X
Жарияланған: 2026-04-02 | Жаңартылған: 2026-04-02
NiceNIC Abuse Hжәнеling Manual

1. Purpose
NiceNIC maintains this Abuse Hжәнеling Manual to ensure that abuse complaints involving домен names sponsнемесеed by NiceNIC are received, assessed, tracked, investigated, және addressed in a consistent, documented, және risk-based manner.
This manual is designed to achieve four outcomes at the same time:
 1.protect Internet users және affected parties from ongoing harm; 
 2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar; 
 3.provide fair, predictable, және documented hжәнеling fнемесе registrants және resellers; 
 4.demonstrate a clear, defensible, және auditable abuse response process. 
NiceNIC will investigate abuse repнемесеts promptly және will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repнемесеted activity, the likelihood of ongoing harm, және the risk of collateral damage to legitimate қызметs. This approach is aligned with Section 3.18 of the 2013 RAA және ICANN's 2024 DNS Abuse Advisнемесеy. 

2. Scope
This manual applies to:
  • домен names sponsнемесеed by NiceNIC; 
  • abuse repнемесеts submitted by individuals, companies, security researchers, trusted repнемесеters, registries, law enfнемесеcement, немесе other authнемесеities; 
  • retail customers және reseller-managed names; 
  • both DNS Abuse және non-DNS abuse немесе illegal-activity complaints. 
This manual does not mean that every complaint will result in suspension. NiceNIC will act accнемесеding to the applicable contractual framewнемесеk, registry rules, NiceNIC's Acceptable Use / Abuse Policy, және the evidence available in each case.


3. Definitions
3.1 ICANN Contractual DNS Abuse
Fнемесе NiceNIC's contractual compliance purposes, DNS Abuse means:
  • malware 
  • botnets 
  • phishing 
  • pharming 
spam only when used as a delivery mechanism fнемесе one of the four categнемесеies above. 

3.2 NiceNIC Expжәнеed High-Risk Abuse Categнемесеies
NiceNIC may also classify certain matters as Expжәнеed High-Risk Abuse Categнемесеies under its own abuse және risk rules, even wмұнда they are not automatically ICANN-defined DNS Abuse. These may include:
  • child sexual abuse material (CSAM) немесе child exploitation content; 
  • illicit drug sales немесе high-risk narcotics content; 
  • crypto fraud schemes; 
  • content creating imminent risk of serious harm; 
  • other illegal activity wмұнда urgent action is justified by law, registry policy, competent authнемесеity request, немесе clear risk evidence. 
These categнемесеies must be assessed carefully. They are not automatically treated as ICANN DNS Abuse unless the evidence also shows phishing, malware, botnet activity, pharming, немесе qualifying spam. Tucows publicly describes a similar distinction between cнемесеe DNS Abuse және broader content abuses it may act on at the DNS level. 

3.3 Жоқn-DNS Abuse / Other Complaints
These commonly include:
  • trademark disputes; 
  • DMCA / copyright claims; 
  • adult content; 
  • gambling немесе gaming content; 
  • misleading немесе fraudulent content without technical DNS-abuse evidence; 
  • pharmacy / drug content without qualifying DNS-abuse indicatнемесеs; 
  • general policy violations. 
These complaints may still be investigated және hжәнеled, but they do not automatically justify DNS-level suspension.


4. Guiding Principles
NiceNIC hжәнеles abuse repнемесеts accнемесеding to the following principles:
  • Evidence first. NiceNIC does not take DNS-level action based on keywнемесеds, assumptions, немесе unsuppнемесеted allegations alone. 
  • Risk-based response. Faster және stronger action applies wмұнда the evidence is actionable және the harm is ongoing немесе severe. 
  • Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wмұнда the evidence indicates a compromise scenario және a full hold would create dispropнемесеtionate collateral damage. 
  • Consistency және documentation. Every case must be categнемесеized, tracked, және recнемесеded. 
  • Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfнемесеm operatнемесе, payment processнемесе, немесе law enfнемесеcement may also be a relevant немесе mнемесеe effective action point. 
This risk-based және collateral-damage-aware model matches ICANN's advisнемесеy, which states that the appropriate mitigation action may vary by circumstances және that suspension is not the only possible response. 


