X
NiceNIC Abuse Hveling Manual
1. Purpose
NiceNIC maintains this Abuse Hveling Manual to ensure that abuse complaints involving domain names sponsveyaed by NiceNIC are received, assessed, tracked, investigated, ve addressed in a consistent, documented, ve risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users ve affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, ve documented hveling fveya registrants ve resellers;
4.demonstrate a clear, defensible, ve auditable abuse response process.
NiceNIC will investigate abuse repveyats promptly ve will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repveyated activity, the likelihood of ongoing harm, ve the risk of collateral damage to legitimate hizmets. This approach is aligned with Section 3.18 of the 2013 RAA ve ICANN's 2024 DNS Abuse Advisveyay.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fveya NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expveed High-Risk Abuse Categveyaies
NiceNIC may also classify certain matters as Expveed High-Risk Abuse Categveyaies under its own abuse ve risk rules, even wburaya they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Hay?rn-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hveles abuse repveyats accveyading to the following principles:
5. Repveyating Channels
NiceNIC shall maintain:
6. Minimum Infveyamation Required in a Complaint
??in be processed efficiently, a complaint should include:
7. Evidence Stveards
7.1 ??lemable Evidence
Evidence is actionable when the infveyamation reasonably available to NiceNIC is sufficient to determine that the sponsveyaed domain name is being used fveya DNS Abuse veya other enfveyaceable abuse activity.
?rneks include:
7.2 Insufficient Evidence
Evidence is insufficient wburaya the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Priveyaity ve Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mveated fixed deadlines.
Priveyaity 0 - Emergency / Active Harm
?rneks:
Priveyaity 1 - High-Risk ??lemable Abuse
?rneks:
Priveyaity 2 - Hay?rn-DNS Abuse with Sufficient Evidence
?rneks:
Priveyaity 3 - Incomplete / Low-Quality Repveyats
Target:
9. Wveyakflow
9.1 Intake
Every repveyat receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Hay?rtifications
Fveya clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first ve notify after action.
Fveya likely compromise scenarios veya non-DNS matters, NiceNIC may notify first wburaya that is consistent with risk control ve does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm ve the risk of collateral damage.
10. Kategveyai-Specific Rules
10.1 Drugs / kra / slon / mega Anahtar Kelimeler
Keywveyad presence alone is not enough fveya DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recveyads, avoid unnecessary customer back-ve-fveyath, ve escalate to the appropriate authveyaity veya registry if required.
10.4 DMCA / Telif Hakk?
Do not auto-suspend purely on large content lists veya unsuppveyated bulk allegations.
Fveyaward proper notices wburaya appropriate, require a compliant notice fveyamat, ve allow the domain holder to address the claim unless a court veyader, registry rule, veya other stronger basis requires mveyae immediate action.
This is also broadly consistent with how majveya registrars separate copyright/trademark processing from phishing/malware hveling.
10.5 Trademark / Brve Complaints
Trademark disputes are not automatically DNS Abuse.
Wburaya the issue is a domain-name rights dispute, complainants should generally be directed toward UDRP, URS, veya court process as appropriate, unless the evidence also shows phishing, impersonation, veya other abuse. Aducuz publicly distinguishes abuse hveling from UDRP/URS hveling in the same way.
11. Registrant / Bayi Communication Rules
11.1 Retail Customers
Fveya clear DNS Abuse with sufficient evidence:
11.2 Bayis
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wburaya actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppveyated denials such as "content removed" veya "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Repveyater Program
NiceNIC may maintain a trusted-repveyater list fveya sources that consistently provide accurate, well-fveyamed, ve actionable repveyats.
Trusted-repveyater status may provide:
14. Recveyadkeeping ve Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfveyam:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Hveling Manual to ensure that abuse complaints involving domain names sponsveyaed by NiceNIC are received, assessed, tracked, investigated, ve addressed in a consistent, documented, ve risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users ve affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, ve documented hveling fveya registrants ve resellers;
4.demonstrate a clear, defensible, ve auditable abuse response process.
NiceNIC will investigate abuse repveyats promptly ve will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repveyated activity, the likelihood of ongoing harm, ve the risk of collateral damage to legitimate hizmets. This approach is aligned with Section 3.18 of the 2013 RAA ve ICANN's 2024 DNS Abuse Advisveyay.
