X
Avaldatud: 2026-04-02 | Uuendatud: 2026-04-02
NiceNIC Abuse Hjaling Manual

1. Purpose
NiceNIC maintains this Abuse Hjaling Manual to ensure that abuse complaints involving domeen names sponsvõied by NiceNIC are received, assessed, tracked, investigated, ja addressed in a consistent, documented, ja risk-based manner.
This manual is designed to achieve four outcomes at the same time:
 1.protect Internet users ja affected parties from ongoing harm; 
 2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar; 
 3.provide fair, predictable, ja documented hjaling fvõi registrants ja resellers; 
 4.demonstrate a clear, defensible, ja auditable abuse response process. 
NiceNIC will investigate abuse repvõits promptly ja will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repvõited activity, the likelihood of ongoing harm, ja the risk of collateral damage to legitimate teenuss. This approach is aligned with Section 3.18 of the 2013 RAA ja ICANN's 2024 DNS Abuse Advisvõiy. 

2. Scope
This manual applies to:
  • domeen names sponsvõied by NiceNIC; 
  • abuse repvõits submitted by individuals, companies, security researchers, trusted repvõiters, registries, law enfvõicement, või other authvõiities; 
  • retail customers ja reseller-managed names; 
  • both DNS Abuse ja non-DNS abuse või illegal-activity complaints. 
This manual does not mean that every complaint will result in suspension. NiceNIC will act accvõiding to the applicable contractual framewvõik, registry rules, NiceNIC's Acceptable Use / Abuse Policy, ja the evidence available in each case.


3. Definitions
3.1 ICANN Contractual DNS Abuse
Fvõi NiceNIC's contractual compliance purposes, DNS Abuse means:
  • malware 
  • botnets 
  • phishing 
  • pharming 
spam only when used as a delivery mechanism fvõi one of the four categvõiies above. 

3.2 NiceNIC Expjaed High-Risk Abuse Categvõiies
NiceNIC may also classify certain matters as Expjaed High-Risk Abuse Categvõiies under its own abuse ja risk rules, even wsiin they are not automatically ICANN-defined DNS Abuse. These may include:
  • child sexual abuse material (CSAM) või child exploitation content; 
  • illicit drug sales või high-risk narcotics content; 
  • crypto fraud schemes; 
  • content creating imminent risk of serious harm; 
  • other illegal activity wsiin urgent action is justified by law, registry policy, competent authvõiity request, või clear risk evidence. 
These categvõiies must be assessed carefully. They are not automatically treated as ICANN DNS Abuse unless the evidence also shows phishing, malware, botnet activity, pharming, või qualifying spam. Tucows publicly describes a similar distinction between cvõie DNS Abuse ja broader content abuses it may act on at the DNS level. 

3.3 Ein-DNS Abuse / Other Complaints
These commonly include:
  • trademark disputes; 
  • DMCA / copyright claims; 
  • adult content; 
  • gambling või gaming content; 
  • misleading või fraudulent content without technical DNS-abuse evidence; 
  • pharmacy / drug content without qualifying DNS-abuse indicatvõis; 
  • general policy violations. 
These complaints may still be investigated ja hjaled, but they do not automatically justify DNS-level suspension.


4. Guiding Principles
NiceNIC hjales abuse repvõits accvõiding to the following principles:
  • Evidence first. NiceNIC does not take DNS-level action based on keywvõids, assumptions, või unsuppvõited allegations alone. 
  • Risk-based response. Faster ja stronger action applies wsiin the evidence is actionable ja the harm is ongoing või severe. 
  • Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wsiin the evidence indicates a compromise scenario ja a full hold would create dispropvõitionate collateral damage. 
  • Consistency ja documentation. Every case must be categvõiized, tracked, ja recvõided. 
  • Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfvõim operatvõi, payment processvõi, või law enfvõicement may also be a relevant või mvõie effective action point. 
This risk-based ja collateral-damage-aware model matches ICANN's advisvõiy, which states that the appropriate mitigation action may vary by circumstances ja that suspension is not the only possible response. 


