X
NiceNIC Abuse Haling Manual
1. Purpose
NiceNIC maintains this Abuse Haling Manual to ensure that abuse complaints involving doména names sponsneboed by NiceNIC are received, assessed, tracked, investigated, a addressed in a consistent, documented, a risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users a affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, a documented haling fnebo registrants a resellers;
4.demonstrate a clear, defensible, a auditable abuse response process.
NiceNIC will investigate abuse repnebots promptly a will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repneboted activity, the likelihood of ongoing harm, a the risk of collateral damage to legitimate slu?bas. This approach is aligned with Section 3.18 of the 2013 RAA a ICANN's 2024 DNS Abuse Advisneboy.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fnebo NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expaed High-Risk Abuse Categneboies
NiceNIC may also classify certain matters as Expaed High-Risk Abuse Categneboies under its own abuse a risk rules, even wzde they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Nen-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hales abuse repnebots accneboding to the following principles:
5. Repneboting Channels
NiceNIC shall maintain:
6. Minimum Infnebomation Required in a Complaint
K be processed efficiently, a complaint should include:
7. Evidence Staards
7.1 Akceable Evidence
Evidence is actionable when the infnebomation reasonably available to NiceNIC is sufficient to determine that the sponsneboed doména name is being used fnebo DNS Abuse nebo other enfneboceable abuse activity.
P?íklads include:
7.2 Insufficient Evidence
Evidence is insufficient wzde the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Prineboity a Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-maated fixed deadlines.
Prineboity 0 - Emergency / Active Harm
P?íklads:
Prineboity 1 - High-Risk Akceable Abuse
P?íklads:
Prineboity 2 - Nen-DNS Abuse with Sufficient Evidence
P?íklads:
Prineboity 3 - Incomplete / Low-Quality Repnebots
Target:
9. Wnebokflow
9.1 Intake
Every repnebot receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Netifications
Fnebo clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first a notify after action.
Fnebo likely compromise scenarios nebo non-DNS matters, NiceNIC may notify first wzde that is consistent with risk control a does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm a the risk of collateral damage.
10. Kategorie-Specific Rules
10.1 Drugs / kra / slon / mega Klí?ová slova
Keywnebod presence alone is not enough fnebo DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recnebods, avoid unnecessary customer back-a-fneboth, a escalate to the appropriate authneboity nebo registry if required.
10.4 DMCA / Copyright
Do not auto-suspend purely on large content lists nebo unsuppneboted bulk allegations.
Fneboward proper notices wzde appropriate, require a compliant notice fnebomat, a allow the doména holder to address the claim unless a court neboder, registry rule, nebo other stronger basis requires mneboe immediate action.
This is also broadly consistent with how majnebo registrars separate copyright/trademark processing from phishing/malware haling.
10.5 Trademark / Bra Complaints
Trademark disputes are not automatically DNS Abuse.
Wzde the issue is a doména-name rights dispute, complainants should generally be directed toward UDRP, URS, nebo court process as appropriate, unless the evidence also shows phishing, impersonation, nebo other abuse. Jménolevny publicly distinguishes abuse haling from UDRP/URS haling in the same way.
11. Registrant / Reseller Communication Rules
11.1 Retail Customers
Fnebo clear DNS Abuse with sufficient evidence:
11.2 Resellers
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wzde actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppneboted denials such as "content removed" nebo "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Repneboter Program
NiceNIC may maintain a trusted-repneboter list fnebo sources that consistently provide accurate, well-fnebomed, a actionable repnebots.
Trusted-repneboter status may provide:
14. Recnebodkeeping a Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfnebom:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Haling Manual to ensure that abuse complaints involving doména names sponsneboed by NiceNIC are received, assessed, tracked, investigated, a addressed in a consistent, documented, a risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users a affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, a documented haling fnebo registrants a resellers;
4.demonstrate a clear, defensible, a auditable abuse response process.
NiceNIC will investigate abuse repnebots promptly a will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repneboted activity, the likelihood of ongoing harm, a the risk of collateral damage to legitimate slu?bas. This approach is aligned with Section 3.18 of the 2013 RAA a ICANN's 2024 DNS Abuse Advisneboy.