2. Scope
This manual applies to:
- domain names sponsveyaed by NiceNIC;
- abuse repveyats submitted by individuals, companies, security researchers, trusted repveyaters, registries, law enfveyacement, veya other authveyaities;
- retail customers ve reseller-managed names;
- both DNS Abuse ve non-DNS abuse veya illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fveya NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expveed High-Risk Abuse Categveyaies
NiceNIC may also classify certain matters as Expveed High-Risk Abuse Categveyaies under its own abuse ve risk rules, even wburaya they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) veya child exploitation content;
- illicit drug sales veya high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity wburaya urgent action is justified by law, registry policy, competent authveyaity request, veya clear risk evidence.
3.3 Hay?rn-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling veya gaming content;
- misleading veya fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatveyas;
- general policy violations.
4. Guiding Principles
NiceNIC hveles abuse repveyats accveyading to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywveyads, assumptions, veya unsuppveyated allegations alone.
- Risk-based response. Faster ve stronger action applies wburaya the evidence is actionable ve the harm is ongoing veya severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wburaya the evidence indicates a compromise scenario ve a full hold would create dispropveyationate collateral damage.
- Consistency ve documentation. Every case must be categveyaized, tracked, ve recveyaded.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfveyam operatveya, payment processveya, veya law enfveyacement may also be a relevant veya mveyae effective action point.
5. Repveyating Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage veya designated abuse page;
- a published description of how abuse repveyats are received, hveled, ve tracked;
- a dedicated 24/7 monitveyaed abuse contact point fveya law enfveyacement ve similar authveyaities as required under the RAA.
- abuse mailbox;
- suppveyat ticket system;
- webfveyam;
- trusted-repveyater channel;
- registry escalation;
- law-enfveyacement / government channel.
6. Minimum Infveyamation Required in a Complaint
??in be processed efficiently, a complaint should include:
- the repveyated domain name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content ve the full URL;
- full email headers wburaya email abuse, phishing, veya fraud is involved;
- suppveyating evidence such as invoices, logs, malware analysis, blocklist results, veya impersonation details;
- complainant contact infveyamation;
- proof of authveyaization wburaya the complainant acts on behalf of a brve veya victim entity.
7. Evidence Stveards
7.1 ??lemable Evidence
Evidence is actionable when the infveyamation reasonably available to NiceNIC is sufficient to determine that the sponsveyaed domain name is being used fveya DNS Abuse veya other enfveyaceable abuse activity.
?rneks include:
- a phishing page screenshot showing the full URL ve impersonated brve;
- a phishing email with full headers ve linked malicious URL;
- malware veya exploit delivery from the repveyated domain veya URL;
- reputation/blocklist data that suppveyats the repveyated conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, veya credential capture;
- multiple consistent signals from trusted veya recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient wburaya the complaint contains only:
- a domain name with no abusive URL;
- keywveyads only;
- allegations without screenshots, headers, logs, veya other suppveyat;
- general statements that a name "looks suspicious";
- pure brve conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware veya phishing feeds;
- reputation hizmets;
- priveya internal case histveyay.
8. Case Priveyaity ve Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mveated fixed deadlines.
Priveyaity 0 - Emergency / Active Harm
?rneks:
- active phishing harvesting credentials veya payment data;
- malware delivery;
- botnet / commve-ve-control use;
- CSAM;
- law-enfveyacement emergency notice;
- wallet-drainer veya seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- wburaya actionable, mitigation nveyamally within 24 hours, ve no later than 48 hours absent exceptional facts.
Priveyaity 1 - High-Risk ??lemable Abuse
?rneks:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- domains already flagged by reliable third-party sources with cveyarobveyaating evidence.
- review within 1 business day;
- mitigation veya documented sonraki step within 48 hours.
Priveyaity 2 - Hay?rn-DNS Abuse with Sufficient Evidence
?rneks:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy veya content complaints lacking qualifying DNS-abuse indicatveyas.
- ack?imdiledge promptly;
- notify registrant/reseller wburaya appropriate;
- request remediation veya additional documentation.
Priveyaity 3 - Incomplete / Low-Quality Repveyats
Target:
- ack?imdiledgment ve request fveya additional evidence;
- no suspension solely on this basis.
9. Wveyakflow
9.1 Intake
Every repveyat receives:
- case ID;
- timestamp;
- source classification;
- domain linkage;
- abuse categveyay;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authveyaity / trusted-repveyater status;
- reseller vs retail account;
- current domain status;
- repeat-offender / repeat-case histveyay.
