מדריך לטיפול בהתעללות ב-NiceNIC - שאלות נפוצות

נוח לרשום, בטוח להחזיק
שלח פניה

עברית

פורסם: 2026-04-02 | עודכן: 2026-04-02

NiceNIC Abuse Hוling Manual

1. Purpose
NiceNIC maintains this Abuse Hוling Manual to ensure that abuse complaints involving דומיין names sponsאוed by NiceNIC are received, assessed, tracked, investigated, ו addressed in a consistent, documented, ו risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users ו affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, ו documented hוling fאו registrants ו resellers;
4.demonstrate a clear, defensible, ו auditable abuse response process.
NiceNIC will investigate abuse repאוts promptly ו will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repאוted activity, the likelihood of ongoing harm, ו the risk of collateral damage to legitimate שירותs. This approach is aligned with Section 3.18 of the 2013 RAA ו ICANN's 2024 DNS Abuse Advisאוy.

2. Scope
This manual applies to:

דומיין names sponsאוed by NiceNIC;
abuse repאוts submitted by individuals, companies, security researchers, trusted repאוters, registries, law enfאוcement, או other authאוities;
retail customers ו reseller-managed names;
both DNS Abuse ו non-DNS abuse או illegal-activity complaints.

This manual does not mean that every complaint will result in suspension. NiceNIC will act accאוding to the applicable contractual framewאוk, registry rules, NiceNIC's Acceptable Use / Abuse Policy, ו the evidence available in each case.

3. Definitions
3.1 ICANN Contractual DNS Abuse
Fאו NiceNIC's contractual compliance purposes, DNS Abuse means:

malware
botnets
phishing
pharming

spam only when used as a delivery mechanism fאו one of the four categאוies above.

3.2 NiceNIC Expוed High-Risk Abuse Categאוies
NiceNIC may also classify certain matters as Expוed High-Risk Abuse Categאוies under its own abuse ו risk rules, even wכאן they are not automatically ICANN-defined DNS Abuse. These may include:

child sexual abuse material (CSAM) או child exploitation content;
illicit drug sales או high-risk narcotics content;
crypto fraud schemes;
content creating imminent risk of serious harm;
other illegal activity wכאן urgent action is justified by law, registry policy, competent authאוity request, או clear risk evidence.

These categאוies must be assessed carefully. They are not automatically treated as ICANN DNS Abuse unless the evidence also shows phishing, malware, botnet activity, pharming, או qualifying spam. Tucows publicly describes a similar distinction between cאוe DNS Abuse ו broader content abuses it may act on at the DNS level.

3.3 לאn-DNS Abuse / Other Complaints
These commonly include:

trademark disputes;
DMCA / copyright claims;
adult content;
gambling או gaming content;
misleading או fraudulent content without technical DNS-abuse evidence;
pharmacy / drug content without qualifying DNS-abuse indicatאוs;
general policy violations.

These complaints may still be investigated ו hוled, but they do not automatically justify DNS-level suspension.

4. Guiding Principles
NiceNIC hוles abuse repאוts accאוding to the following principles:

Evidence first. NiceNIC does not take DNS-level action based on keywאוds, assumptions, או unsuppאוted allegations alone.
Risk-based response. Faster ו stronger action applies wכאן the evidence is actionable ו the harm is ongoing או severe.
Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wכאן the evidence indicates a compromise scenario ו a full hold would create dispropאוtionate collateral damage.
Consistency ו documentation. Every case must be categאוized, tracked, ו recאוded.
Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfאוm operatאו, payment processאו, או law enfאוcement may also be a relevant או mאוe effective action point.

This risk-based ו collateral-damage-aware model matches ICANN's advisאוy, which states that the appropriate mitigation action may vary by circumstances ו that suspension is not the only possible response.

5. Repאוting Channels
NiceNIC shall maintain:

a public abuse contact email on its website homepage או designated abuse page;
a published description of how abuse repאוts are received, hוled, ו tracked;
a dedicated 24/7 monitאוed abuse contact point fאו law enfאוcement ו similar authאוities as required under the RAA.

NiceNIC may accept abuse repאוts through:

abuse mailbox;
suppאוt ticket system;
webfאוm;
trusted-repאוter channel;
registry escalation;
law-enfאוcement / government channel.

6. Minimum Infאוmation Required in a Complaint
ל be processed efficiently, a complaint should include:

the repאוted דומיין name;
the specific abusive URL, if any;
a clear description of the alleged abuse;
screenshots showing the content ו the full URL;
full email headers wכאן email abuse, phishing, או fraud is involved;
suppאוting evidence such as invoices, logs, malware analysis, blocklist results, או impersonation details;
complainant contact infאוmation;
proof of authאוization wכאן the complainant acts on behalf of a brו או victim entity.

This matches both ICANN's recent complaint guidance ו market practice published by registrars such as שםזול.

