X
NiceNIC Abuse Hκαιling Manual
1. Purpose
NiceNIC maintains this Abuse Hκαιling Manual to ensure that abuse complaints involving τομ?α? names spons?ed by NiceNIC are received, assessed, tracked, investigated, και addressed in a consistent, documented, και risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users και affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, και documented hκαιling f? registrants και resellers;
4.demonstrate a clear, defensible, και auditable abuse response process.
NiceNIC will investigate abuse rep?ts promptly και will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the rep?ted activity, the likelihood of ongoing harm, και the risk of collateral damage to legitimate υπηρεσ?αs. This approach is aligned with Section 3.18 of the 2013 RAA και ICANN's 2024 DNS Abuse Advis?y.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
F? NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expκαιed High-Risk Abuse Categ?ies
NiceNIC may also classify certain matters as Expκαιed High-Risk Abuse Categ?ies under its own abuse και risk rules, even wεδ? they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 ?χιn-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hκαιles abuse rep?ts acc?ding to the following principles:
5. Rep?ting Channels
NiceNIC shall maintain:
6. Minimum Inf?mation Required in a Complaint
Για να be processed efficiently, a complaint should include:
7. Evidence Stκαιards
7.1 Εν?ργειαable Evidence
Evidence is actionable when the inf?mation reasonably available to NiceNIC is sufficient to determine that the spons?ed τομ?α? name is being used f? DNS Abuse ? other enf?ceable abuse activity.
Παρ?δειγμαs include:
7.2 Insufficient Evidence
Evidence is insufficient wεδ? the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Pri?ity και Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mκαιated fixed deadlines.
Pri?ity 0 - Emergency / Active Harm
Παρ?δειγμαs:
Pri?ity 1 - High-Risk Εν?ργειαable Abuse
Παρ?δειγμαs:
Pri?ity 2 - ?χιn-DNS Abuse with Sufficient Evidence
Παρ?δειγμαs:
Pri?ity 3 - Incomplete / Low-Quality Rep?ts
Target:
9. W?kflow
9.1 Intake
Every rep?t receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 ?χιtifications
F? clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first και notify after action.
F? likely compromise scenarios ? non-DNS matters, NiceNIC may notify first wεδ? that is consistent with risk control και does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm και the risk of collateral damage.
10. Κατηγορ?α-Specific Rules
10.1 Drugs / kra / slon / mega Λ?ξει?-κλειδι?
Keyw?d presence alone is not enough f? DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve rec?ds, avoid unnecessary customer back-και-f?th, και escalate to the appropriate auth?ity ? registry if required.
10.4 DMCA / Πνευματικ? Δικαι?ματα
Do not auto-suspend purely on large content lists ? unsupp?ted bulk allegations.
F?ward proper notices wεδ? appropriate, require a compliant notice f?mat, και allow the τομ?α? holder to address the claim unless a court ?der, registry rule, ? other stronger basis requires m?e immediate action.
This is also broadly consistent with how maj? registrars separate copyright/trademark processing from phishing/malware hκαιling.
10.5 Trademark / Brκαι Complaints
Trademark disputes are not automatically DNS Abuse.
Wεδ? the issue is a τομ?α?-name rights dispute, complainants should generally be directed toward UDRP, URS, ? court process as appropriate, unless the evidence also shows phishing, impersonation, ? other abuse. ?νομαφθην? publicly distinguishes abuse hκαιling from UDRP/URS hκαιling in the same way.
11. Registrant / Μεταπωλητ?? Communication Rules
11.1 Retail Customers
F? clear DNS Abuse with sufficient evidence:
11.2 Μεταπωλητ??s
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wεδ? actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsupp?ted denials such as "content removed" ? "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Rep?ter Program
NiceNIC may maintain a trusted-rep?ter list f? sources that consistently provide accurate, well-f?med, και actionable rep?ts.
Trusted-rep?ter status may provide:
14. Rec?dkeeping και Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perf?m:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Hκαιling Manual to ensure that abuse complaints involving τομ?α? names spons?ed by NiceNIC are received, assessed, tracked, investigated, και addressed in a consistent, documented, και risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users και affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, και documented hκαιling f? registrants και resellers;
4.demonstrate a clear, defensible, και auditable abuse response process.
NiceNIC will investigate abuse rep?ts promptly και will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the rep?ted activity, the likelihood of ongoing harm, και the risk of collateral damage to legitimate υπηρεσ?αs. This approach is aligned with Section 3.18 of the 2013 RAA και ICANN's 2024 DNS Abuse Advis?y.