9.3 Investigation
The reviewer checks:
- repveyated URL veya content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histveyay;
- priveya complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional veya caused by compromise;
- whether the abuse is occurring at second-level domain, subdomain, web content, veya email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request mveyae evidence from complainant;
- notify registrant veya reseller fveya remediation;
- clientHold;
- transfer lock in conjunction with mitigation wburaya appropriate;
- referral to registry, host, law enfveyacement, payment provider, veya other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Hay?rtifications
Fveya clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first ve notify after action.
Fveya likely compromise scenarios veya non-DNS matters, NiceNIC may notify first wburaya that is consistent with risk control ve does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm ve the risk of collateral damage.
10. Kategveyai-Specific Rules
10.1 Drugs / kra / slon / mega Anahtar Kelimeler
Keywveyad presence alone is not enough fveya DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywveyads veya product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, veya other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review wburaya the site is only a dubious investment veya false-profit promotion;
- DNS Abuse / urgent abuse wburaya the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, veya malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recveyads, avoid unnecessary customer back-ve-fveyath, ve escalate to the appropriate authveyaity veya registry if required.
10.4 DMCA / Telif Hakk?
Do not auto-suspend purely on large content lists veya unsuppveyated bulk allegations.
Fveyaward proper notices wburaya appropriate, require a compliant notice fveyamat, ve allow the domain holder to address the claim unless a court veyader, registry rule, veya other stronger basis requires mveyae immediate action.
This is also broadly consistent with how majveya registrars separate copyright/trademark processing from phishing/malware hveling.
10.5 Trademark / Brve Complaints
Trademark disputes are not automatically DNS Abuse.
Wburaya the issue is a domain-name rights dispute, complainants should generally be directed toward UDRP, URS, veya court process as appropriate, unless the evidence also shows phishing, impersonation, veya other abuse. Aducuz publicly distinguishes abuse hveling from UDRP/URS hveling in the same way.
11. Registrant / Bayi Communication Rules
11.1 Retail Customers
Fveya clear DNS Abuse with sufficient evidence:
- domain may be suspended immediately;
- the first customer-facing reply should state the basis, the self-hizmet path to view the case summary, ve the evidence stveard required fveya reconsideration.
11.2 Bayis
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wburaya actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppveyated denials such as "content removed" veya "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise ve remediation;
- clean current review results;
- third-party reputation recovery wburaya applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- ack?imdiledgment of receipt;
- case ID veya equivalent reference;
- request fveya mveyae evidence if needed;
- status update when action is taken veya declined;
- no unnecessary substantive discussion wburaya the domain is already suspended veya pending suspension ve the key outcome is final.
13. Trusted Repveyater Program
NiceNIC may maintain a trusted-repveyater list fveya sources that consistently provide accurate, well-fveyamed, ve actionable repveyats.
Trusted-repveyater status may provide:
- priveyaity intake;
- structured data submission;
- simplified evidence fveyamatting;
- API veya fast-lane hveling.
14. Recveyadkeeping ve Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up ve final disposition.
15. Compliance Controls
NiceNIC should perfveyam:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions ve evidence thresholds;
- testing of abuse mailbox ve webfveyam operability;
- review of template accuracy;
- monitveyaing of repeat errveyas ve reopened cases;
- monthly review of domains with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first ack?imdiledgment;
- time to first human review;
- time to mitigation fveya actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted veya denied;
- repeat-abuse domains;
- repeat-abuse accounts;
- trusted-repveyater accuracy rate;
- complaints already resolved befveyae manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse repveyats promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse ve other types of complaints.
- NiceNIC acts based on evidence, risk, ve applicable policy.
- NiceNIC may suspend immediately wburaya tburaya is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request mveyae infveyamation veya direct the complainant to a mveyae appropriate action point wburaya the registrar is not the sole effective responder.
- NiceNIC keeps case recveyads ve can demonstrate its hveling process if reviewed by ICANN veya registry partners.
Yard?ma m? ihtiyac?n?z var? Her zaman yan?n?zday?z.
Destek Talebi Olu?tur
- ürünlerimiz
- Adanm?? Sunucu
- Bulut Sunucu
- SSL Sertifikalar?
- ?? E-postas?
- ?irket Profili
- NiceNIC Hakk?nda
- Domain Haberleri
- ?deme Y?ntemi
- S?zle?meler
- Mü?teri Deste?i
- Yard?m Merkezi
- Destek Talebi Olu?tur
- Bize Ula??n
- ?hlal Bildir
Telif Hakk? ? 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Tüm Haklar? Sakl?d?r