5. Repнемесеting Channels
NiceNIC shall maintain:
  • a public abuse contact email on its website homepage немесе designated abuse page; 
  • a published description of how abuse repнемесеts are received, hжәнеled, және tracked; 
  • a dedicated 24/7 monitнемесеed abuse contact point fнемесе law enfнемесеcement және similar authнемесеities as required under the RAA. 
NiceNIC may accept abuse repнемесеts through:
  • abuse mailbox; 
  • suppнемесеt ticket system; 
  • webfнемесеm; 
  • trusted-repнемесеter channel; 
  • registry escalation; 
  • law-enfнемесеcement / government channel. 


6. Minimum Infнемесеmation Required in a Complaint
Сатып алу үшін be processed efficiently, a complaint should include:
  • the repнемесеted домен name; 
  • the specific abusive URL, if any; 
  • a clear description of the alleged abuse; 
  • screenshots showing the content және the full URL; 
  • full email headers wмұнда email abuse, phishing, немесе fraud is involved; 
  • suppнемесеting evidence such as invoices, logs, malware analysis, blocklist results, немесе impersonation details; 
  • complainant contact infнемесеmation; 
  • proof of authнемесеization wмұнда the complainant acts on behalf of a brжәне немесе victim entity. 
This matches both ICANN's recent complaint guidance және market practice published by registrars such as Атыарзан. 


7. Evidence Stжәнеards
7.1 Әрекетable Evidence
Evidence is actionable when the infнемесеmation reasonably available to NiceNIC is sufficient to determine that the sponsнемесеed домен name is being used fнемесе DNS Abuse немесе other enfнемесеceable abuse activity.
Мысалs include:
  • a phishing page screenshot showing the full URL және impersonated brжәне; 
  • a phishing email with full headers және linked malicious URL; 
  • malware немесе exploit delivery from the repнемесеted домен немесе URL; 
  • reputation/blocklist data that suppнемесеts the repнемесеted conduct; 
  • evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, немесе credential capture; 
  • multiple consistent signals from trusted немесе recognized sources. 
ICANN's current guidance uses this same "actionable evidence" stжәнеard және makes clear that registrars may also consider infнемесеmation they can reasonably access themselves. 

7.2 Insufficient Evidence
Evidence is insufficient wмұнда the complaint contains only:
  • a домен name with no abusive URL; 
  • keywнемесеds only; 
  • allegations without screenshots, headers, logs, немесе other suppнемесеt; 
  • general statements that a name "looks suspicious"; 
  • pure brжәне conflict allegations without abuse evidence. 
When evidence is insufficient, NiceNIC will request mнемесеe infнемесеmation rather than taking immediate DNS-level action, unless independent internal review немесе trusted-source data supplies the missing basis.

7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
  • reputable blocklists / RBLs; 
  • malware немесе phishing feeds; 
  • reputation қызметs; 
  • priнемесе internal case histнемесеy. 
Such signals are suppнемесеting factнемесеs, not a substitute fнемесе judgment. ICANN's enfнемесеcement materials expressly note that screenshots, RBL infнемесеmation, priнемесе case histнемесеy, EPP status changes, MX recнемесеds, және the registrar's own investigation can all be relevant to compliance review. 


8. Case Priнемесеity және Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mжәнеated fixed deadlines.
Priнемесеity 0 - Emergency / Active Harm
Мысалs:
  • active phishing harvesting credentials немесе payment data; 
  • malware delivery; 
  • botnet / commжәне-және-control use; 
  • CSAM; 
  • law-enfнемесеcement emergency notice; 
  • wallet-drainer немесе seed-phrase theft infrastructure. 
Target:
  • first review immediately; 
  • decision as fast as reasonably possible; 
  • wмұнда actionable, mitigation nнемесеmally within 24 hours, және no later than 48 hours absent exceptional facts. 

Priнемесеity 1 - High-Risk Әрекетable Abuse
Мысалs:
  • clear impersonation fraud; 
  • repeat abuse linked to the same registrant/account; 
  • доменs already flagged by reliable third-party sources with cнемесеrobнемесеating evidence. 
Target:
  • review within 1 business day; 
  • mitigation немесе documented алға step within 48 hours. 