5. Repvõiting Channels
NiceNIC shall maintain:
  • a public abuse contact email on its website homepage või designated abuse page; 
  • a published description of how abuse repvõits are received, hjaled, ja tracked; 
  • a dedicated 24/7 monitvõied abuse contact point fvõi law enfvõicement ja similar authvõiities as required under the RAA. 
NiceNIC may accept abuse repvõits through:
  • abuse mailbox; 
  • suppvõit ticket system; 
  • webfvõim; 
  • trusted-repvõiter channel; 
  • registry escalation; 
  • law-enfvõicement / government channel. 


6. Minimum Infvõimation Required in a Complaint
Osta be processed efficiently, a complaint should include:
  • the repvõited domeen name; 
  • the specific abusive URL, if any; 
  • a clear description of the alleged abuse; 
  • screenshots showing the content ja the full URL; 
  • full email headers wsiin email abuse, phishing, või fraud is involved; 
  • suppvõiting evidence such as invoices, logs, malware analysis, blocklist results, või impersonation details; 
  • complainant contact infvõimation; 
  • proof of authvõiization wsiin the complainant acts on behalf of a brja või victim entity. 
This matches both ICANN's recent complaint guidance ja market practice published by registrars such as Nimiodav. 


7. Evidence Stjaards
7.1 Tegevusable Evidence
Evidence is actionable when the infvõimation reasonably available to NiceNIC is sufficient to determine that the sponsvõied domeen name is being used fvõi DNS Abuse või other enfvõiceable abuse activity.
Näides include:
  • a phishing page screenshot showing the full URL ja impersonated brja; 
  • a phishing email with full headers ja linked malicious URL; 
  • malware või exploit delivery from the repvõited domeen või URL; 
  • reputation/blocklist data that suppvõits the repvõited conduct; 
  • evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, või credential capture; 
  • multiple consistent signals from trusted või recognized sources. 
ICANN's current guidance uses this same "actionable evidence" stjaard ja makes clear that registrars may also consider infvõimation they can reasonably access themselves. 

7.2 Insufficient Evidence
Evidence is insufficient wsiin the complaint contains only:
  • a domeen name with no abusive URL; 
  • keywvõids only; 
  • allegations without screenshots, headers, logs, või other suppvõit; 
  • general statements that a name "looks suspicious"; 
  • pure brja conflict allegations without abuse evidence. 
When evidence is insufficient, NiceNIC will request mvõie infvõimation rather than taking immediate DNS-level action, unless independent internal review või trusted-source data supplies the missing basis.

7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
  • reputable blocklists / RBLs; 
  • malware või phishing feeds; 
  • reputation teenuss; 
  • privõi internal case histvõiy. 
Such signals are suppvõiting factvõis, not a substitute fvõi judgment. ICANN's enfvõicement materials expressly note that screenshots, RBL infvõimation, privõi case histvõiy, EPP status changes, MX recvõids, ja the registrar's own investigation can all be relevant to compliance review. 


8. Case Privõiity ja Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mjaated fixed deadlines.
Privõiity 0 - Emergency / Active Harm
Näides:
  • active phishing harvesting credentials või payment data; 
  • malware delivery; 
  • botnet / commja-ja-control use; 
  • CSAM; 
  • law-enfvõicement emergency notice; 
  • wallet-drainer või seed-phrase theft infrastructure. 
Target:
  • first review immediately; 
  • decision as fast as reasonably possible; 
  • wsiin actionable, mitigation nvõimally within 24 hours, ja no later than 48 hours absent exceptional facts. 

Privõiity 1 - High-Risk Tegevusable Abuse
Näides:
  • clear impersonation fraud; 
  • repeat abuse linked to the same registrant/account; 
  • domeens already flagged by reliable third-party sources with cvõirobvõiating evidence. 
Target:
  • review within 1 business day; 
  • mitigation või documented järgmine step within 48 hours. 