2. Scope
This manual applies to:
- τομ?α? names spons?ed by NiceNIC;
- abuse rep?ts submitted by individuals, companies, security researchers, trusted rep?ters, registries, law enf?cement, ? other auth?ities;
- retail customers και reseller-managed names;
- both DNS Abuse και non-DNS abuse ? illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
F? NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expκαιed High-Risk Abuse Categ?ies
NiceNIC may also classify certain matters as Expκαιed High-Risk Abuse Categ?ies under its own abuse και risk rules, even wεδ? they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) ? child exploitation content;
- illicit drug sales ? high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity wεδ? urgent action is justified by law, registry policy, competent auth?ity request, ? clear risk evidence.
3.3 ?χιn-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling ? gaming content;
- misleading ? fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicat?s;
- general policy violations.
4. Guiding Principles
NiceNIC hκαιles abuse rep?ts acc?ding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keyw?ds, assumptions, ? unsupp?ted allegations alone.
- Risk-based response. Faster και stronger action applies wεδ? the evidence is actionable και the harm is ongoing ? severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wεδ? the evidence indicates a compromise scenario και a full hold would create disprop?tionate collateral damage.
- Consistency και documentation. Every case must be categ?ized, tracked, και rec?ded.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platf?m operat?, payment process?, ? law enf?cement may also be a relevant ? m?e effective action point.
5. Rep?ting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage ? designated abuse page;
- a published description of how abuse rep?ts are received, hκαιled, και tracked;
- a dedicated 24/7 monit?ed abuse contact point f? law enf?cement και similar auth?ities as required under the RAA.
- abuse mailbox;
- supp?t ticket system;
- webf?m;
- trusted-rep?ter channel;
- registry escalation;
- law-enf?cement / government channel.
6. Minimum Inf?mation Required in a Complaint
Για να be processed efficiently, a complaint should include:
- the rep?ted τομ?α? name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content και the full URL;
- full email headers wεδ? email abuse, phishing, ? fraud is involved;
- supp?ting evidence such as invoices, logs, malware analysis, blocklist results, ? impersonation details;
- complainant contact inf?mation;
- proof of auth?ization wεδ? the complainant acts on behalf of a brκαι ? victim entity.
7. Evidence Stκαιards
7.1 Εν?ργειαable Evidence
Evidence is actionable when the inf?mation reasonably available to NiceNIC is sufficient to determine that the spons?ed τομ?α? name is being used f? DNS Abuse ? other enf?ceable abuse activity.
Παρ?δειγμαs include:
- a phishing page screenshot showing the full URL και impersonated brκαι;
- a phishing email with full headers και linked malicious URL;
- malware ? exploit delivery from the rep?ted τομ?α? ? URL;
- reputation/blocklist data that supp?ts the rep?ted conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, ? credential capture;
- multiple consistent signals from trusted ? recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient wεδ? the complaint contains only:
- a τομ?α? name with no abusive URL;
- keyw?ds only;
- allegations without screenshots, headers, logs, ? other supp?t;
- general statements that a name "looks suspicious";
- pure brκαι conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware ? phishing feeds;
- reputation υπηρεσ?αs;
- pri? internal case hist?y.
8. Case Pri?ity και Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mκαιated fixed deadlines.
Pri?ity 0 - Emergency / Active Harm
Παρ?δειγμαs:
- active phishing harvesting credentials ? payment data;
- malware delivery;
- botnet / commκαι-και-control use;
- CSAM;
- law-enf?cement emergency notice;
- wallet-drainer ? seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- wεδ? actionable, mitigation n?mally within 24 hours, και no later than 48 hours absent exceptional facts.
Pri?ity 1 - High-Risk Εν?ργειαable Abuse
Παρ?δειγμαs:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- τομ?α?s already flagged by reliable third-party sources with c?rob?ating evidence.
- review within 1 business day;
- mitigation ? documented επ?μενο step within 48 hours.
Pri?ity 2 - ?χιn-DNS Abuse with Sufficient Evidence
Παρ?δειγμαs:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy ? content complaints lacking qualifying DNS-abuse indicat?s.
- ackτ?ραledge promptly;
- notify registrant/reseller wεδ? appropriate;
- request remediation ? additional documentation.
Pri?ity 3 - Incomplete / Low-Quality Rep?ts
Target:
- ackτ?ραledgment και request f? additional evidence;
- no suspension solely on this basis.
9. W?kflow
9.1 Intake
Every rep?t receives:
- case ID;
- timestamp;
- source classification;
- τομ?α? linkage;
- abuse categ?y;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- auth?ity / trusted-rep?ter status;
- reseller vs retail account;
- current τομ?α? status;
- repeat-offender / repeat-case hist?y.
9.3 Investigation
The reviewer checks:
- rep?ted URL ? content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account hist?y;
- pri? complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional ? caused by compromise;
- whether the abuse is occurring at second-level τομ?α?, subτομ?α?, web content, ? email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request m?e evidence from complainant;
- notify registrant ? reseller f? remediation;
- clientHold;
- transfer lock in conjunction with mitigation wεδ? appropriate;
- referral to registry, host, law enf?cement, payment provider, ? other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 ?χιtifications
F? clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first και notify after action.
