Registrar Abuse Policy

Operated by: Vianames LLC d/b/a OrbitFour, an ICANN-accredited registrar IANA Registrar ID: 3873 Effective Date: January 1, 2026 Version: 1.0

1. Purpose and scope

Vianames LLC, doing business as OrbitFour ("OrbitFour," "we," "us"), is accredited by the Internet Corporation for Assigned Names and Numbers (ICANN) and is bound by the 2013 Registrar Accreditation Agreement (RAA), including the DNS Abuse mitigation obligations that took effect on 5 April 2024 (Section 3.18, as amended).

This policy explains:

  • what kinds of abuse we can act on, and which fall outside our role as a registrar;
  • how to submit an abuse report;
  • how we receive, acknowledge, investigate, and respond to reports;
  • the mitigation actions we may take and how we decide among them;
  • how to escalate if you believe we have not met our obligations.

This policy applies to domain names sponsored by OrbitFour as the registrar of record. It does not govern services provided by other parties in the domain ecosystem (registry operators, hosting providers, content delivery networks, email providers, or resellers), although we will refer or forward reports to those parties where appropriate.

2. How to report abuse

Report abuse through either channel below. Both are monitored. You do not need an OrbitFour account to submit a report.

To help us investigate quickly, please include as much of the following as you can:

  1. The exact domain name(s) at issue.
  2. The type of abuse you are reporting (for example, phishing, malware, botnet command-and-control).
  3. Evidence supporting the report — for example, the full malicious URL, screenshots, message headers, sandbox or scanner reports, third-party blocklist references, timestamps, and the time zone of your observations.
  4. Your contact information, so we can acknowledge the report and follow up. Anonymous reports are accepted but limit our ability to request clarification.
  5. Whether you are reporting in an official capacity (for example, security researcher, law enforcement, brand owner, or trusted notifier).

The more specific and verifiable the evidence, the faster we can act. Vague allegations without supporting evidence may require us to request more information before we can proceed.

Do not include illegal content in your report. In particular, do not attach or transmit any images, video, or files containing child sexual abuse material. Report the URL only, and see Section 5.

3. What is DNS Abuse

ICANN defines DNS Abuse, for the purposes of the RAA, as five categories of technical harm:

  • Malware — malicious software installed or executed on a device without the user's consent (for example, viruses, spyware, ransomware) to disrupt operations, gather data, or gain unauthorized access.
  • Botnets — networks of malware-infected, internet-connected devices controlled remotely, including command-and-control infrastructure.
  • Phishing — fraudulent attempts to obtain sensitive information by impersonating a legitimate entity.
  • Pharming — redirecting users to fraudulent destinations, typically through DNS manipulation.
  • Spam — but only when spam is used as a delivery mechanism for one of the four categories above.

When OrbitFour has actionable evidence that a domain we sponsor is being used for DNS Abuse, we are required to promptly take the mitigation action(s) reasonably necessary to stop or disrupt that abuse. This is our core contractual obligation under RAA Section 3.18.2.

4. What falls outside DNS Abuse

Many complaints involve genuinely harmful or unlawful conduct that is nonetheless not "DNS Abuse" as ICANN defines it, and is therefore not something a registrar is the right party to resolve. These typically include:

  • Website content that does not involve phishing, malware, botnets, pharming, or qualifying spam.
  • Trademark and brand disputes — generally handled through the Uniform Domain-Name Dispute-Resolution Policy (UDRP) or the Uniform Rapid Suspension (URS) system, unless the domain is also being used for phishing or malware.
  • Copyright and DMCA matters — these concern hosted content and should be directed to the hosting provider, not the registrar. OrbitFour does not control website content.
  • Defamation, harassment, fraud allegations without DNS Abuse evidence, contract disputes, product-quality complaints, and consumer disputes — these are generally matters for the merchant, payment provider, marketplace, courts, or law enforcement.

For matters outside the DNS Abuse definition, the registrar generally cannot and should not act on the domain name itself. We may, at our discretion and where lawful, review such reports under our Registration Agreement and Acceptable Use terms, or refer you to the appropriate party (the hosting provider, registry operator, dispute provider, or relevant authority). A referral is not a determination that the conduct is or is not unlawful.

5. Priority and special categories

Certain reports receive expedited handling because of the severity or immediacy of the harm.

Child sexual abuse material (CSAM)

We treat CSAM reports with the highest urgency and zero tolerance. If you encounter suspected CSAM:

  • Do not send us any images, video, files, or other media. Send only the URL and a brief description.
  • Report it directly to the appropriate authority:
    • In the United States: the National Center for Missing & Exploited Children (NCMEC) CyberTipline at report.cybertip.org or 1-800-843-5678.
    • Internationally: the Internet Watch Foundation (IWF) at iwf.org.uk, or your national hotline via inhope.org.

We cooperate with NCMEC, law enforcement, and recognized hotlines, and will take prompt action on domains we sponsor where we receive actionable evidence.

Imminent threats to life or safety

Reports indicating a credible, imminent threat of physical harm are escalated immediately and may be referred to law enforcement.