Priнемесеity 2 - Жоқn-DNS Abuse with Sufficient Evidence
Мысалs:
  • DMCA with proper notice; 
  • trademark complaints; 
  • illegal pharmacy немесе content complaints lacking qualifying DNS-abuse indicatнемесеs. 
Target:
  • ackқазірledge promptly; 
  • notify registrant/reseller wмұнда appropriate; 
  • request remediation немесе additional documentation. 

Priнемесеity 3 - Incomplete / Low-Quality Repнемесеts
Target:
  • ackқазірledgment және request fнемесе additional evidence; 
  • no suspension solely on this basis. 
Fнемесе repнемесеts from law enfнемесеcement немесе similar authнемесеities covered by RAA 3.18.2, NiceNIC must ensure review within 24 hours by empowered personnel. 


9. Wнемесеkflow
9.1 Intake
Every repнемесеt receives:
  • case ID; 
  • timestamp; 
  • source classification; 
  • домен linkage; 
  • abuse categнемесеy; 
  • evidence status. 
Егер the домен is already on clientHold, serverHold, немесе on an approved pending-hold list, the system should automatically return a status notice to the complainant және suppress duplicate manual hжәнеling.

9.2 Triage
The case is classified by:
  • DNS Abuse vs non-DNS abuse; 
  • evidence sufficient vs insufficient; 
  • authнемесеity / trusted-repнемесеter status; 
  • reseller vs retail account; 
  • current домен status; 
  • repeat-offender / repeat-case histнемесеy. 

9.3 Investigation
The reviewer checks:
  • repнемесеted URL немесе content; 
  • RDAP / WHOIS / creation timing / nameservers / MX; 
  • internal account histнемесеy; 
  • priнемесе complaints; 
  • blocklists / third-party intelligence; 
  • whether the issue appears intentional немесе caused by compromise; 
  • whether the abuse is occurring at second-level домен, subдомен, web content, немесе email layer. 

9.4 Decision
Possible outcomes:
  • no action / insufficient evidence; 
  • request mнемесеe evidence from complainant; 
  • notify registrant немесе reseller fнемесе remediation; 
  • clientHold; 
  • transfer lock in conjunction with mitigation wмұнда appropriate; 
  • referral to registry, host, law enfнемесеcement, payment provider, немесе other relevant party; 
  • maintain existing hold; 
  • deny reactivation. 

9.5 Жоқtifications
Fнемесе clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first және notify after action.
Fнемесе likely compromise scenarios немесе non-DNS matters, NiceNIC may notify first wмұнда that is consistent with risk control және does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm және the risk of collateral damage. 


10. Категория-Specific Rules
10.1 Drugs / kra / slon / mega Іздеу сөздері
Keywнемесеd presence alone is not enough fнемесе DNS-Abuse classification.
Treat as:
  • non-DNS illegal activity review if only keywнемесеds немесе product content are present; 
  • DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, немесе other qualifying technical abuse. 

10.2 Crypto Scam
Treat as:
  • non-DNS fraud review wмұнда the site is only a dubious investment немесе false-profit promotion; 
  • DNS Abuse / urgent abuse wмұнда the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, немесе malicious scripts. 

10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recнемесеds, avoid unnecessary customer back-және-fнемесеth, және escalate to the appropriate authнемесеity немесе registry if required.

10.4 DMCA / Авторлық құқық
Do not auto-suspend purely on large content lists немесе unsuppнемесеted bulk allegations.
Fнемесеward proper notices wмұнда appropriate, require a compliant notice fнемесеmat, және allow the домен holder to address the claim unless a court немесеder, registry rule, немесе other stronger basis requires mнемесеe immediate action.
This is also broadly consistent with how majнемесе registrars separate copyright/trademark processing from phishing/malware hжәнеling. 

10.5 Trademark / Brжәне Complaints
Trademark disputes are not automatically DNS Abuse.
Wмұнда the issue is a домен-name rights dispute, complainants should generally be directed toward UDRP, URS, немесе court process as appropriate, unless the evidence also shows phishing, impersonation, немесе other abuse. Атыарзан publicly distinguishes abuse hжәнеling from UDRP/URS hжәнеling in the same way. 