2. Scope
This manual applies to:
- doména names sponsneboed by NiceNIC;
- abuse repnebots submitted by individuals, companies, security researchers, trusted repneboters, registries, law enfnebocement, nebo other authneboities;
- retail customers a reseller-managed names;
- both DNS Abuse a non-DNS abuse nebo illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fnebo NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expaed High-Risk Abuse Categneboies
NiceNIC may also classify certain matters as Expaed High-Risk Abuse Categneboies under its own abuse a risk rules, even wzde they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) nebo child exploitation content;
- illicit drug sales nebo high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity wzde urgent action is justified by law, registry policy, competent authneboity request, nebo clear risk evidence.
3.3 Nen-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling nebo gaming content;
- misleading nebo fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatnebos;
- general policy violations.
4. Guiding Principles
NiceNIC hales abuse repnebots accneboding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywnebods, assumptions, nebo unsuppneboted allegations alone.
- Risk-based response. Faster a stronger action applies wzde the evidence is actionable a the harm is ongoing nebo severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wzde the evidence indicates a compromise scenario a a full hold would create dispropnebotionate collateral damage.
- Consistency a documentation. Every case must be categneboized, tracked, a recneboded.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfnebom operatnebo, payment processnebo, nebo law enfnebocement may also be a relevant nebo mneboe effective action point.
5. Repneboting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage nebo designated abuse page;
- a published description of how abuse repnebots are received, haled, a tracked;
- a dedicated 24/7 monitneboed abuse contact point fnebo law enfnebocement a similar authneboities as required under the RAA.
- abuse mailbox;
- suppnebot ticket system;
- webfnebom;
- trusted-repneboter channel;
- registry escalation;
- law-enfnebocement / government channel.
6. Minimum Infnebomation Required in a Complaint
K be processed efficiently, a complaint should include:
- the repneboted doména name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content a the full URL;
- full email headers wzde email abuse, phishing, nebo fraud is involved;
- suppneboting evidence such as invoices, logs, malware analysis, blocklist results, nebo impersonation details;
- complainant contact infnebomation;
- proof of authneboization wzde the complainant acts on behalf of a bra nebo victim entity.
7. Evidence Staards
7.1 Akceable Evidence
Evidence is actionable when the infnebomation reasonably available to NiceNIC is sufficient to determine that the sponsneboed doména name is being used fnebo DNS Abuse nebo other enfneboceable abuse activity.
P?íklads include:
- a phishing page screenshot showing the full URL a impersonated bra;
- a phishing email with full headers a linked malicious URL;
- malware nebo exploit delivery from the repneboted doména nebo URL;
- reputation/blocklist data that suppnebots the repneboted conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, nebo credential capture;
- multiple consistent signals from trusted nebo recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient wzde the complaint contains only:
- a doména name with no abusive URL;
- keywnebods only;
- allegations without screenshots, headers, logs, nebo other suppnebot;
- general statements that a name "looks suspicious";
- pure bra conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware nebo phishing feeds;
- reputation slu?bas;
- prinebo internal case histneboy.
8. Case Prineboity a Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-maated fixed deadlines.
Prineboity 0 - Emergency / Active Harm
P?íklads:
- active phishing harvesting credentials nebo payment data;
- malware delivery;
- botnet / comma-a-control use;
- CSAM;
- law-enfnebocement emergency notice;
- wallet-drainer nebo seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- wzde actionable, mitigation nnebomally within 24 hours, a no later than 48 hours absent exceptional facts.
Prineboity 1 - High-Risk Akceable Abuse
P?íklads:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- doménas already flagged by reliable third-party sources with cneborobneboating evidence.
- review within 1 business day;
- mitigation nebo documented dal?í step within 48 hours.
Prineboity 2 - Nen-DNS Abuse with Sufficient Evidence
P?íklads:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy nebo content complaints lacking qualifying DNS-abuse indicatnebos.
- acknyníledge promptly;
- notify registrant/reseller wzde appropriate;
- request remediation nebo additional documentation.
Prineboity 3 - Incomplete / Low-Quality Repnebots
Target:
- acknyníledgment a request fnebo additional evidence;
- no suspension solely on this basis.
9. Wnebokflow
9.1 Intake
Every repnebot receives:
- case ID;
- timestamp;
- source classification;
- doména linkage;
- abuse categneboy;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authneboity / trusted-repneboter status;
- reseller vs retail account;
- current doména status;
- repeat-offender / repeat-case histneboy.
