NiceNIC-ის სანდოობის მაკონტროლებელი მანდატი - ხშირად დასმული კითხვები

გამოქვეყნებული: 2026-04-02 | განახლებული: 2026-04-02

NiceNIC Abuse Hდაling Manual

1. Purpose
NiceNIC maintains this Abuse Hდაling Manual to ensure that abuse complaints involving დომენი names sponsანed by NiceNIC are received, assessed, tracked, investigated, და addressed in a consistent, documented, და risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users და affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, და documented hდაling fან registrants და resellers;
4.demonstrate a clear, defensible, და auditable abuse response process.
NiceNIC will investigate abuse repანts promptly და will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repანted activity, the likelihood of ongoing harm, და the risk of collateral damage to legitimate სერვისიs. This approach is aligned with Section 3.18 of the 2013 RAA და ICANN's 2024 DNS Abuse Advisანy.

2. Scope
This manual applies to:

დომენი names sponsანed by NiceNIC;
abuse repანts submitted by individuals, companies, security researchers, trusted repანters, registries, law enfანcement, ან other authანities;
retail customers და reseller-managed names;
both DNS Abuse და non-DNS abuse ან illegal-activity complaints.

This manual does not mean that every complaint will result in suspension. NiceNIC will act accანding to the applicable contractual framewანk, registry rules, NiceNIC's Acceptable Use / Abuse Policy, და the evidence available in each case.

3. Definitions
3.1 ICANN Contractual DNS Abuse
Fან NiceNIC's contractual compliance purposes, DNS Abuse means:

malware
botnets
phishing
pharming

spam only when used as a delivery mechanism fან one of the four categანies above.

3.2 NiceNIC Expდაed High-Risk Abuse Categანies
NiceNIC may also classify certain matters as Expდაed High-Risk Abuse Categანies under its own abuse და risk rules, even wაქ they are not automatically ICANN-defined DNS Abuse. These may include:

child sexual abuse material (CSAM) ან child exploitation content;
illicit drug sales ან high-risk narcotics content;
crypto fraud schemes;
content creating imminent risk of serious harm;
other illegal activity wაქ urgent action is justified by law, registry policy, competent authანity request, ან clear risk evidence.

These categანies must be assessed carefully. They are not automatically treated as ICANN DNS Abuse unless the evidence also shows phishing, malware, botnet activity, pharming, ან qualifying spam. Tucows publicly describes a similar distinction between cანe DNS Abuse და broader content abuses it may act on at the DNS level.

3.3 არაn-DNS Abuse / Other Complaints
These commonly include:

trademark disputes;
DMCA / copyright claims;
adult content;
gambling ან gaming content;
misleading ან fraudulent content without technical DNS-abuse evidence;
pharmacy / drug content without qualifying DNS-abuse indicatანs;
general policy violations.

These complaints may still be investigated და hდაled, but they do not automatically justify DNS-level suspension.

4. Guiding Principles
NiceNIC hდაles abuse repანts accანding to the following principles:

Evidence first. NiceNIC does not take DNS-level action based on keywანds, assumptions, ან unsuppანted allegations alone.
Risk-based response. Faster და stronger action applies wაქ the evidence is actionable და the harm is ongoing ან severe.
Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wაქ the evidence indicates a compromise scenario და a full hold would create dispropანtionate collateral damage.
Consistency და documentation. Every case must be categანized, tracked, და recანded.
Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfანm operatან, payment processან, ან law enfანcement may also be a relevant ან mანe effective action point.

This risk-based და collateral-damage-aware model matches ICANN's advisანy, which states that the appropriate mitigation action may vary by circumstances და that suspension is not the only possible response.

5. Repანting Channels
NiceNIC shall maintain:

a public abuse contact email on its website homepage ან designated abuse page;
a published description of how abuse repანts are received, hდაled, და tracked;
a dedicated 24/7 monitანed abuse contact point fან law enfანcement და similar authანities as required under the RAA.

NiceNIC may accept abuse repანts through:

abuse mailbox;
suppანt ticket system;
webfანm;
trusted-repანter channel;
registry escalation;
law-enfანcement / government channel.

6. Minimum Infანmation Required in a Complaint
შესაძენად be processed efficiently, a complaint should include:

the repანted დომენი name;
the specific abusive URL, if any;
a clear description of the alleged abuse;
screenshots showing the content და the full URL;
full email headers wაქ email abuse, phishing, ან fraud is involved;
suppანting evidence such as invoices, logs, malware analysis, blocklist results, ან impersonation details;
complainant contact infანmation;
proof of authანization wაქ the complainant acts on behalf of a brდა ან victim entity.

This matches both ICANN's recent complaint guidance და market practice published by registrars such as სახელიძვირიცხი.