11. Registrant / Өкіл Communication Rules
11.1 Retail Customers
Fнемесе clear DNS Abuse with sufficient evidence:
  • домен may be suspended immediately; 
  • the first customer-facing reply should state the basis, the self-қызмет path to view the case summary, және the evidence stжәнеard required fнемесе reconsideration. 

11.2 Өкілs
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wмұнда actionable evidence exists.

11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppнемесеted denials such as "content removed" немесе "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
  • false-positive proof; 
  • evidence of compromise және remediation; 
  • clean current review results; 
  • third-party reputation recovery wмұнда applicable. 
Егер reliable third-party security sources still show the домен as actively risky, NiceNIC may keep the hold in place pending further validation.


12. Complainant Communication Rules
NiceNIC should always send:
  • ackқазірledgment of receipt; 
  • case ID немесе equivalent reference; 
  • request fнемесе mнемесеe evidence if needed; 
  • status update when action is taken немесе declined; 
  • no unnecessary substantive discussion wмұнда the домен is already suspended немесе pending suspension және the key outcome is final. 
This reflects common registrar practice. GoDaddy offers fнемесеmal claim submission және status checking, while Tucows explicitly states it responds with a case number және tracks categнемесеy, date, және resolution internally. 


13. Trusted Repнемесеter Program
NiceNIC may maintain a trusted-repнемесеter list fнемесе sources that consistently provide accurate, well-fнемесеmed, және actionable repнемесеts.
Trusted-repнемесеter status may provide:
  • priнемесеity intake; 
  • structured data submission; 
  • simplified evidence fнемесеmatting; 
  • API немесе fast-lane hжәнеling. 
Trusted status does not eliminate independent review. Атыарзан publicly operates this kind of trusted-provider phishing API model. 


14. Recнемесеdkeeping және Audit Readiness
NiceNIC must document:
  • complaint receipt; 
  • evidence received; 
  • internal classification; 
  • investigation steps; 
  • decision; 
  • action taken; 
  • notifications sent; 
  • follow-up және final disposition. 
Recнемесеds should be retained fнемесе the shнемесеter of two жылдар немесе the longest period allowed by applicable law, және be available fнемесе ICANN upon reasonable notice. 


15. Compliance Controls
NiceNIC should perfнемесеm:
  • periodic QA review of case decisions; 
  • staff training on DNS Abuse definitions және evidence thresholds; 
  • testing of abuse mailbox және webfнемесеm operability; 
  • review of template accuracy; 
  • monitнемесеing of repeat errнемесеs және reopened cases; 
  • monthly review of доменs with repeated complaints. 
This is practical және impнемесеtant because ICANN has already repнемесеted remediation plans tied to broken abuse contacts, weak intake confirmations, және insufficient staff kқазірledge, және has noted that repeated failures can trigger expedited compliance action. 


16. Metrics
NiceNIC should track at least:
  • total complaints received; 
  • DNS Abuse vs non-DNS abuse split; 
  • sufficient vs insufficient evidence rate; 
  • time to first ackқазірledgment; 
  • time to first human review; 
  • time to mitigation fнемесе actionable DNS Abuse; 
  • number of holds issued; 
  • number of reconsiderations granted немесе denied; 
  • repeat-abuse доменs; 
  • repeat-abuse accounts; 
  • trusted-repнемесеter accuracy rate; 
  • complaints already resolved befнемесеe manual review. 


17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
  • NiceNIC investigates abuse repнемесеts promptly. 
  • NiceNIC distinguishes between ICANN-defined DNS Abuse және other types of complaints. 
  • NiceNIC acts based on evidence, risk, және applicable policy. 
  • NiceNIC may suspend immediately wмұнда tмұнда is clear actionable evidence of ongoing DNS Abuse. 
  • NiceNIC may request mнемесеe infнемесеmation немесе direct the complainant to a mнемесеe appropriate action point wмұнда the registrar is not the sole effective responder. 
  • NiceNIC keeps case recнемесеds және can demonstrate its hжәнеling process if reviewed by ICANN немесе registry partners. 

Көмек керек пе? Біз әрқашан сіздің қызметіңіздеміз. Тапсырма жіберу
Авторлық құқық © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Барлық құқықтар қорғалған