Abuse policy

This document outlines the procedure for the receipt, handling, and tracking of reports of harmful / illegal content or abuse concerning domain names / hosting environments under one.com’s management.

1. Reporting harmful / illegal content

How to report?

Report via email

Complaints can be emailed to us at abuse@one.com for any alleged issue of abuse related to any domain name registered with one.com or contents hosted on our servers.

If you wish to report anonymously, please make sure to send the notification from an e-mail that does not contain any personal information.

Incoming abuse emails are received and tracked in our abuse handling system, and valid requests will be addressed and answered by an abuse desk representative as quickly as possible. We proceed on a case-by-case basis and perform the actions that we deem necessary within the framework of currently applicable law. Emails are answered based on their issue, concern or inquiry and may involve communication with the domain registrant. Please make sure to send along any useful evidence as outlined in the below list of most common types of abuse.

Report via telephone

We encourage you to report any illegal / harmful content via e-mail (see above). When calling us on the dedicated line at +45 44451220, we will create a transcript of your report and respond via e-mail. We will also ask you to send any cited evidence to our abuse e-mail. If we miss your call, we will call you back as soon as possible. Please note that we are only able to take calls in English and calls are recorded to make a transcript.

What to include in reports?

Please always include a statement in your notice confirming your bona fide belief that the information and allegations contained therein are accurate and complete.

The following list explains the most common types of abuse we investigate and the required evidence we expect from you to support our investigation:

Type of abuse and description Useful evidence Notes and advice
Botnets –are collections of Internet-connected computers that have been infected with malware and can be commanded to perform activities under the control of a remote attacker.
  • a direct link to where the botnet is believed to be hosted
  
Child Abuse – is adult content depicting minors (someone under the age of 18 years).
  • Abusive Domain Name(s)
  • Abusive URL(s)
Copyright infringement – is the content that is protected by copyright being published online with no authorisation rights.
  • A detailed description of the exact content that violates the copyright
  • Proof that you own the copyright that is being infringed or are authorised to represent the copyright holder
Email Abuse/Spam – is unsolicited bulk email, where the recipient has not granted permission for the message to be sent, and where the message was sent as part of a larger collection of messages, all having substantively identical content.
  • From address
  • To address
  • Full Email headers
  • Full email source
 Regular FP/FN re-classifications are handled through our normal support queue
Fraud – is the wrongful deception with the intent to gain a monetary benefit (also known as a scam) or other benefits (i.e. access to personal data).
  • Abuse Domain Name(s)
  • Abusive URL(s)
  • Paid invoices or receipts
  • Screenshot(s) of the page(s)
  • The email with full header and body
Pharming – is the redirection of unknowing users to fraudulent sites or services, typically through DNS hijacking or poisoning. DNS hijacking can occur when attackers use malware to redirect victims to the perpetrator’s site instead of the one initially requested. DNS poisoning causes a DNS server [or resolver] to respond with a false Internet Protocol (IP) address bearing malware.
  • A full description on what forwards you are experiencing
  • URL you are trying to access
  • URL it redirects to
  
Phishing – occurs when an attacker tricks a victim into revealing sensitive personal, corporate, or financial information (e.g., account numbers, login IDs, passwords), whether through sending fraudulent or ‘look-alike’ emails, or luring end-users to copycat websites. Some phishing campaigns aim to persuade the user to install malware.
  • Domain Name(s)
  • Abusive URL(s)
  • The target of the attack (legitimate website that is copied)
  • Country of your IP address (content might be geo-blocked)
  • User-agent
Malware – is malicious software, installed and/or executed on a device without the user’s consent, which disrupts the device’s operations, gathers sensitive information, and/or gains access to private computer systems. Malware includes viruses, spyware, ransomware, and other unwanted software.
  • Abusive Domain Name(s)
  • Abusive URL(s)
 If you clicked any links, please make sure to scan your machine with an up-to-date anti-virus program thoroughly
Hacking Activity – is networking attacks such as port scanning, brute force, denial of service attacks etc., with the intent to infect or exploit the victim’s resources or for other illegal purposes.
  • Abusive Domain Name(s)
  • Abusive URL(s)
  • Date and time of when the abuse took place – please indicate time zone
  • A complete log of the attack
Trademark Infringement – the unauthorised use of a trademark or service mark on or in connection with goods and/or services in a manner that is likely to cause confusion, deception or mistake about the source of the goods and/or services.
  • A formal notice of a trademark complaint
Whois Inaccuracy – implies inaccurate, outdated or false contact details listed in Whois.
  • Abusive Domain Name(s)
  • Incorrect Contact Details
  • A returned email with the header

Other Illegal / harmful content

one.com investigates all reports of illegal / harmful content on domain names administered by one.com or hosted on our servers. This includes for example cyber violence, hate speech, self-harm, animal harm, consumer misinformation, etc.

Please always include the domain, a link to the website and a screenshot of the illegal / harmful content in your report.

Process for handling notifications

When you submit an e-mail notification, you will automatically receive an acknowledgement of receipt.

Each report is manually reviewed and appropriate action is decided case-by-case, based on the circumstances included in the report and other information available to us.

In general, the decision is communicated to both the reporter and the affected customer (if a sanction is applied). The reasons for the decision are outlined in this communication.

If you disagree with the decision, you can submit your arguments by replying to the e-mail notifying you of the decision.

How do we make decisions?

We only take action when the reported content is clearly illegal or harmful.

We decide on a case-by-case basis whether there is sufficient actionable evidence for us to sanction the content.

We don’t take action when it is not clear that the reported content or activity is illegal or fraudulent. In these cases, we will suggest you take action via other channels, like obtaining a judicial decision where the content is deemed harmful / illegal and its removal is ordered.

Sanctions

We determine the appropriate action on a case-by-case basis. The actions we may take include (but are not limited to) asking for more information, informing the hosting provider or our registrant / customer, suspending the domain or hosting service, etc. Suspending a domain may entail changing the name server.

We may also decide to suspend all domains belonging to the same account in case we receive evidence that one domain is used for illegal / inappropriate activities.

2. Disclosure requests

Under NIS2 law and ICANN RDP policy, legitimate access seekers may request domain registration data for a particular domain that is not already publicly available. If you wish to submit a disclosure request, please fill out our web form.

An automated acknowledgement of receipt is sent to the requester upon submitting the form. We answer any disclosure requests without undue delay and in any event within 72 hours.