F? likely compromise scenarios ? non-DNS matters, NiceNIC may notify first wεδ? that is consistent with risk control και does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm και the risk of collateral damage.
10. Κατηγορ?α-Specific Rules
10.1 Drugs / kra / slon / mega Λ?ξει?-κλειδι?
Keyw?d presence alone is not enough f? DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keyw?ds ? product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, ? other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review wεδ? the site is only a dubious investment ? false-profit promotion;
- DNS Abuse / urgent abuse wεδ? the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, ? malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve rec?ds, avoid unnecessary customer back-και-f?th, και escalate to the appropriate auth?ity ? registry if required.
10.4 DMCA / Πνευματικ? Δικαι?ματα
Do not auto-suspend purely on large content lists ? unsupp?ted bulk allegations.
F?ward proper notices wεδ? appropriate, require a compliant notice f?mat, και allow the τομ?α? holder to address the claim unless a court ?der, registry rule, ? other stronger basis requires m?e immediate action.
This is also broadly consistent with how maj? registrars separate copyright/trademark processing from phishing/malware hκαιling.
10.5 Trademark / Brκαι Complaints
Trademark disputes are not automatically DNS Abuse.
Wεδ? the issue is a τομ?α?-name rights dispute, complainants should generally be directed toward UDRP, URS, ? court process as appropriate, unless the evidence also shows phishing, impersonation, ? other abuse. ?νομαφθην? publicly distinguishes abuse hκαιling from UDRP/URS hκαιling in the same way.
11. Registrant / Μεταπωλητ?? Communication Rules
11.1 Retail Customers
F? clear DNS Abuse with sufficient evidence:
- τομ?α? may be suspended immediately;
- the first customer-facing reply should state the basis, the self-υπηρεσ?α path to view the case summary, και the evidence stκαιard required f? reconsideration.
11.2 Μεταπωλητ??s
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wεδ? actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsupp?ted denials such as "content removed" ? "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise και remediation;
- clean current review results;
- third-party reputation recovery wεδ? applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- ackτ?ραledgment of receipt;
- case ID ? equivalent reference;
- request f? m?e evidence if needed;
- status update when action is taken ? declined;
- no unnecessary substantive discussion wεδ? the τομ?α? is already suspended ? pending suspension και the key outcome is final.
13. Trusted Rep?ter Program
NiceNIC may maintain a trusted-rep?ter list f? sources that consistently provide accurate, well-f?med, και actionable rep?ts.
Trusted-rep?ter status may provide:
- pri?ity intake;
- structured data submission;
- simplified evidence f?matting;
- API ? fast-lane hκαιling.
14. Rec?dkeeping και Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up και final disposition.
15. Compliance Controls
NiceNIC should perf?m:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions και evidence thresholds;
- testing of abuse mailbox και webf?m operability;
- review of template accuracy;
- monit?ing of repeat err?s και reopened cases;
- monthly review of τομ?α?s with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first ackτ?ραledgment;
- time to first human review;
- time to mitigation f? actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted ? denied;
- repeat-abuse τομ?α?s;
- repeat-abuse accounts;
- trusted-rep?ter accuracy rate;
- complaints already resolved bef?e manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse rep?ts promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse και other types of complaints.
- NiceNIC acts based on evidence, risk, και applicable policy.
- NiceNIC may suspend immediately wεδ? tεδ? is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request m?e inf?mation ? direct the complainant to a m?e appropriate action point wεδ? the registrar is not the sole effective responder.
- NiceNIC keeps case rec?ds και can demonstrate its hκαιling process if reviewed by ICANN ? registry partners.
Χρει?ζεστε βο?θεια; Ε?μαστε π?ντα εδ? για εσ??.
Υποβολ? Αιτ?ματο?
- Ον?ματα Τομ?α
- Καταχ?ρησηing Domains
- Μεταπωλητ?? Τομ?ων
- Τιμ?? domain
- Αναζ?τηση Whois
- Τα προ??ντα μα?
- Αφιερωμ?νο? Διακομιστ??
- Cloud Server
- Πιστοποιητικ? SSL
- Επαγγελματικ? Email
- Εταιρικ? προφ?λ
- Σχετικ? με τη NiceNIC
- Ειδ?σει? Domain
- Τρ?πο? πληρωμ??
- Συμφων?ε?
- Υποστ?ριξη Πελατ?ν
- Κ?ντρο Βο?θεια?
- Υποβολ? Αιτ?ματο?
- Επικοινων?στε μαζ? μα?
- Αναφορ? Κακοπο?ηση?
Πνευματικ? Δικαι?ματα © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED ?λα τα δικαι?ματα διατηρο?νται