Version 1.0
(“Acceptable Use Policy”)

Xigen Ltd - the Company

What is in the acceptable Use Policy?
As the owner of a Domain name, you are required to act responsibly in your use of that domain in accordance with this policy. Abusive or malicious conduct in registration of your domain name or in content on a website will not be tolerated by the Company.

Please note that the Company may modify this Acceptable Use Policy from time to time in order to comply with applicable laws and terms and/or any conditions set forth by ICANN. Any revisions or modifications to this Acceptable Use Policy shall be effective thirty (30) days after the initial date of posting such revisions or modifications on the Company’s website and such amendments will be binding upon the domain name registrant.

The Company will act as set out in this Acceptable Use Policy to deal with abusive or malicious conduct of which it becomes or which is brought to its attention.

In all cases the Company reserves the right to bring offending sites into compliance using any methods set out in this policy, or others as may be necessary in exceptional cases, whether or not stated in this policy.

Should a complaint be made, the Company will alert its relevant Registrar partners about any identified threats, and will work closely with them.

Who can bring a complaint under the Acceptable Use Policy?
The Acceptable Use Policy may be triggered through a variety of channels, including, among other things, private complaint, public alert, government or enforcement agency outreach, and the on-going monitoring by the Company or its partners.

What actions can constitute abusive or malicious conduct?
“Abuse” or “malicious conduct” includes but it not limited to:

Infringement of Intellectual Property; which includes, but is not limited to, passing off as the brand of another, unauthorised distribution of copyrighted material or the sale of counterfeit goods.

Phishing; a criminal activity employing tactics to defraud and defame Internet users via sensitive information with the intent to steal or expose credentials, money and identities.

Malware; malicious software that was intentionally developed to infiltrate or damage a computer, mobile device, software and/or authorized party. This includes, amongst others, viruses, Trojan horses, and worms.

Domain Name or Domain Theft; the act of changing the registration of a domain name without the permission of its original registrant.

Botnet Command and Control; services run on a domain name that is used to control a collection of compromised computers or “zombies”, or direct Distributed Denial of Service attacks “DDoS attacks”.

Fast Flux Attacks / Hosting; a technique used to shelter phishing, pharming and malwares sites and networks from detection and to frustrate methods employed to defend against such practices, whereby the IP addresses associated with fraudulent sites are changed rapidly so as to make the true location of the sites difficult to find.

Hacking; the attempt to gain unauthorized access (or exceed the level of authorised access) to a computer, information system, user account or profile, database or security system.

Pharming; the redirecting of unknown users to fraudulent sites or services, typically through, but not limited to, DNS hijacking, spoofing or poisoning.

Spam; the use of electronic messaging systems to send unsolicited bulk messages. The term applies to email spam and similar abuses such as instant messaging spam, mobile messaging spam and spamming of websites and Internet forums.

Piracy; the unlicensed publication, display and/or dissemination of any material that infringes the copyrights of any person.

Counterfeiting; the sale and advertising of illegal goods, including without limitations, goods that infringe the trademarks of any party.

Child Pornography; the storage, publication, display and /or dissemination of pornographic materials depicting individuals under the legal age in the relevant jurisdiction. Alternatively, no website hosted on any Xigen domain may be used in a ways to mislead or deceive minors into viewing sexually explicit materials, whether in violation of a governing law or otherwise.

Further abusive behaviours include, but not limited to : cybersquatting, front-running, gripe sites, deceptive and/or offensive domain names, fake renewal notices, cross-gTLD registration scam, name spinning, pay-per-click, traffic diversion, false affiliation, domain kiting/tasting, 419 scams or if the domain name is being used in a manner that appears to threaten the stability, integrity or security of the Company, or any of its Registrar partners and/or that may put the safety and security of any registrant or user at risk, the domain name may be cancelled or suspended by the Company or any of the actions listed in the “What we can do” section below.

