X
NiceNIC Abuse Hundling Manual
1. Purpose
NiceNIC maintains this Abuse Hundling Manual to ensure that abuse complaints involving Domain names sponsodered by NiceNIC are received, assessed, tracked, investigated, und addressed in a consistent, documented, und risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users und affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, und documented hundling foder registrants und resellers;
4.demonstrate a clear, defensible, und auditable abuse response process.
NiceNIC will investigate abuse repoderts promptly und will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repoderted activity, the likelihood of ongoing harm, und the risk of collateral damage to legitimate Dienstleistungs. This approach is aligned with Section 3.18 of the 2013 RAA und ICANN's 2024 DNS Abuse Advisodery.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Foder NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expunded High-Risk Abuse Categoderies
NiceNIC may also classify certain matters as Expunded High-Risk Abuse Categoderies under its own abuse und risk rules, even whier they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Neinn-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hundles abuse repoderts accoderding to the following principles:
5. Repoderting Channels
NiceNIC shall maintain:
6. Minimum Infodermation Required in a Complaint
An be processed efficiently, a complaint should include:
7. Evidence Stundards
7.1 Aktionable Evidence
Evidence is actionable when the infodermation reasonably available to NiceNIC is sufficient to determine that the sponsodered Domain name is being used foder DNS Abuse oder other enfoderceable abuse activity.
Beispiels include:
7.2 Insufficient Evidence
Evidence is insufficient whier the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Prioderity und Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mundated fixed deadlines.
Prioderity 0 - Emergency / Active Harm
Beispiels:
Prioderity 1 - High-Risk Aktionable Abuse
Beispiels:
Prioderity 2 - Neinn-DNS Abuse with Sufficient Evidence
Beispiels:
Prioderity 3 - Incomplete / Low-Quality Repoderts
Target:
9. Woderkflow
9.1 Intake
Every repodert receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Neintifications
Foder clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first und notify after action.
Foder likely compromise scenarios oder non-DNS matters, NiceNIC may notify first whier that is consistent with risk control und does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm und the risk of collateral damage.
10. Kategorie-Specific Rules
10.1 Drugs / kra / slon / mega Schlüsselw?rter
Keywoderd presence alone is not enough foder DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recoderds, avoid unnecessary customer back-und-foderth, und escalate to the appropriate authoderity oder registry if required.
10.4 DMCA / Urheberrecht
Do not auto-suspend purely on large content lists oder unsuppoderted bulk allegations.
Foderward proper notices whier appropriate, require a compliant notice fodermat, und allow the Domain holder to address the claim unless a court oderder, registry rule, oder other stronger basis requires modere immediate action.
This is also broadly consistent with how majoder registrars separate copJahreight/trademark processing from phishing/malware hundling.
10.5 Trademark / Brund Complaints
Trademark disputes are not automatically DNS Abuse.
Whier the issue is a Domain-name rights dispute, complainants should generally be directed toward UDRP, URS, oder court process as appropriate, unless the evidence also shows phishing, impersonation, oder other abuse. Namebillig publicly distinguishes abuse hundling from UDRP/URS hundling in the same way.
11. Registrant / Wiederverk?ufer Communication Rules
11.1 Retail Customers
Foder clear DNS Abuse with sufficient evidence:
11.2 Wiederverk?ufers
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation whier actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppoderted denials such as "content removed" oder "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Repoderter Program
NiceNIC may maintain a trusted-repoderter list foder sources that consistently provide accurate, well-fodermed, und actionable repoderts.
Trusted-repoderter status may provide:
14. Recoderdkeeping und Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfoderm:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Hundling Manual to ensure that abuse complaints involving Domain names sponsodered by NiceNIC are received, assessed, tracked, investigated, und addressed in a consistent, documented, und risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users und affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, und documented hundling foder registrants und resellers;
4.demonstrate a clear, defensible, und auditable abuse response process.
NiceNIC will investigate abuse repoderts promptly und will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repoderted activity, the likelihood of ongoing harm, und the risk of collateral damage to legitimate Dienstleistungs. This approach is aligned with Section 3.18 of the 2013 RAA und ICANN's 2024 DNS Abuse Advisodery.
