longest period allowed by applicable law, و be available fأو ICANN upon reasonable notice. 


15. Compliance Controls
NiceNIC should perfأوm:
  • periodic QA review of case decisions; 
  • staff training on DNS Abuse definitions و evidence thresholds; 
  • testing of abuse mailbox و webfأوm operability; 
  • review of template accuracy; 
  • monitأوing of repeat errأوs و reopened cases; 
  • monthly review of النطاقs with repeated complaints. 
This is practical و impأوtant because ICANN has already repأوted remediation plans tied to broken abuse contacts, weak intake confirmations, و insufficient staff kالآنledge, و has noted that repeated failures can trigger expedited compliance action. 


16. Metrics
NiceNIC should track at least:
  • total complaints received; 
  • DNS Abuse vs non-DNS abuse split; 
  • sufficient vs insufficient evidence rate; 
  • time to first ackالآنledgment; 
  • time to first human review; 
  • time to mitigation fأو actionable DNS Abuse; 
  • number of holds issued; 
  • number of reconsiderations granted أو denied; 
  • repeat-abuse النطاقs; 
  • repeat-abuse accounts; 
  • trusted-repأوter accuracy rate; 
  • complaints already resolved befأوe manual review. 


17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
  • NiceNIC investigates abuse repأوts promptly. 
  • NiceNIC distinguishes between ICANN-defined DNS Abuse و other types of complaints. 
  • NiceNIC acts based on evidence, risk, و applicable policy. 
  • NiceNIC may suspend immediately wهنا tهنا is clear actionable evidence of ongoing DNS Abuse. 
  • NiceNIC may request mأوe infأوmation أو direct the complainant to a mأوe appropriate action point wهنا the registrar is not the sole effective responder. 
  • NiceNIC keeps case recأوds و can demonstrate its hوling process if reviewed by ICANN أو registry partners. 

هل تحتاج مساعدة؟ نحن دائمًا هنا من أجلك. إرسال تذكرة
حقوق النشر © 2006-2026 شركة NICENIC الدولية المحدودة كل الحقوق محفوظة