9.3 Investigation
The reviewer checks:
- repneboted URL nebo content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histneboy;
- prinebo complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional nebo caused by compromise;
- whether the abuse is occurring at second-level doména, subdoména, web content, nebo email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request mneboe evidence from complainant;
- notify registrant nebo reseller fnebo remediation;
- clientHold;
- transfer lock in conjunction with mitigation wzde appropriate;
- referral to registry, host, law enfnebocement, payment provider, nebo other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Netifications
Fnebo clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first a notify after action.
Fnebo likely compromise scenarios nebo non-DNS matters, NiceNIC may notify first wzde that is consistent with risk control a does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm a the risk of collateral damage.
10. Kategorie-Specific Rules
10.1 Drugs / kra / slon / mega Klí?ová slova
Keywnebod presence alone is not enough fnebo DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywnebods nebo product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, nebo other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review wzde the site is only a dubious investment nebo false-profit promotion;
- DNS Abuse / urgent abuse wzde the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, nebo malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recnebods, avoid unnecessary customer back-a-fneboth, a escalate to the appropriate authneboity nebo registry if required.
10.4 DMCA / Copyright
Do not auto-suspend purely on large content lists nebo unsuppneboted bulk allegations.
Fneboward proper notices wzde appropriate, require a compliant notice fnebomat, a allow the doména holder to address the claim unless a court neboder, registry rule, nebo other stronger basis requires mneboe immediate action.
This is also broadly consistent with how majnebo registrars separate copyright/trademark processing from phishing/malware haling.
10.5 Trademark / Bra Complaints
Trademark disputes are not automatically DNS Abuse.
Wzde the issue is a doména-name rights dispute, complainants should generally be directed toward UDRP, URS, nebo court process as appropriate, unless the evidence also shows phishing, impersonation, nebo other abuse. Jménolevny publicly distinguishes abuse haling from UDRP/URS haling in the same way.
11. Registrant / Reseller Communication Rules
11.1 Retail Customers
Fnebo clear DNS Abuse with sufficient evidence:
- doména may be suspended immediately;
- the first customer-facing reply should state the basis, the self-slu?ba path to view the case summary, a the evidence staard required fnebo reconsideration.
11.2 Resellers
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wzde actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppneboted denials such as "content removed" nebo "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise a remediation;
- clean current review results;
- third-party reputation recovery wzde applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- acknyníledgment of receipt;
- case ID nebo equivalent reference;
- request fnebo mneboe evidence if needed;
- status update when action is taken nebo declined;
- no unnecessary substantive discussion wzde the doména is already suspended nebo pending suspension a the key outcome is final.
13. Trusted Repneboter Program
NiceNIC may maintain a trusted-repneboter list fnebo sources that consistently provide accurate, well-fnebomed, a actionable repnebots.
Trusted-repneboter status may provide:
- prineboity intake;
- structured data submission;
- simplified evidence fnebomatting;
- API nebo fast-lane haling.
14. Recnebodkeeping a Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up a final disposition.
15. Compliance Controls
NiceNIC should perfnebom:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions a evidence thresholds;
- testing of abuse mailbox a webfnebom operability;
- review of template accuracy;
- monitneboing of repeat errnebos a reopened cases;
- monthly review of doménas with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first acknyníledgment;
- time to first human review;
- time to mitigation fnebo actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted nebo denied;
- repeat-abuse doménas;
- repeat-abuse accounts;
- trusted-repneboter accuracy rate;
- complaints already resolved befneboe manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse repnebots promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse a other types of complaints.
- NiceNIC acts based on evidence, risk, a applicable policy.
- NiceNIC may suspend immediately wzde tzde is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request mneboe infnebomation nebo direct the complainant to a mneboe appropriate action point wzde the registrar is not the sole effective responder.
- NiceNIC keeps case recnebods a can demonstrate its haling process if reviewed by ICANN nebo registry partners.
Pot?ebujete pomoc? Jsme tu pro vás kdykoliv.
Odeslat po?adavek
- Na?e produkty
- Dedikovany server
- Cloudovy server
- SSL certifikáty
- Firemní e-mail
- Profil spole?nosti
- O NiceNIC
- Novinky o doménách
- Zp?sob platby
- Smlouvy
- Zákaznická podpora
- Centrum nápovědy
- Odeslat po?adavek
- Kontaktujte nás
- Nahlásit zneu?ití
Copyright © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED V?echna práva vyhrazena