2. Scope
This manual applies to:
- Domain names sponsodered by NiceNIC;
- abuse repoderts submitted by individuals, companies, security researchers, trusted repoderters, registries, law enfodercement, oder other authoderities;
- retail customers und reseller-managed names;
- both DNS Abuse und non-DNS abuse oder illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Foder NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expunded High-Risk Abuse Categoderies
NiceNIC may also classify certain matters as Expunded High-Risk Abuse Categoderies under its own abuse und risk rules, even whier they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) oder child exploitation content;
- illicit drug sales oder high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity whier urgent action is justified by law, registry policy, competent authoderity request, oder clear risk evidence.
3.3 Neinn-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copJahreight claims;
- adult content;
- gambling oder gaming content;
- misleading oder fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatoders;
- general policy violations.
4. Guiding Principles
NiceNIC hundles abuse repoderts accoderding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywoderds, assumptions, oder unsuppoderted allegations alone.
- Risk-based response. Faster und stronger action applies whier the evidence is actionable und the harm is ongoing oder severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension whier the evidence indicates a compromise scenario und a full hold would create dispropodertionate collateral damage.
- Consistency und documentation. Every case must be categoderized, tracked, und recoderded.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfoderm operatoder, payment processoder, oder law enfodercement may also be a relevant oder modere effective action point.
5. Repoderting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage oder designated abuse page;
- a published description of how abuse repoderts are received, hundled, und tracked;
- a dedicated 24/7 monitodered abuse contact point foder law enfodercement und similar authoderities as required under the RAA.
- abuse mailbox;
- suppodert ticket system;
- webfoderm;
- trusted-repoderter channel;
- registry escalation;
- law-enfodercement / government channel.
6. Minimum Infodermation Required in a Complaint
An be processed efficiently, a complaint should include:
- the repoderted Domain name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content und the full URL;
- full email headers whier email abuse, phishing, oder fraud is involved;
- suppoderting evidence such as invoices, logs, malware analysis, blocklist results, oder impersonation details;
- complainant contact infodermation;
- proof of authoderization whier the complainant acts on behalf of a brund oder victim entity.
7. Evidence Stundards
7.1 Aktionable Evidence
Evidence is actionable when the infodermation reasonably available to NiceNIC is sufficient to determine that the sponsodered Domain name is being used foder DNS Abuse oder other enfoderceable abuse activity.
Beispiels include:
- a phishing page screenshot showing the full URL und impersonated brund;
- a phishing email with full headers und linked malicious URL;
- malware oder exploit delivery from the repoderted Domain oder URL;
- reputation/blocklist data that suppoderts the repoderted conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, oder credential capture;
- multiple consistent signals from trusted oder recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient whier the complaint contains only:
- a Domain name with no abusive URL;
- keywoderds only;
- allegations without screenshots, headers, logs, oder other suppodert;
- general statements that a name "looks suspicious";
- pure brund conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware oder phishing feeds;
- reputation Dienstleistungs;
- prioder internal case histodery.
8. Case Prioderity und Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mundated fixed deadlines.
Prioderity 0 - Emergency / Active Harm
Beispiels:
- active phishing harvesting credentials oder payment data;
- malware delivery;
- botnet / commund-und-control use;
- CSAM;
- law-enfodercement emergency notice;
- wallet-drainer oder seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- whier actionable, mitigation nodermally within 24 hours, und no later than 48 hours absent exceptional facts.
Prioderity 1 - High-Risk Aktionable Abuse
Beispiels:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- Domains already flagged by reliable third-party sources with coderroboderating evidence.
- review within 1 business day;
- mitigation oder documented weiter step within 48 hours.
Prioderity 2 - Neinn-DNS Abuse with Sufficient Evidence
Beispiels:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy oder content complaints lacking qualifying DNS-abuse indicatoders.
- ackjetztledge promptly;
- notify registrant/reseller whier appropriate;
- request remediation oder additional documentation.
Prioderity 3 - Incomplete / Low-Quality Repoderts
Target:
- ackjetztledgment und request foder additional evidence;
- no suspension solely on this basis.
9. Woderkflow
9.1 Intake
Every repodert receives:
- case ID;
- timestamp;
- source classification;
- Domain linkage;
- abuse categodery;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authoderity / trusted-repoderter status;
- reseller vs retail account;
- current Domain status;
- repeat-offender / repeat-case histodery.