Active, high-confidence DNS Abuse

For clear cases supported by strong evidence — for example, multiple reputable security vendors flagging a domain, visual confirmation of an active phishing page, or a newly registered domain showing clear malicious indicators — we act without unnecessary delay.

6. How we handle reports

6.1 Acknowledgment

We confirm receipt of every abuse report submitted through our published channels.

6.2 Triage and classification

We first determine whether the report describes DNS Abuse (Section 3), a priority category (Section 5), a matter outside our role as registrar (Section 4), or a matter better directed to another party. Correct classification determines the appropriate response path.

6.3 Investigation and the "actionable evidence" standard

ICANN requires registrars to act when they have actionable evidence — information sufficient to allow a reasonable determination that a domain is being used for DNS Abuse. We investigate reports and evaluate the available evidence. Where a report lacks sufficient evidence, we may request additional information before acting. Our framework calls for investigation and a proportionate response, not automatic action on unverified allegations.

6.4 Distinguishing compromised from maliciously registered domains

Our response takes into account whether a domain was registered for abusive purposes or is an otherwise legitimate domain that has been compromised (for example, a hacked site hosting a phishing page on a subdomain). Suspending a compromised legitimate domain can cause significant collateral damage — disrupting email, legitimate services, and unrelated users. In compromised-domain cases we may prioritize notifying the registrant and the hosting provider so the specific malicious content can be removed, rather than disabling the entire domain.

6.5 Mitigation actions

Depending on the cause and severity of the abuse and the risk of collateral damage, available actions include:

  • Notifying the registrant and requesting remediation within a defined window.
  • Forwarding the report to the responsible reseller, hosting provider, or registry operator.
  • Applying registrar-level status codes (for example, clientHold, which removes the domain from the zone, or clientTransferProhibited to prevent evasion via transfer).
  • Suspending or disabling the domain.
  • Referring the matter to the registry operator, law enforcement, or a recognized hotline.
  • Terminating the registration in accordance with our Registration Agreement, where warranted.

We exercise reasonable discretion in selecting actions proportionate to the harm.

6.6 Timing

ICANN does not set a single fixed deadline for every case; "prompt" is judged by whether we act reasonably, proportionately, and without unnecessary delay once we have actionable evidence. Severe, active abuse (such as live phishing or malware distribution) is addressed on an expedited basis. Cases requiring registrant or host remediation, or further investigation, may take longer while still meeting the promptness standard.

7. Trusted notifiers and law enforcement

We give appropriate weight to reports from recognized trusted notifiers, security researchers with a track record, and law enforcement, given the evidentiary quality these sources typically provide. Law enforcement and government authorities should identify themselves and their jurisdiction. Formal legal process (such as a court order or properly issued legal demand) is handled through [email protected] / our designated legal contact, not the general abuse queue, although urgent safety matters may be raised through any channel.

8. Registrant notice, remediation, and reinstatement

Where appropriate and where doing so does not increase risk, we notify the affected registrant of a report and provide an opportunity to remediate. A registrant who believes action was taken in error, or who has remediated the abuse, may request review by contacting [email protected] with a clear explanation and supporting evidence. We will review such requests in good faith. We reserve the right to maintain protective measures where abuse is ongoing or where remediation cannot be verified.

9. Reseller domains

Where a domain was registered through one of our resellers, the reseller is bound by our policies and by the RAA. We remain responsible as the registrar of record and will act directly where the reseller does not respond appropriately and we have actionable evidence of DNS Abuse.

10. Records and retention

We maintain records of abuse reports and our handling of them — including the report, our investigation, classification, and any mitigation taken — consistent with our obligations under the RAA. Records are retained for no less than two years from the date a report is closed, consistent with our RAA data-retention obligations and applicable law.

11. Privacy and data protection

We handle abuse reports and any associated personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) where it applies. Information submitted in an abuse report may be shared with parties necessary to investigate and resolve the matter, including the registrant, reseller, hosting provider, registry operator, recognized hotlines, and law enforcement.

12. Escalation to ICANN

If you have submitted a report to OrbitFour about a domain we sponsor and, after a reasonable time, you believe we have not met our obligations under the RAA, you may file a complaint with ICANN Contractual Compliance:

Filing with ICANN is appropriate after you have first reported the matter to us and allowed a reasonable opportunity to respond.

13. Limitations and good faith

OrbitFour is a domain name registrar, not a court, an arbiter of lawful speech, or the host of the content reachable through a domain. We act on DNS Abuse where we have actionable evidence, refer other matters to the appropriate parties, and exercise reasonable, proportionate judgment in every case. Nothing in this policy creates an obligation to act on matters outside the DNS Abuse definition or outside a registrar's role, and nothing here waives our rights or remedies under our Registration Agreement or applicable law.

We may update this policy to reflect changes in ICANN requirements, applicable law, or our own practices. The effective date and version above indicate the current revision.

14. Contact

Revision history

Version Date Notes
1.0 January 1, 2026 Initial publication.