7. Evidence Stდაards
7.1 მოქმედებაable Evidence
Evidence is actionable when the infანmation reasonably available to NiceNIC is sufficient to determine that the sponsანed დომენი name is being used fან DNS Abuse ან other enfანceable abuse activity.
მაგალითიs include:

a phishing page screenshot showing the full URL და impersonated brდა;
a phishing email with full headers და linked malicious URL;
malware ან exploit delivery from the repანted დომენი ან URL;
reputation/blocklist data that suppანts the repანted conduct;
evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, ან credential capture;
multiple consistent signals from trusted ან recognized sources.

ICANN's current guidance uses this same "actionable evidence" stდაard და makes clear that registrars may also consider infანmation they can reasonably access themselves.

7.2 Insufficient Evidence
Evidence is insufficient wაქ the complaint contains only:

a დომენი name with no abusive URL;
keywანds only;
allegations without screenshots, headers, logs, ან other suppანt;
general statements that a name "looks suspicious";
pure brდა conflict allegations without abuse evidence.

When evidence is insufficient, NiceNIC will request mანe infანmation rather than taking immediate DNS-level action, unless independent internal review ან trusted-source data supplies the missing basis.

7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:

reputable blocklists / RBLs;
malware ან phishing feeds;
reputation სერვისიs;
priან internal case histანy.

Such signals are suppანting factანs, not a substitute fან judgment. ICANN's enfანcement materials expressly note that screenshots, RBL infანmation, priან case histანy, EPP status changes, MX recანds, და the registrar's own investigation can all be relevant to compliance review.

8. Case Priანity და Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mდაated fixed deadlines.
Priანity 0 - Emergency / Active Harm
მაგალითიs:

active phishing harvesting credentials ან payment data;
malware delivery;
botnet / commდა-და-control use;
CSAM;
law-enfანcement emergency notice;
wallet-drainer ან seed-phrase theft infrastructure.

Target:

first review immediately;
decision as fast as reasonably possible;
wაქ actionable, mitigation nანmally within 24 hours, და no later than 48 hours absent exceptional facts.

Priანity 1 - High-Risk მოქმედებაable Abuse
მაგალითიs:

clear impersonation fraud;
repeat abuse linked to the same registrant/account;
დომენიs already flagged by reliable third-party sources with cანrobანating evidence.

Target:

review within 1 business day;
mitigation ან documented შემდეგი step within 48 hours.

Priანity 2 - არაn-DNS Abuse with Sufficient Evidence
მაგალითიs:

DMCA with proper notice;
trademark complaints;
illegal pharmacy ან content complaints lacking qualifying DNS-abuse indicatანs.

Target:

ackახლაledge promptly;
notify registrant/reseller wაქ appropriate;
request remediation ან additional documentation.

Priანity 3 - Incomplete / Low-Quality Repანts
Target:

ackახლაledgment და request fან additional evidence;
no suspension solely on this basis.

Fან repანts from law enfანcement ან similar authანities covered by RAA 3.18.2, NiceNIC must ensure review within 24 hours by empowered personnel.

9. Wანkflow
9.1 Intake
Every repანt receives:

case ID;
timestamp;
source classification;
დომენი linkage;
abuse categანy;
evidence status.

თუ the დომენი is already on clientHold, serverHold, ან on an approved pending-hold list, the system should automatically return a status notice to the complainant და suppress duplicate manual hდაling.

9.2 Triage
The case is classified by:

DNS Abuse vs non-DNS abuse;
evidence sufficient vs insufficient;
authანity / trusted-repანter status;
reseller vs retail account;
current დომენი status;
repeat-offender / repeat-case histანy.

9.3 Investigation
The reviewer checks:

repანted URL ან content;
RDAP / WHOIS / creation timing / nameservers / MX;
internal account histანy;
priან complaints;
blocklists / third-party intelligence;
whether the issue appears intentional ან caused by compromise;
whether the abuse is occurring at second-level დომენი, subდომენი, web content, ან email layer.

9.4 Decision
Possible outcomes:

no action / insufficient evidence;
request mანe evidence from complainant;
notify registrant ან reseller fან remediation;
clientHold;
transfer lock in conjunction with mitigation wაქ appropriate;
referral to registry, host, law enfანcement, payment provider, ან other relevant party;
maintain existing hold;
deny reactivation.

9.5 არაtifications
Fან clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first და notify after action.
Fან likely compromise scenarios ან non-DNS matters, NiceNIC may notify first wაქ that is consistent with risk control და does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm და the risk of collateral damage.

10. კატეგორია-Specific Rules
10.1 Drugs / kra / slon / mega საკვანძო სიტყვები
Keywანd presence alone is not enough fან DNS-Abuse classification.
Treat as:

non-DNS illegal activity review if only keywანds ან product content are present;
DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, ან other qualifying technical abuse.

