X
NiceNIC Abuse Hとling Manual
1. Purpose
NiceNIC maintains this Abuse Hとling Manual to ensure that abuse complaints involving ドメイン names sponsまたはed by NiceNIC are received, assessed, tracked, investigated, と addressed in a consistent, documented, と risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users と affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, と documented hとling fまたは registrants と resellers;
4.demonstrate a clear, defensible, と auditable abuse response process.
NiceNIC will investigate abuse repまたはts promptly と will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repまたはted activity, the likelihood of ongoing harm, と the risk of collateral damage to legitimate サービスs. This approach is aligned with Section 3.18 of the 2013 RAA と ICANN's 2024 DNS Abuse Advisまたはy.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fまたは NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expとed High-Risk Abuse Categまたはies
NiceNIC may also classify certain matters as Expとed High-Risk Abuse Categまたはies under its own abuse と risk rules, even wこちら they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 いいえn-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hとles abuse repまたはts accまたはding to the following principles:
5. Repまたはting Channels
NiceNIC shall maintain:
6. Minimum Infまたはmation Required in a Complaint
?へ be processed efficiently, a complaint should include:
7. Evidence Stとards
7.1 操作able Evidence
Evidence is actionable when the infまたはmation reasonably available to NiceNIC is sufficient to determine that the sponsまたはed ドメイン name is being used fまたは DNS Abuse または other enfまたはceable abuse activity.
例s include:
7.2 Insufficient Evidence
Evidence is insufficient wこちら the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Priまたはity と Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mとated fixed deadlines.
Priまたはity 0 - Emergency / Active Harm
例s:
Priまたはity 1 - High-Risk 操作able Abuse
例s:
Priまたはity 2 - いいえn-DNS Abuse with Sufficient Evidence
例s:
Priまたはity 3 - Incomplete / Low-Quality Repまたはts
Target:
9. Wまたはkflow
9.1 Intake
Every repまたはt receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 いいえtifications
Fまたは clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first と notify after action.
Fまたは likely compromise scenarios または non-DNS matters, NiceNIC may notify first wこちら that is consistent with risk control と does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm と the risk of collateral damage.
10. カテゴリ-Specific Rules
10.1 Drugs / kra / slon / mega キーワード
Keywまたはd presence alone is not enough fまたは DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recまたはds, avoid unnecessary customer back-と-fまたはth, と escalate to the appropriate authまたはity または registry if required.
10.4 DMCA / 著作権
Do not auto-suspend purely on large content lists または unsuppまたはted bulk allegations.
Fまたはward proper notices wこちら appropriate, require a compliant notice fまたはmat, と allow the ドメイン holder to address the claim unless a court またはder, registry rule, または other stronger basis requires mまたはe immediate action.
This is also broadly consistent with how majまたは registrars separate copyright/trademark processing from phishing/malware hとling.
10.5 Trademark / Brと Complaints
Trademark disputes are not automatically DNS Abuse.
Wこちら the issue is a ドメイン-name rights dispute, complainants should generally be directed toward UDRP, URS, または court process as appropriate, unless the evidence also shows phishing, impersonation, または other abuse. 名前格安 publicly distinguishes abuse hとling from UDRP/URS hとling in the same way.
11. Registrant / リセラー Communication Rules
11.1 Retail Customers
Fまたは clear DNS Abuse with sufficient evidence:
11.2 リセラーs
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wこちら actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppまたはted denials such as "content removed" または "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Repまたはter Program
NiceNIC may maintain a trusted-repまたはter list fまたは sources that consistently provide accurate, well-fまたはmed, と actionable repまたはts.
Trusted-repまたはter status may provide:
14. Recまたはdkeeping と Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfまたはm:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Hとling Manual to ensure that abuse complaints involving ドメイン names sponsまたはed by NiceNIC are received, assessed, tracked, investigated, と addressed in a consistent, documented, と risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users と affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, と documented hとling fまたは registrants と resellers;
4.demonstrate a clear, defensible, と auditable abuse response process.
NiceNIC will investigate abuse repまたはts promptly と will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repまたはted activity, the likelihood of ongoing harm, と the risk of collateral damage to legitimate サービスs. This approach is aligned with Section 3.18 of the 2013 RAA と ICANN's 2024 DNS Abuse Advisまたはy.
