Domain Name Use & Abuse Policy

1. Commitment to Internet Safety

Navicosoft Pty Ltd is dedicated to ensuring the security, stability, and resiliency of the Domain Name System (DNS). We recognize that as a Registrar, we act as a steward of the internet infrastructure. Therefore, we maintain a zero-tolerance stance toward technical DNS Abuse.Our goal is not just compliance, but the protection of the global internet community. This policy outlines our procedures for identifying, investigating, and mitigating abuse in strict accordance with Section 3.18 of the ICANN Registrar Accreditation Agreement (RAA).

2. Definition of DNS Abuse

We adhere to the industry-standard definition of DNS Abuse, focusing on technical exploitation of the domain name system. This includes, but is not limited to:
  • Malware: The distribution of software intended to disrupt, damage, or gain unauthorized access to a computer system.
  • Botnets: The use of domain names to command and control (C2) a network of compromised devices.
  • Phishing: Fraudulent attempts to obtain sensitive information (credentials, financial data) by masquerading as a trustworthy entity.
  • Pharming: The redirection of legitimate web traffic to fraudulent sites via DNS manipulation.
  • Spam: Unsolicited bulk email, specifically where it serves as a delivery mechanism for the above threats (malware, phishing, botnets).

3. Prohibited Activities

Registrants are strictly prohibited from using domains registered via Navicosoft for:
  • Operating command-and-control (C2) servers.
  • Hosting malicious payloads or exploit kits.
  • Impersonating entities for credential harvesting (Social Engineering).
  • Fast-flux hosting techniques intended to evade detection.

4. Abuse Reporting Mechanism

Navicosoft maintains a dedicated abuse desk to receive and process reports from law enforcement, consumer protection agencies, and the general public.To Submit a Report:

Email: abuse@navicosoft.com

  • Format: We encourage the use of the Abuse Reporting Format (ARF) or structured data where possible.
Required Evidence: To expedite our investigation, reports must include:
  • The specific domain name(s).
  • The nature of the abuse (e.g., Phishing URL, Malware Hash).
  • Time logs including timezone.
  • Verifiable evidence (e.g., full email headers, screenshots, sandbox analysis links).

5. Investigation & Review Process

Upon receiving a well-founded abuse report, our Compliance Team initiates a formal investigation:
  • Verification: We validate the evidence to confirm the domain is under our management and the abuse is currently active.
  • Differentiation (Malicious vs. Compromised): We distinguish between domains registered for abuse (Maliciously Registered) and legitimate domains that have been hacked (Compromised).
  • Risk Assessment: We assess the severity and immediacy of the threat to internet users.

6. Mitigation Strategy & Enforcement

Navicosoft reserves the right to take immediate, appropriate, and proportional action to stop abuse.

A. For Compromised Domains (The “Human” Approach)
We understand that legitimate website owners can fall victim to hacks. If we determine a domain is legitimate but compromised:
  • We will attempt to contact the Registrant via the email on file (WHOIS) to notify them of the breach.
  • We may temporarily suspend DNS resolution to protect the public while allowing the Registrant time to clean the infection.
  • We provide guidance on remediation steps (e.g., updating CMS, resetting credentials).
B. For Maliciously Registered Domains
For domains registered with the clear intent of causing harm, or for repeat offenders, we apply immediate technical mitigation actions, which may include:
  • ClientHold Status: Applying the EPP status code clientHold, which removes the domain from the DNS zone, effectively taking the website offline immediately.
  • DNS Sinkholing: Redirecting traffic to a secure non-routable IP or a "walled garden" page to alert visitors of the danger.
  • Domain Lock: Preventing transfer or update of the domain to prevent the attacker from evading enforcement.
  • Termination: Permanent cancellation of the domain registration.

7. Registrant Responsibilities

By registering a domain with Navicosoft, you agree to:
  • Maintain accurate and operational contact information in WHOIS records.
  • Responsibly secure your hosting environment (e.g., strong passwords, 2FA, updated software).
  • Respond within 24 hours to any abuse inquiries sent by our Compliance Team.
Failure to respond to an abuse inquiry constitutes a material breach of the Registration Agreement and serves as grounds for immediate suspension.

8. Policy Updates

Navicosoft reserves the right to modify this policy to align with evolving ICANN Consensus Policies, security standards, and global best practices. Updates are effective immediately upon publication.