X
NiceNIC Abuse Hochling Manual
1. Purpose
NiceNIC maintains this Abuse Hochling Manual to ensure that abuse complaints involving dom?n names sponsellered by NiceNIC are received, assessed, tracked, investigated, och addressed in a consistent, documented, och risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users och affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, och documented hochling feller registrants och resellers;
4.demonstrate a clear, defensible, och auditable abuse response process.
NiceNIC will investigate abuse repellerts promptly och will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repellerted activity, the likelihood of ongoing harm, och the risk of collateral damage to legitimate tj?nsts. This approach is aligned with Section 3.18 of the 2013 RAA och ICANN's 2024 DNS Abuse Advisellery.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Feller NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expoched High-Risk Abuse Categelleries
NiceNIC may also classify certain matters as Expoched High-Risk Abuse Categelleries under its own abuse och risk rules, even wh?r they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Nejn-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hochles abuse repellerts accellerding to the following principles:
5. Repellerting Channels
NiceNIC shall maintain:
6. Minimum Infellermation Required in a Complaint
Till be processed efficiently, a complaint should include:
7. Evidence Stochards
7.1 ?tg?rdable Evidence
Evidence is actionable when the infellermation reasonably available to NiceNIC is sufficient to determine that the sponsellered dom?n name is being used feller DNS Abuse eller other enfellerceable abuse activity.
Exempels include:
7.2 Insufficient Evidence
Evidence is insufficient wh?r the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Priellerity och Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mochated fixed deadlines.
Priellerity 0 - Emergency / Active Harm
Exempels:
Priellerity 1 - High-Risk ?tg?rdable Abuse
Exempels:
Priellerity 2 - Nejn-DNS Abuse with Sufficient Evidence
Exempels:
Priellerity 3 - Incomplete / Low-Quality Repellerts
Target:
9. Wellerkflow
9.1 Intake
Every repellert receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Nejtifications
Feller clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first och notify after action.
Feller likely compromise scenarios eller non-DNS matters, NiceNIC may notify first wh?r that is consistent with risk control och does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm och the risk of collateral damage.
10. Kategori-Specific Rules
10.1 Drugs / kra / slon / mega Nyckelord
Keywellerd presence alone is not enough feller DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recellerds, avoid unnecessary customer back-och-fellerth, och escalate to the appropriate authellerity eller registry if required.
10.4 DMCA / Copyright
Do not auto-suspend purely on large content lists eller unsuppellerted bulk allegations.
Fellerward proper notices wh?r appropriate, require a compliant notice fellermat, och allow the dom?n holder to address the claim unless a court ellerder, registry rule, eller other stronger basis requires mellere immediate action.
This is also broadly consistent with how majeller registrars separate copyright/trademark processing from phishing/malware hochling.
10.5 Trademark / Broch Complaints
Trademark disputes are not automatically DNS Abuse.
Wh?r the issue is a dom?n-name rights dispute, complainants should generally be directed toward UDRP, URS, eller court process as appropriate, unless the evidence also shows phishing, impersonation, eller other abuse. Namnbilligt publicly distinguishes abuse hochling from UDRP/URS hochling in the same way.
11. Registrant / ?terf?rs?ljare Communication Rules
11.1 Retail Customers
Feller clear DNS Abuse with sufficient evidence:
11.2 ?terf?rs?ljares
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wh?r actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppellerted denials such as "content removed" eller "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Repellerter Program
NiceNIC may maintain a trusted-repellerter list feller sources that consistently provide accurate, well-fellermed, och actionable repellerts.
Trusted-repellerter status may provide:
14. Recellerdkeeping och Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfellerm:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Hochling Manual to ensure that abuse complaints involving dom?n names sponsellered by NiceNIC are received, assessed, tracked, investigated, och addressed in a consistent, documented, och risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users och affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, och documented hochling feller registrants och resellers;
4.demonstrate a clear, defensible, och auditable abuse response process.
NiceNIC will investigate abuse repellerts promptly och will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repellerted activity, the likelihood of ongoing harm, och the risk of collateral damage to legitimate tj?nsts. This approach is aligned with Section 3.18 of the 2013 RAA och ICANN's 2024 DNS Abuse Advisellery.