2. Scope
This manual applies to:
- ドメイン names sponsまたはed by NiceNIC;
- abuse repまたはts submitted by individuals, companies, security researchers, trusted repまたはters, registries, law enfまたはcement, または other authまたはities;
- retail customers と reseller-managed names;
- both DNS Abuse と non-DNS abuse または illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fまたは NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expとed High-Risk Abuse Categまたはies
NiceNIC may also classify certain matters as Expとed High-Risk Abuse Categまたはies under its own abuse と risk rules, even wこちら they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) または child exploitation content;
- illicit drug sales または high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity wこちら urgent action is justified by law, registry policy, competent authまたはity request, または clear risk evidence.
3.3 いいえn-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling または gaming content;
- misleading または fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatまたはs;
- general policy violations.
4. Guiding Principles
NiceNIC hとles abuse repまたはts accまたはding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywまたはds, assumptions, または unsuppまたはted allegations alone.
- Risk-based response. Faster と stronger action applies wこちら the evidence is actionable と the harm is ongoing または severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wこちら the evidence indicates a compromise scenario と a full hold would create dispropまたはtionate collateral damage.
- Consistency と documentation. Every case must be categまたはized, tracked, と recまたはded.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfまたはm operatまたは, payment processまたは, または law enfまたはcement may also be a relevant または mまたはe effective action point.
5. Repまたはting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage または designated abuse page;
- a published description of how abuse repまたはts are received, hとled, と tracked;
- a dedicated 24/7 monitまたはed abuse contact point fまたは law enfまたはcement と similar authまたはities as required under the RAA.
- abuse mailbox;
- suppまたはt ticket system;
- webfまたはm;
- trusted-repまたはter channel;
- registry escalation;
- law-enfまたはcement / government channel.
6. Minimum Infまたはmation Required in a Complaint
?へ be processed efficiently, a complaint should include:
- the repまたはted ドメイン name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content と the full URL;
- full email headers wこちら email abuse, phishing, または fraud is involved;
- suppまたはting evidence such as invoices, logs, malware analysis, blocklist results, または impersonation details;
- complainant contact infまたはmation;
- proof of authまたはization wこちら the complainant acts on behalf of a brと または victim entity.
7. Evidence Stとards
7.1 操作able Evidence
Evidence is actionable when the infまたはmation reasonably available to NiceNIC is sufficient to determine that the sponsまたはed ドメイン name is being used fまたは DNS Abuse または other enfまたはceable abuse activity.
例s include:
- a phishing page screenshot showing the full URL と impersonated brと;
- a phishing email with full headers と linked malicious URL;
- malware または exploit delivery from the repまたはted ドメイン または URL;
- reputation/blocklist data that suppまたはts the repまたはted conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, または credential capture;
- multiple consistent signals from trusted または recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient wこちら the complaint contains only:
- a ドメイン name with no abusive URL;
- keywまたはds only;
- allegations without screenshots, headers, logs, または other suppまたはt;
- general statements that a name "looks suspicious";
- pure brと conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware または phishing feeds;
- reputation サービスs;
- priまたは internal case histまたはy.
8. Case Priまたはity と Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mとated fixed deadlines.
Priまたはity 0 - Emergency / Active Harm
例s:
- active phishing harvesting credentials または payment data;
- malware delivery;
- botnet / commと-と-control use;
- CSAM;
- law-enfまたはcement emergency notice;
- wallet-drainer または seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- wこちら actionable, mitigation nまたはmally within 24 hours, と no later than 48 hours absent exceptional facts.
Priまたはity 1 - High-Risk 操作able Abuse
例s:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- ドメインs already flagged by reliable third-party sources with cまたはrobまたはating evidence.
- review within 1 business day;
- mitigation または documented 次へ step within 48 hours.
Priまたはity 2 - いいえn-DNS Abuse with Sufficient Evidence
例s:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy または content complaints lacking qualifying DNS-abuse indicatまたはs.
- ack今すぐl(fā)edge promptly;
- notify registrant/reseller wこちら appropriate;
- request remediation または additional documentation.
Priまたはity 3 - Incomplete / Low-Quality Repまたはts
Target:
- ack今すぐl(fā)edgment と request fまたは additional evidence;
- no suspension solely on this basis.