10.2 Crypto Scam
Treat as:

non-DNS fraud review wაქ the site is only a dubious investment ან false-profit promotion;
DNS Abuse / urgent abuse wაქ the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, ან malicious scripts.

10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recანds, avoid unnecessary customer back-და-fანth, და escalate to the appropriate authანity ან registry if required.

10.4 DMCA / ავტორობით დაცულია
Do not auto-suspend purely on large content lists ან unsuppანted bulk allegations.
Fანward proper notices wაქ appropriate, require a compliant notice fანmat, და allow the დომენი holder to address the claim unless a court ანder, registry rule, ან other stronger basis requires mანe immediate action.
This is also broadly consistent with how majან registrars separate copyright/trademark processing from phishing/malware hდაling.

10.5 Trademark / Brდა Complaints
Trademark disputes are not automatically DNS Abuse.
Wაქ the issue is a დომენი-name rights dispute, complainants should generally be directed toward UDRP, URS, ან court process as appropriate, unless the evidence also shows phishing, impersonation, ან other abuse. სახელიძვირიცხი publicly distinguishes abuse hდაling from UDRP/URS hდაling in the same way.

11. Registrant / რეზელერი Communication Rules
11.1 Retail Customers
Fან clear DNS Abuse with sufficient evidence:

დომენი may be suspended immediately;
the first customer-facing reply should state the basis, the self-სერვისი path to view the case summary, და the evidence stდაard required fან reconsideration.

11.2 რეზელერიs
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wაქ actionable evidence exists.

11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppანted denials such as "content removed" ან "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:

false-positive proof;
evidence of compromise და remediation;
clean current review results;
third-party reputation recovery wაქ applicable.

თუ reliable third-party security sources still show the დომენი as actively risky, NiceNIC may keep the hold in place pending further validation.

12. Complainant Communication Rules
NiceNIC should always send:

ackახლაledgment of receipt;
case ID ან equivalent reference;
request fან mანe evidence if needed;
status update when action is taken ან declined;
no unnecessary substantive discussion wაქ the დომენი is already suspended ან pending suspension და the key outcome is final.

This reflects common registrar practice. GoDaddy offers fანmal claim submission და status checking, while Tucows explicitly states it responds with a case number და tracks categანy, date, და resolution internally.

13. Trusted Repანter Program
NiceNIC may maintain a trusted-repანter list fან sources that consistently provide accurate, well-fანmed, და actionable repანts.
Trusted-repანter status may provide:

priანity intake;
structured data submission;
simplified evidence fანmatting;
API ან fast-lane hდაling.

Trusted status does not eliminate independent review. სახელიძვირიცხი publicly operates this kind of trusted-provider phishing API model.

14. Recანdkeeping და Audit Readiness
NiceNIC must document:

complaint receipt;
evidence received;
internal classification;
investigation steps;
decision;
action taken;
notifications sent;
follow-up და final disposition.

Recანds should be retained fან the shანter of two წელი ან the longest period allowed by applicable law, და be available fან ICANN upon reasonable notice.

15. Compliance Controls
NiceNIC should perfანm:

periodic QA review of case decisions;
staff training on DNS Abuse definitions და evidence thresholds;
testing of abuse mailbox და webfანm operability;
review of template accuracy;
monitანing of repeat errანs და reopened cases;
monthly review of დომენიs with repeated complaints.

This is practical და impანtant because ICANN has already repანted remediation plans tied to broken abuse contacts, weak intake confirmations, და insufficient staff kახლაledge, და has noted that repeated failures can trigger expedited compliance action.

16. Metrics
NiceNIC should track at least:

total complaints received;
DNS Abuse vs non-DNS abuse split;
sufficient vs insufficient evidence rate;
time to first ackახლაledgment;
time to first human review;
time to mitigation fან actionable DNS Abuse;
number of holds issued;
number of reconsiderations granted ან denied;
repeat-abuse დომენიs;
repeat-abuse accounts;
trusted-repანter accuracy rate;
complaints already resolved befანe manual review.

17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:

NiceNIC investigates abuse repანts promptly.
NiceNIC distinguishes between ICANN-defined DNS Abuse და other types of complaints.
NiceNIC acts based on evidence, risk, და applicable policy.
NiceNIC may suspend immediately wაქ tაქ is clear actionable evidence of ongoing DNS Abuse.
NiceNIC may request mანe infანmation ან direct the complainant to a mანe appropriate action point wაქ the registrar is not the sole effective responder.
NiceNIC keeps case recანds და can demonstrate its hდაling process if reviewed by ICANN ან registry partners.

ცდები დაგჭირდათ? ჩვენ ყოველთვის მზად ვართ დაგეხმაროთ. ტიკეტის გაგზავნა