How do I complain? Abuse Point of Contact
All complaints should be addressed to: abuse@xigen.co.uk

What happens to your complaint? We operate a policy of Domain Compliance, meaning we will provide a timely response to abuse complaints concerning all names registered in the gTLD by Registrars and their resellers.

The Company’s customer support team is operational Mon – Fri 9:00am to 5:30pm. We will endeavour (but cannot guarantee) to address and potentially rectify the issue as it pertains to all forms of abuse and fraud within 5 working days.

Once abusive behaviour is detected or reported, the customer support team immediately creates a support ticket in order to monitor and track the issue through resolution.

A preliminary assessment will be undertaken in order to determine whether the abuse claim is legitimate. The Company will use commercially reasonable efforts to verify the information in the complaint.

If that information can be verified to the best of the ability of the Company, the sponsoring Registrar will be notified and Registrar will endeavour to investigate the activity and either take down the domain name by placing the domain on “Suspension” or by deleting the domain name in its entirety, or to provide a compelling argument to the Company to keep the name in the zone.

If the Registrar has not taken the requested action after 24 hour period (i.e. is unresponsive to the request or refuses to take action),the Company may place the domain on “Suspension”.

We will classify each incidence of legitimately reported abuse into two categories based on the probable severity and immediacy of harm to registrants and Internet users.

Category 1:

  • Probable Severity of Immediacy of Harm: Low
  • Examples of types of abusive behaviour: Spam, Malware
  • Mitigation Steps:
    • Investigate
    • Notify registrant
  • Response times – up to 3 working days depending on severity.

Category 2:

  • Probable Severity or Immediacy of Harm: Medium to High
  • Example of types of abusive behaviour: Fast Flux Hosting, Phishing, Illegal Access to other Computers or Networks, Pharming, Botnet command and control.
  • Mitigation Steps:
    • Investigate
    • Notify registrant
  • Response times – up to 5 working days depending on severity.

Uniform Rapid Suspension System (“URS”): We are obliged to follow ICANN’s requirements in respect of URS. All definitions in this section are as per the website.

URS Lock: If a URS Provider has instructed us to set up a URS Lock, we are obliged to activate the following EPP-Statuses in respect of the affected domain name:

  • ServerUpdateProhibited
  • ServerTransferProhibited
  • ServerDeleteProhibited

URS Suspension: If a URS Provider has instructed us to set up a URS Suspension, we are obliged to redirect the suspended domain name to a webpage that mentions the URL has been suspended due to a URS Complaint.

URS Rollback: If a URS Provider instructs us to “roll-back” a suspended or locked domain name, we will restore the original information on the domain name at the time of the suspension or lock.

Domain Name Life Cycle: We are obliged to follow the normal domain name life-cycle for a URS Locked domain name. If a domain name that is subject to a URS procedure is purged (if we operate a Redemption Grace Period) or deleted, the URS procedure will automatically terminate.

Extension: In the case where a URS Complainant has prevailed, the Company MUST offer the option for the URS Complainant to extend a URS Suspended domain‘s registration for an additional year. The registrar MUST pay the renewal fee for such a domain name to the Company.

What we can do. We reserve the right for the Company, at our sole discretion and without notice to any other party, to take the appropriate actions (whether administrative, operational or otherwise) based on the type of abuse, including but not limited to:

Lock down of the domain name preventing any changes to the contact and name server information associated with the domain name.
Placing the name “on suspension” rendering the domain name non-resolvable or transferring the domain name to another Registrar.
Substituting name servers in cases which the domain name is associated with an existing law enforcement investigation in order to collect information about DNS queries and when appropriate, Xigen Limited will cooperate with all law enforcement requests and court orders to assist the investigation.
Cancelling or transferring or taking ownership of any domain name, either temporary or permanently.
Denying attempted registrations from repeat violators (see the Section on registration Disqualification, below).
Using relevant technological services, whether our own or third party, such as computer forensics and information security.
Sharing relevant information on abuse with other registries, Registrars, ccTLDs, law enforcement authorities (see, security professionals, etc. not only on abusive domain name registrations within its own gTLD, but also information uncovered with respect to domain names in other registries to enable such parties to take appropriate action.