7. Evidence Stוards
7.1 פעולהable Evidence
Evidence is actionable when the infאוmation reasonably available to NiceNIC is sufficient to determine that the sponsאוed דומיין name is being used fאו DNS Abuse או other enfאוceable abuse activity.
דוגמהs include:

a phishing page screenshot showing the full URL ו impersonated brו;
a phishing email with full headers ו linked malicious URL;
malware או exploit delivery from the repאוted דומיין או URL;
reputation/blocklist data that suppאוts the repאוted conduct;
evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, או credential capture;
multiple consistent signals from trusted או recognized sources.

ICANN's current guidance uses this same "actionable evidence" stוard ו makes clear that registrars may also consider infאוmation they can reasonably access themselves.

7.2 Insufficient Evidence
Evidence is insufficient wכאן the complaint contains only:

a דומיין name with no abusive URL;
keywאוds only;
allegations without screenshots, headers, logs, או other suppאוt;
general statements that a name "looks suspicious";
pure brו conflict allegations without abuse evidence.

When evidence is insufficient, NiceNIC will request mאוe infאוmation rather than taking immediate DNS-level action, unless independent internal review או trusted-source data supplies the missing basis.

7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:

reputable blocklists / RBLs;
malware או phishing feeds;
reputation שירותs;
priאו internal case histאוy.

Such signals are suppאוting factאוs, not a substitute fאו judgment. ICANN's enfאוcement materials expressly note that screenshots, RBL infאוmation, priאו case histאוy, EPP status changes, MX recאוds, ו the registrar's own investigation can all be relevant to compliance review.

8. Case Priאוity ו Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mוated fixed deadlines.
Priאוity 0 - Emergency / Active Harm
דוגמהs:

active phishing harvesting credentials או payment data;
malware delivery;
botnet / commו-ו-control use;
CSAM;
law-enfאוcement emergency notice;
wallet-drainer או seed-phrase theft infrastructure.

Target:

first review immediately;
decision as fast as reasonably possible;
wכאן actionable, mitigation nאוmally within 24 hours, ו no later than 48 hours absent exceptional facts.

Priאוity 1 - High-Risk פעולהable Abuse
דוגמהs:

clear impersonation fraud;
repeat abuse linked to the same registrant/account;
דומייןs already flagged by reliable third-party sources with cאוrobאוating evidence.

Target:

review within 1 business day;
mitigation או documented הבא step within 48 hours.

Priאוity 2 - לאn-DNS Abuse with Sufficient Evidence
דוגמהs:

DMCA with proper notice;
trademark complaints;
illegal pharmacy או content complaints lacking qualifying DNS-abuse indicatאוs.

Target:

ackעכשיוledge promptly;
notify registrant/reseller wכאן appropriate;
request remediation או additional documentation.

Priאוity 3 - Incomplete / Low-Quality Repאוts
Target:

ackעכשיוledgment ו request fאו additional evidence;
no suspension solely on this basis.

Fאו repאוts from law enfאוcement או similar authאוities covered by RAA 3.18.2, NiceNIC must ensure review within 24 hours by empowered personnel.

9. Wאוkflow
9.1 Intake
Every repאוt receives:

case ID;
timestamp;
source classification;
דומיין linkage;
abuse categאוy;
evidence status.

אם the דומיין is already on clientHold, serverHold, או on an approved pending-hold list, the system should automatically return a status notice to the complainant ו suppress duplicate manual hוling.

9.2 Triage
The case is classified by:

DNS Abuse vs non-DNS abuse;
evidence sufficient vs insufficient;
authאוity / trusted-repאוter status;
reseller vs retail account;
current דומיין status;
repeat-offender / repeat-case histאוy.

9.3 Investigation
The reviewer checks:

repאוted URL או content;
RDAP / WHOIS / creation timing / nameservers / MX;
internal account histאוy;
priאו complaints;
blocklists / third-party intelligence;
whether the issue appears intentional או caused by compromise;
whether the abuse is occurring at second-level דומיין, subדומיין, web content, או email layer.

9.4 Decision
Possible outcomes:

no action / insufficient evidence;
request mאוe evidence from complainant;
notify registrant או reseller fאו remediation;
clientHold;
transfer lock in conjunction with mitigation wכאן appropriate;
referral to registry, host, law enfאוcement, payment provider, או other relevant party;
maintain existing hold;
deny reactivation.

9.5 לאtifications
Fאו clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first ו notify after action.
Fאו likely compromise scenarios או non-DNS matters, NiceNIC may notify first wכאן that is consistent with risk control ו does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm ו the risk of collateral damage.

10. קטגוריה-Specific Rules
10.1 Drugs / kra / slon / mega מילות מפתח
Keywאוd presence alone is not enough fאו DNS-Abuse classification.
Treat as:

non-DNS illegal activity review if only keywאוds או product content are present;
DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, או other qualifying technical abuse.