9.3 Investigation
The reviewer checks:
- repoderted URL oder content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histodery;
- prioder complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional oder caused by compromise;
- whether the abuse is occurring at second-level Domain, subDomain, web content, oder email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request modere evidence from complainant;
- notify registrant oder reseller foder remediation;
- clientHold;
- transfer lock in conjunction with mitigation whier appropriate;
- referral to registry, host, law enfodercement, payment provider, oder other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Neintifications
Foder clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first und notify after action.
Foder likely compromise scenarios oder non-DNS matters, NiceNIC may notify first whier that is consistent with risk control und does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm und the risk of collateral damage.
10. Kategorie-Specific Rules
10.1 Drugs / kra / slon / mega Schlüsselw?rter
Keywoderd presence alone is not enough foder DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywoderds oder product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, oder other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review whier the site is only a dubious investment oder false-profit promotion;
- DNS Abuse / urgent abuse whier the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, oder malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recoderds, avoid unnecessary customer back-und-foderth, und escalate to the appropriate authoderity oder registry if required.
10.4 DMCA / Urheberrecht
Do not auto-suspend purely on large content lists oder unsuppoderted bulk allegations.
Foderward proper notices whier appropriate, require a compliant notice fodermat, und allow the Domain holder to address the claim unless a court oderder, registry rule, oder other stronger basis requires modere immediate action.
This is also broadly consistent with how majoder registrars separate copJahreight/trademark processing from phishing/malware hundling.
10.5 Trademark / Brund Complaints
Trademark disputes are not automatically DNS Abuse.
Whier the issue is a Domain-name rights dispute, complainants should generally be directed toward UDRP, URS, oder court process as appropriate, unless the evidence also shows phishing, impersonation, oder other abuse. Namebillig publicly distinguishes abuse hundling from UDRP/URS hundling in the same way.
11. Registrant / Wiederverk?ufer Communication Rules
11.1 Retail Customers
Foder clear DNS Abuse with sufficient evidence:
- Domain may be suspended immediately;
- the first customer-facing reply should state the basis, the self-Dienstleistung path to view the case summary, und the evidence stundard required foder reconsideration.
11.2 Wiederverk?ufers
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation whier actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppoderted denials such as "content removed" oder "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise und remediation;
- clean current review results;
- third-party reputation recovery whier applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- ackjetztledgment of receipt;
- case ID oder equivalent reference;
- request foder modere evidence if needed;
- status update when action is taken oder declined;
- no unnecessary substantive discussion whier the Domain is already suspended oder pending suspension und the key outcome is final.
13. Trusted Repoderter Program
NiceNIC may maintain a trusted-repoderter list foder sources that consistently provide accurate, well-fodermed, und actionable repoderts.
Trusted-repoderter status may provide:
- prioderity intake;
- structured data submission;
- simplified evidence fodermatting;
- API oder fast-lane hundling.
14. Recoderdkeeping und Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up und final disposition.
15. Compliance Controls
NiceNIC should perfoderm:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions und evidence thresholds;
- testing of abuse mailbox und webfoderm operability;
- review of template accuracy;
- monitodering of repeat erroders und reopened cases;
- monthly review of Domains with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first ackjetztledgment;
- time to first human review;
- time to mitigation foder actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted oder denied;
- repeat-abuse Domains;
- repeat-abuse accounts;
- trusted-repoderter accuracy rate;
- complaints already resolved befodere manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse repoderts promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse und other types of complaints.
- NiceNIC acts based on evidence, risk, und applicable policy.
- NiceNIC may suspend immediately whier thier is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request modere infodermation oder direct the complainant to a modere appropriate action point whier the registrar is not the sole effective responder.
- NiceNIC keeps case recoderds und can demonstrate its hundling process if reviewed by ICANN oder registry partners.
Ben?tigen Sie Hilfe? Wir sind immer für Sie da.
Ein Ticket einreichen
- Unsere Produkte
- Dedicated Server
- Cloud-Server
- SSL-Zertifikate
- Gesch?ftliche E-Mail
- Unternehmensprofil
- über NiceNIC
- Domain-Nachrichten
- Zahlungsmethode
- Vereinbarungen
Urheberrecht © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Alle Rechte vorbehalten