Why will we act? We will always endeavour to act with reasonable cause. Some examples of where we might act (not limited):

Protecting the integrity and stability of the Company.
Complying with any applicable laws, government rules, ICANN or court orders or requirements, requests or orders of law enforcement, or any dispute resolution process.
Avoiding any liability, civil or criminal, on the part of the Company as well as its affiliates, subsidiaries, officers, directors and employees. If required by the terms of the registration agreement or the Registry Registrar Agreement or ICANN.
To correct mistakes made by the Company or any Registrar in connection with the domain name registration.
During resolution of a dispute of any sort whether or not the dispute appears to be unmerited or unsubstantiated.

How we work with law enforcement. The Company will respond to legitimate law enforcement inquiries within 1 business day from receiving the request. Such a response shall include, at a minimum, an acknowledgement of receipt of the request, questions or comments concerning the request, and an outline of the next steps to be taken by the Company for rapid resolution of the request.

In the event of such request involves any of the activities which can be validated by the Company and involves the type of activity set out in the Acceptable Use Policy, the sponsoring Registrar will take down the domain name by placing the name on suspension or by deleting the domain name in its entirety or providing a compelling argument to the Company to keep the name in the zone.

If the Registrar is not able to take the requested action after 24 hours or if the matter is urgent, (i.e. is unresponsive to the request or refuses to take action),the Company may place the domain on “Suspension”.

Dispute Resolution Alternatives. The Company is not bound to adjudicate any dispute between parties and cannot and does not accept any responsibility for any loss or damage a domain name registrant or anyone else may suffer as a result of any action or omission by us or by anyone else under this Acceptable Use Policy.

Any abuse-related issues with which the Company is unable to assist should be resolved through an appropriate dispute resolution forum. In such circumstances, the Company will act following provision of:

- The final determination of an internationally recognised dispute resolution body or a court of law; resolving the inter-party dispute or otherwise mandating the Company’s action;
- Any requirements of ICANN or other recognised authority which demands action or response; or
- In case of wrongful transfer of a domain name, a registrant may also provide written agreement of the Registrar of record and the gaining Registrar sent by email, letter or fax that the transfer was made by mistake or procedural error or was unauthorised.

All notices under this section should be served by mail to:

Xigen Limited
Stephenson Court
Fraser Road
Bedford
Bedfordshire
MK44 3WJ
F.A.O Xigen Compliance

Anyone acting under this section is responsible for all costs, fees, damages and other expenses relating to any such action, including any actions the Registry is required to take.

How we disqualify registrants. Registrant disqualification provides an additional disincentive for qualified registrants to maintain abusive registrations in that it puts at risk even otherwise non-abusive registrations, through the possible loss of all registrations.

Registrants, their agents or affiliates found through the application of the Acceptable Use Policy to have repeatedly engaged in abusive registration may be disqualified from maintaining any registrations or make future registrations.

This will be triggered when the Company backend services provider’s records indicate that a registration has had action taken against it an unusual number of times through the application of our Acceptable Use Policy.

In addition, name servers that are to be associated only with fraudulent registrations may be added to a local blacklist and any existing or new registration that uses such fraudulent NS record will be investigated.

The disqualification of ‘bad actors’ and the creation of blacklists mitigates the potential for abuse by preventing individuals known to engage in such behaviour from registering domain names.

For a registrant to be placed on a list of bad actors, the Company will examine the factors noted above, and such determination shall be made by the Company at its sole discretion.

Once the Company determines that a registrant should be placed onto the list of bad actors, the Company will notify its Company backend services provider, who will be instructed to cause all the registrant’s second-level domains in the gTLD to resolve to a page which notes that the domain has been disabled for abuse-related reasons.

The second-level domains at issue will remain in this state until the expiration of the registrant’s registration term or a decision from a UDRP panel or court of competent jurisdiction requires the transfer or cancellation of such domains.