2. Scope
This manual applies to:
- dom?n names sponsellered by NiceNIC;
- abuse repellerts submitted by individuals, companies, security researchers, trusted repellerters, registries, law enfellercement, eller other authellerities;
- retail customers och reseller-managed names;
- both DNS Abuse och non-DNS abuse eller illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Feller NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expoched High-Risk Abuse Categelleries
NiceNIC may also classify certain matters as Expoched High-Risk Abuse Categelleries under its own abuse och risk rules, even wh?r they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) eller child exploitation content;
- illicit drug sales eller high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity wh?r urgent action is justified by law, registry policy, competent authellerity request, eller clear risk evidence.
3.3 Nejn-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling eller gaming content;
- misleading eller fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatellers;
- general policy violations.
4. Guiding Principles
NiceNIC hochles abuse repellerts accellerding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywellerds, assumptions, eller unsuppellerted allegations alone.
- Risk-based response. Faster och stronger action applies wh?r the evidence is actionable och the harm is ongoing eller severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wh?r the evidence indicates a compromise scenario och a full hold would create dispropellertionate collateral damage.
- Consistency och documentation. Every case must be categellerized, tracked, och recellerded.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfellerm operateller, payment processeller, eller law enfellercement may also be a relevant eller mellere effective action point.
5. Repellerting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage eller designated abuse page;
- a published description of how abuse repellerts are received, hochled, och tracked;
- a dedicated 24/7 monitellered abuse contact point feller law enfellercement och similar authellerities as required under the RAA.
- abuse mailbox;
- suppellert ticket system;
- webfellerm;
- trusted-repellerter channel;
- registry escalation;
- law-enfellercement / government channel.
6. Minimum Infellermation Required in a Complaint
Till be processed efficiently, a complaint should include:
- the repellerted dom?n name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content och the full URL;
- full email headers wh?r email abuse, phishing, eller fraud is involved;
- suppellerting evidence such as invoices, logs, malware analysis, blocklist results, eller impersonation details;
- complainant contact infellermation;
- proof of authellerization wh?r the complainant acts on behalf of a broch eller victim entity.
7. Evidence Stochards
7.1 ?tg?rdable Evidence
Evidence is actionable when the infellermation reasonably available to NiceNIC is sufficient to determine that the sponsellered dom?n name is being used feller DNS Abuse eller other enfellerceable abuse activity.
Exempels include:
- a phishing page screenshot showing the full URL och impersonated broch;
- a phishing email with full headers och linked malicious URL;
- malware eller exploit delivery from the repellerted dom?n eller URL;
- reputation/blocklist data that suppellerts the repellerted conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, eller credential capture;
- multiple consistent signals from trusted eller recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient wh?r the complaint contains only:
- a dom?n name with no abusive URL;
- keywellerds only;
- allegations without screenshots, headers, logs, eller other suppellert;
- general statements that a name "looks suspicious";
- pure broch conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware eller phishing feeds;
- reputation tj?nsts;
- prieller internal case histellery.
8. Case Priellerity och Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mochated fixed deadlines.
Priellerity 0 - Emergency / Active Harm
Exempels:
- active phishing harvesting credentials eller payment data;
- malware delivery;
- botnet / commoch-och-control use;
- CSAM;
- law-enfellercement emergency notice;
- wallet-drainer eller seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- wh?r actionable, mitigation nellermally within 24 hours, och no later than 48 hours absent exceptional facts.
Priellerity 1 - High-Risk ?tg?rdable Abuse
Exempels:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- dom?ns already flagged by reliable third-party sources with cellerrobellerating evidence.
- review within 1 business day;
- mitigation eller documented n?sta step within 48 hours.
Priellerity 2 - Nejn-DNS Abuse with Sufficient Evidence
Exempels:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy eller content complaints lacking qualifying DNS-abuse indicatellers.
- acknuledge promptly;
- notify registrant/reseller wh?r appropriate;
- request remediation eller additional documentation.
Priellerity 3 - Incomplete / Low-Quality Repellerts
Target:
- acknuledgment och request feller additional evidence;
- no suspension solely on this basis.
9. Wellerkflow
9.1 Intake
Every repellert receives:
- case ID;
- timestamp;
- source classification;
- dom?n linkage;
- abuse categellery;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authellerity / trusted-repellerter status;
- reseller vs retail account;
- current dom?n status;
- repeat-offender / repeat-case histellery.