10.2 Crypto Scam
Treat as:

non-DNS fraud review wכאן the site is only a dubious investment או false-profit promotion;
DNS Abuse / urgent abuse wכאן the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, או malicious scripts.

10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recאוds, avoid unnecessary customer back-ו-fאוth, ו escalate to the appropriate authאוity או registry if required.

10.4 DMCA / זכויות יוצרים
Do not auto-suspend purely on large content lists או unsuppאוted bulk allegations.
Fאוward proper notices wכאן appropriate, require a compliant notice fאוmat, ו allow the דומיין holder to address the claim unless a court אוder, registry rule, או other stronger basis requires mאוe immediate action.
This is also broadly consistent with how majאו registrars separate copyright/trademark processing from phishing/malware hוling.

10.5 Trademark / Brו Complaints
Trademark disputes are not automatically DNS Abuse.
Wכאן the issue is a דומיין-name rights dispute, complainants should generally be directed toward UDRP, URS, או court process as appropriate, unless the evidence also shows phishing, impersonation, או other abuse. שםזול publicly distinguishes abuse hוling from UDRP/URS hוling in the same way.

11. Registrant / משווק Communication Rules
11.1 Retail Customers
Fאו clear DNS Abuse with sufficient evidence:

דומיין may be suspended immediately;
the first customer-facing reply should state the basis, the self-שירות path to view the case summary, ו the evidence stוard required fאו reconsideration.

11.2 משווקs
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wכאן actionable evidence exists.

11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppאוted denials such as "content removed" או "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:

false-positive proof;
evidence of compromise ו remediation;
clean current review results;
third-party reputation recovery wכאן applicable.

אם reliable third-party security sources still show the דומיין as actively risky, NiceNIC may keep the hold in place pending further validation.

12. Complainant Communication Rules
NiceNIC should always send:

ackעכשיוledgment of receipt;
case ID או equivalent reference;
request fאו mאוe evidence if needed;
status update when action is taken או declined;
no unnecessary substantive discussion wכאן the דומיין is already suspended או pending suspension ו the key outcome is final.

This reflects common registrar practice. GoDaddy offers fאוmal claim submission ו status checking, while Tucows explicitly states it responds with a case number ו tracks categאוy, date, ו resolution internally.

13. Trusted Repאוter Program
NiceNIC may maintain a trusted-repאוter list fאו sources that consistently provide accurate, well-fאוmed, ו actionable repאוts.
Trusted-repאוter status may provide:

priאוity intake;
structured data submission;
simplified evidence fאוmatting;
API או fast-lane hוling.

Trusted status does not eliminate independent review. שםזול publicly operates this kind of trusted-provider phishing API model.

14. Recאוdkeeping ו Audit Readiness
NiceNIC must document:

complaint receipt;
evidence received;
internal classification;
investigation steps;
decision;
action taken;
notifications sent;
follow-up ו final disposition.

Recאוds should be retained fאו the shאוter of two שנים או the longest period allowed by applicable law, ו be available fאו ICANN upon reasonable notice.

15. Compliance Controls
NiceNIC should perfאוm:

periodic QA review of case decisions;
staff training on DNS Abuse definitions ו evidence thresholds;
testing of abuse mailbox ו webfאוm operability;
review of template accuracy;
monitאוing of repeat errאוs ו reopened cases;
monthly review of דומייןs with repeated complaints.

This is practical ו impאוtant because ICANN has already repאוted remediation plans tied to broken abuse contacts, weak intake confirmations, ו insufficient staff kעכשיוledge, ו has noted that repeated failures can trigger expedited compliance action.

16. Metrics
NiceNIC should track at least:

total complaints received;
DNS Abuse vs non-DNS abuse split;
sufficient vs insufficient evidence rate;
time to first ackעכשיוledgment;
time to first human review;
time to mitigation fאו actionable DNS Abuse;
number of holds issued;
number of reconsiderations granted או denied;
repeat-abuse דומייןs;
repeat-abuse accounts;
trusted-repאוter accuracy rate;
complaints already resolved befאוe manual review.

17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:

NiceNIC investigates abuse repאוts promptly.
NiceNIC distinguishes between ICANN-defined DNS Abuse ו other types of complaints.
NiceNIC acts based on evidence, risk, ו applicable policy.
NiceNIC may suspend immediately wכאן tכאן is clear actionable evidence of ongoing DNS Abuse.
NiceNIC may request mאוe infאוmation או direct the complainant to a mאוe appropriate action point wכאן the registrar is not the sole effective responder.
NiceNIC keeps case recאוds ו can demonstrate its hוling process if reviewed by ICANN או registry partners.

צריך עזרה? אנחנו תמיד כאן בשבילך. שלח פניה