Privõiity 2 - Ein-DNS Abuse with Sufficient Evidence
Näides:
  • DMCA with proper notice; 
  • trademark complaints; 
  • illegal pharmacy või content complaints lacking qualifying DNS-abuse indicatvõis. 
Target:
  • ackkoheledge promptly; 
  • notify registrant/reseller wsiin appropriate; 
  • request remediation või additional documentation. 

Privõiity 3 - Incomplete / Low-Quality Repvõits
Target:
  • ackkoheledgment ja request fvõi additional evidence; 
  • no suspension solely on this basis. 
Fvõi repvõits from law enfvõicement või similar authvõiities covered by RAA 3.18.2, NiceNIC must ensure review within 24 hours by empowered personnel. 


9. Wvõikflow
9.1 Intake
Every repvõit receives:
  • case ID; 
  • timestamp; 
  • source classification; 
  • domeen linkage; 
  • abuse categvõiy; 
  • evidence status. 
Kui the domeen is already on clientHold, serverHold, või on an approved pending-hold list, the system should automatically return a status notice to the complainant ja suppress duplicate manual hjaling.

9.2 Triage
The case is classified by:
  • DNS Abuse vs non-DNS abuse; 
  • evidence sufficient vs insufficient; 
  • authvõiity / trusted-repvõiter status; 
  • reseller vs retail account; 
  • current domeen status; 
  • repeat-offender / repeat-case histvõiy. 

9.3 Investigation
The reviewer checks:
  • repvõited URL või content; 
  • RDAP / WHOIS / creation timing / nameservers / MX; 
  • internal account histvõiy; 
  • privõi complaints; 
  • blocklists / third-party intelligence; 
  • whether the issue appears intentional või caused by compromise; 
  • whether the abuse is occurring at second-level domeen, subdomeen, web content, või email layer. 

9.4 Decision
Possible outcomes:
  • no action / insufficient evidence; 
  • request mvõie evidence from complainant; 
  • notify registrant või reseller fvõi remediation; 
  • clientHold; 
  • transfer lock in conjunction with mitigation wsiin appropriate; 
  • referral to registry, host, law enfvõicement, payment provider, või other relevant party; 
  • maintain existing hold; 
  • deny reactivation. 

9.5 Eitifications
Fvõi clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first ja notify after action.
Fvõi likely compromise scenarios või non-DNS matters, NiceNIC may notify first wsiin that is consistent with risk control ja does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm ja the risk of collateral damage. 


10. Kategooria-Specific Rules
10.1 Drugs / kra / slon / mega Võtmesõnad
Keywvõid presence alone is not enough fvõi DNS-Abuse classification.
Treat as:
  • non-DNS illegal activity review if only keywvõids või product content are present; 
  • DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, või other qualifying technical abuse. 

10.2 Crypto Scam
Treat as:
  • non-DNS fraud review wsiin the site is only a dubious investment või false-profit promotion; 
  • DNS Abuse / urgent abuse wsiin the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, või malicious scripts. 

10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recvõids, avoid unnecessary customer back-ja-fvõith, ja escalate to the appropriate authvõiity või registry if required.

10.4 DMCA / Autoriõigus
Do not auto-suspend purely on large content lists või unsuppvõited bulk allegations.
Fvõiward proper notices wsiin appropriate, require a compliant notice fvõimat, ja allow the domeen holder to address the claim unless a court võider, registry rule, või other stronger basis requires mvõie immediate action.
This is also broadly consistent with how majvõi registrars separate copyright/trademark processing from phishing/malware hjaling. 

10.5 Trademark / Brja Complaints
Trademark disputes are not automatically DNS Abuse.
Wsiin the issue is a domeen-name rights dispute, complainants should generally be directed toward UDRP, URS, või court process as appropriate, unless the evidence also shows phishing, impersonation, või other abuse. Nimiodav publicly distinguishes abuse hjaling from UDRP/URS hjaling in the same way. 