9. Wまたはkflow
9.1 Intake
Every repまたはt receives:
- case ID;
- timestamp;
- source classification;
- ドメイン linkage;
- abuse categまたはy;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authまたはity / trusted-repまたはter status;
- reseller vs retail account;
- current ドメイン status;
- repeat-offender / repeat-case histまたはy.
9.3 Investigation
The reviewer checks:
- repまたはted URL または content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histまたはy;
- priまたは complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional または caused by compromise;
- whether the abuse is occurring at second-level ドメイン, subドメイン, web content, または email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request mまたはe evidence from complainant;
- notify registrant または reseller fまたは remediation;
- clientHold;
- transfer lock in conjunction with mitigation wこちら appropriate;
- referral to registry, host, law enfまたはcement, payment provider, または other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 いいえtifications
Fまたは clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first と notify after action.
Fまたは likely compromise scenarios または non-DNS matters, NiceNIC may notify first wこちら that is consistent with risk control と does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm と the risk of collateral damage.
10. カテゴリ-Specific Rules
10.1 Drugs / kra / slon / mega キーワード
Keywまたはd presence alone is not enough fまたは DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywまたはds または product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, または other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review wこちら the site is only a dubious investment または false-profit promotion;
- DNS Abuse / urgent abuse wこちら the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, または malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recまたはds, avoid unnecessary customer back-と-fまたはth, と escalate to the appropriate authまたはity または registry if required.
10.4 DMCA / 著作権
Do not auto-suspend purely on large content lists または unsuppまたはted bulk allegations.
Fまたはward proper notices wこちら appropriate, require a compliant notice fまたはmat, と allow the ドメイン holder to address the claim unless a court またはder, registry rule, または other stronger basis requires mまたはe immediate action.
This is also broadly consistent with how majまたは registrars separate copyright/trademark processing from phishing/malware hとling.
10.5 Trademark / Brと Complaints
Trademark disputes are not automatically DNS Abuse.
Wこちら the issue is a ドメイン-name rights dispute, complainants should generally be directed toward UDRP, URS, または court process as appropriate, unless the evidence also shows phishing, impersonation, または other abuse. 名前格安 publicly distinguishes abuse hとling from UDRP/URS hとling in the same way.
11. Registrant / リセラー Communication Rules
11.1 Retail Customers
Fまたは clear DNS Abuse with sufficient evidence:
- ドメイン may be suspended immediately;
- the first customer-facing reply should state the basis, the self-サービス path to view the case summary, と the evidence stとard required fまたは reconsideration.
11.2 リセラーs
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wこちら actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppまたはted denials such as "content removed" または "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise と remediation;
- clean current review results;
- third-party reputation recovery wこちら applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- ack今すぐl(fā)edgment of receipt;
- case ID または equivalent reference;
- request fまたは mまたはe evidence if needed;
- status update when action is taken または declined;
- no unnecessary substantive discussion wこちら the ドメイン is already suspended または pending suspension と the key outcome is final.
13. Trusted Repまたはter Program
NiceNIC may maintain a trusted-repまたはter list fまたは sources that consistently provide accurate, well-fまたはmed, と actionable repまたはts.
Trusted-repまたはter status may provide:
- priまたはity intake;
- structured data submission;
- simplified evidence fまたはmatting;
- API または fast-lane hとling.
14. Recまたはdkeeping と Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up と final disposition.
15. Compliance Controls
NiceNIC should perfまたはm:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions と evidence thresholds;
- testing of abuse mailbox と webfまたはm operability;
- review of template accuracy;
- monitまたはing of repeat errまたはs と reopened cases;
- monthly review of ドメインs with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first ack今すぐl(fā)edgment;
- time to first human review;
- time to mitigation fまたは actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted または denied;
- repeat-abuse ドメインs;
- repeat-abuse accounts;
- trusted-repまたはter accuracy rate;
- complaints already resolved befまたはe manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse repまたはts promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse と other types of complaints.
- NiceNIC acts based on evidence, risk, と applicable policy.
- NiceNIC may suspend immediately wこちら tこちら is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request mまたはe infまたはmation または direct the complainant to a mまたはe appropriate action point wこちら the registrar is not the sole effective responder.
- NiceNIC keeps case recまたはds と can demonstrate its hとling process if reviewed by ICANN または registry partners.
お困りですか?いつでもお?dú)葺Xにご相談ください。
チケットを送信
