EnCirca is committed to the stable and secure operation of its top-level domains (“TLDs”). Abusive use of domain names creates security and stability issues for registries, registrars and registrants – as well as for users of the Internet in general. Accordingly, EnCirca requires that domain names in its TLDs adhere to this Acceptable Use Policy (“AUP”).
EnCirca will address abusive behavior in its TLDs consistent with this AUP. EnCirca provides multiple abuse points of contact through its abuse contact page at https://www.encirca.com/abuse/. EnCirca will promptly investigate allegations of abuse and perform corrective actions.
DNS Abuse
“DNS Abuse” should be understood and defined as “any activity that makes, or intends to make, use of domain names, the Domain Name System protocol, or any digital identifiers that are similar in form or function to domain names to carry out deceptive, malicious, or illegal activity.”
For the avoidance of doubt, impersonation of a third party or organization is considered deceptive, and therefore DNS Abuse.
DNS Abuse is composed of five broad categories of harmful activity insofar as they intersect with the DNS: malware, botnets, phishing, pharming, and spam (when it serves as a delivery mechanism for the other forms of DNS Abuse).
- Malware is malicious software, installed on a device without the user’s consent, which disrupts the device’s operations, gathers sensitive information, and/or gains access to private computer systems. Malware includes viruses, spyware, ransomware, and other unwanted software.
- Botnets are collections of Internet-connected computers that have been infected with malware and commanded to perform activities under the control of a remote Administrator.
- Phishing occurs when an attacker tricks a victim into revealing sensitive personal, corporate, or financial information (e.g. account numbers, login IDs, passwords), whether through sending fraudulent or ‘look-alike’ emails, or luring end users to copycat websites. Some phishing campaigns aim to persuade the user to install software, which is in fact malware.
- Pharming is the redirection of unknowing users to fraudulent sites or services, typically through DNS hijacking or poisoning. DNS hijacking occurs when attackers use malware to redirect victims to [the attacker’s] site instead of the one initially requested. DNS poisoning causes a DNS server [or resolver] to respond with a false IP address bearing malicious code. Phishing differs from pharming in that the latter involves modifying DNS entries, while the former tricks users into entering personal information.
- Spam is unsolicited bulk email, where the recipient has not granted permission for the message to be sent, and where the message was sent as part of a larger collection of messages, all having substantively identical content.
While Spam alone is not DNS Abuse, we include it in the five key forms of DNS Abuse when it is used as a delivery mechanism for the other four forms of DNS Abuse. In other words, generic unsolicited e-mail alone does not constitute DNS Abuse, but it would constitute DNS Abuse if that e-mail is part of a phishing scheme.
Other Malicious Activities
Abusive use of a domain is described as an illegal, disruptive, malicious, or fraudulent action and includes, without limitation, the following:
- activities contrary to applicable law;
- trademark or copyright infringement, fraudulent deceptive practices, counterfeiting or other;
- child abuse imagery;
- promotion, encouragement, sale, or distribution of prescription medication without a valid prescription in violation of applicable law;
- illegal access of computers or networks;
- cyber-bullying, harassment, or other forms of abuse to individuals or groups;
- incitement to violence or other unlawful actions;
- failure by registrant of a two-character SLD to take steps to ensure against misrepresenting or falsely implying that it is affiliated with the corresponding government or country-code manager, if such affiliation, sponsorship or endorsement does not exist.
Abuse Protection
EnCirca reserves the right, at its sole discretion and at any time and without limitation, to deny, suspend, cancel, redirect, or transfer any registration or transaction, or place any domain name(s) on lock, hold, or similar status as it determines necessary for any of the following reasons:
- to protect the integrity, security and stability of the Domain Name system (DNS);
- to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process;
- to avoid any liability, civil or criminal, on the part of EnCirca, its affiliates, subsidiaries, officers, directors, contracted parties, agents, or employees;
- to comply with the terms of the applicable registration agreement and EnCirca’ policies;
- where registrant fails to keep Whois information accurate or up-to-date;
- domain name use is abusive or violates this AUP, a third party’s rights or acceptable use policies, including but not limited to the infringement of any copyright or trademark;
- to correct mistakes made by a registry operator or any registrar in connection with a domain name registration; or
- as needed during resolution of a dispute.
- for the non-payment of fees
Domain Name Use
The registrant represents and warrants to the best of their knowledge that, neither the registration of the domain nor the manner it is directly or indirectly used, infringes the legal rights of any third party. The registrant will comply with all applicable laws, including, but not limited to those relating to privacy, data collection, consumer protection, fair lending, debt collection, organic farming, and disclosure of data and financial disclosures.
If the registrant collects and maintains sensitive health and financial data, they must implement reasonable and appropriate security measures commensurate with the offering of those services, as defined by applicable law. The registrant represents that they possess any necessary authorization, charter, license, and/or other related credential for participation in the sector associated with the associated registry tld string.
The registrant will report any material changes to the validity of their authorization, charter, license, and/or other related credential.
The registrant will indemnify and hold harmless the registrar and registry operator, and their directors, officers, employees and agents, from and against any and all claims, damages, liabilities, costs and expenses (including reasonable legal fees and expenses) arising out of or related to the domain name registration. This obligation shall survive expiration or termination of this Agreement or the domain name registration.
Policy last updated: November 13, 2023.