9.3 Investigation
The reviewer checks:
- repellerted URL eller content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histellery;
- prieller complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional eller caused by compromise;
- whether the abuse is occurring at second-level dom?n, subdom?n, web content, eller email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request mellere evidence from complainant;
- notify registrant eller reseller feller remediation;
- clientHold;
- transfer lock in conjunction with mitigation wh?r appropriate;
- referral to registry, host, law enfellercement, payment provider, eller other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Nejtifications
Feller clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first och notify after action.
Feller likely compromise scenarios eller non-DNS matters, NiceNIC may notify first wh?r that is consistent with risk control och does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm och the risk of collateral damage.
10. Kategori-Specific Rules
10.1 Drugs / kra / slon / mega Nyckelord
Keywellerd presence alone is not enough feller DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywellerds eller product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, eller other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review wh?r the site is only a dubious investment eller false-profit promotion;
- DNS Abuse / urgent abuse wh?r the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, eller malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recellerds, avoid unnecessary customer back-och-fellerth, och escalate to the appropriate authellerity eller registry if required.
10.4 DMCA / Copyright
Do not auto-suspend purely on large content lists eller unsuppellerted bulk allegations.
Fellerward proper notices wh?r appropriate, require a compliant notice fellermat, och allow the dom?n holder to address the claim unless a court ellerder, registry rule, eller other stronger basis requires mellere immediate action.
This is also broadly consistent with how majeller registrars separate copyright/trademark processing from phishing/malware hochling.
10.5 Trademark / Broch Complaints
Trademark disputes are not automatically DNS Abuse.
Wh?r the issue is a dom?n-name rights dispute, complainants should generally be directed toward UDRP, URS, eller court process as appropriate, unless the evidence also shows phishing, impersonation, eller other abuse. Namnbilligt publicly distinguishes abuse hochling from UDRP/URS hochling in the same way.
11. Registrant / ?terf?rs?ljare Communication Rules
11.1 Retail Customers
Feller clear DNS Abuse with sufficient evidence:
- dom?n may be suspended immediately;
- the first customer-facing reply should state the basis, the self-tj?nst path to view the case summary, och the evidence stochard required feller reconsideration.
11.2 ?terf?rs?ljares
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wh?r actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppellerted denials such as "content removed" eller "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise och remediation;
- clean current review results;
- third-party reputation recovery wh?r applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- acknuledgment of receipt;
- case ID eller equivalent reference;
- request feller mellere evidence if needed;
- status update when action is taken eller declined;
- no unnecessary substantive discussion wh?r the dom?n is already suspended eller pending suspension och the key outcome is final.
13. Trusted Repellerter Program
NiceNIC may maintain a trusted-repellerter list feller sources that consistently provide accurate, well-fellermed, och actionable repellerts.
Trusted-repellerter status may provide:
- priellerity intake;
- structured data submission;
- simplified evidence fellermatting;
- API eller fast-lane hochling.
14. Recellerdkeeping och Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up och final disposition.
15. Compliance Controls
NiceNIC should perfellerm:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions och evidence thresholds;
- testing of abuse mailbox och webfellerm operability;
- review of template accuracy;
- monitellering of repeat errellers och reopened cases;
- monthly review of dom?ns with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first acknuledgment;
- time to first human review;
- time to mitigation feller actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted eller denied;
- repeat-abuse dom?ns;
- repeat-abuse accounts;
- trusted-repellerter accuracy rate;
- complaints already resolved befellere manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse repellerts promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse och other types of complaints.
- NiceNIC acts based on evidence, risk, och applicable policy.
- NiceNIC may suspend immediately wh?r th?r is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request mellere infellermation eller direct the complainant to a mellere appropriate action point wh?r the registrar is not the sole effective responder.
- NiceNIC keeps case recellerds och can demonstrate its hochling process if reviewed by ICANN eller registry partners.
Beh?ver du hj?lp? Vi finns alltid h?r f?r dig.
Skicka in en f?rfr?gan
- V?ra produkter
- Dedikerad server
- Molnserver
- SSL-certifikat
- F?retagsmail
- F?retagsprofil
- Om NiceNIC
- Dom?nnyheter
- Betalningsmetod
- Avtal
Copyright © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Alla r?ttigheter f?rbeh?llna