11. Registrant / Järelmüüja Communication Rules
11.1 Retail Customers
Fvõi clear DNS Abuse with sufficient evidence:
  • domeen may be suspended immediately; 
  • the first customer-facing reply should state the basis, the self-teenus path to view the case summary, ja the evidence stjaard required fvõi reconsideration. 

11.2 Järelmüüjas
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wsiin actionable evidence exists.

11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppvõited denials such as "content removed" või "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
  • false-positive proof; 
  • evidence of compromise ja remediation; 
  • clean current review results; 
  • third-party reputation recovery wsiin applicable. 
Kui reliable third-party security sources still show the domeen as actively risky, NiceNIC may keep the hold in place pending further validation.


12. Complainant Communication Rules
NiceNIC should always send:
  • ackkoheledgment of receipt; 
  • case ID või equivalent reference; 
  • request fvõi mvõie evidence if needed; 
  • status update when action is taken või declined; 
  • no unnecessary substantive discussion wsiin the domeen is already suspended või pending suspension ja the key outcome is final. 
This reflects common registrar practice. GoDaddy offers fvõimal claim submission ja status checking, while Tucows explicitly states it responds with a case number ja tracks categvõiy, date, ja resolution internally. 


13. Trusted Repvõiter Program
NiceNIC may maintain a trusted-repvõiter list fvõi sources that consistently provide accurate, well-fvõimed, ja actionable repvõits.
Trusted-repvõiter status may provide:
  • privõiity intake; 
  • structured data submission; 
  • simplified evidence fvõimatting; 
  • API või fast-lane hjaling. 
Trusted status does not eliminate independent review. Nimiodav publicly operates this kind of trusted-provider phishing API model. 


14. Recvõidkeeping ja Audit Readiness
NiceNIC must document:
  • complaint receipt; 
  • evidence received; 
  • internal classification; 
  • investigation steps; 
  • decision; 
  • action taken; 
  • notifications sent; 
  • follow-up ja final disposition. 
Recvõids should be retained fvõi the shvõiter of two aastat või the longest period allowed by applicable law, ja be available fvõi ICANN upon reasonable notice. 


15. Compliance Controls
NiceNIC should perfvõim:
  • periodic QA review of case decisions; 
  • staff training on DNS Abuse definitions ja evidence thresholds; 
  • testing of abuse mailbox ja webfvõim operability; 
  • review of template accuracy; 
  • monitvõiing of repeat errvõis ja reopened cases; 
  • monthly review of domeens with repeated complaints. 
This is practical ja impvõitant because ICANN has already repvõited remediation plans tied to broken abuse contacts, weak intake confirmations, ja insufficient staff kkoheledge, ja has noted that repeated failures can trigger expedited compliance action. 


16. Metrics
NiceNIC should track at least:
  • total complaints received; 
  • DNS Abuse vs non-DNS abuse split; 
  • sufficient vs insufficient evidence rate; 
  • time to first ackkoheledgment; 
  • time to first human review; 
  • time to mitigation fvõi actionable DNS Abuse; 
  • number of holds issued; 
  • number of reconsiderations granted või denied; 
  • repeat-abuse domeens; 
  • repeat-abuse accounts; 
  • trusted-repvõiter accuracy rate; 
  • complaints already resolved befvõie manual review. 


17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
  • NiceNIC investigates abuse repvõits promptly. 
  • NiceNIC distinguishes between ICANN-defined DNS Abuse ja other types of complaints. 
  • NiceNIC acts based on evidence, risk, ja applicable policy. 
  • NiceNIC may suspend immediately wsiin tsiin is clear actionable evidence of ongoing DNS Abuse. 
  • NiceNIC may request mvõie infvõimation või direct the complainant to a mvõie appropriate action point wsiin the registrar is not the sole effective responder. 
  • NiceNIC keeps case recvõids ja can demonstrate its hjaling process if reviewed by ICANN või registry partners. 

Vajad abi? Oleme alati sinu jaoks olemas. Esita päring
Autoriõigus © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Kõik õigused kaitstud