1) It is suspended or ordered transferred by ICANN (or CIRA) in compliance with a policy which is a requirement of our Registrar Accreditation Agreements. These policies include things like Dispute Resolution Protocols, invalid whois reports, or challenges to the CPR (Canadian Presence Requirements) for .CA domains. In any case, we only suspend the domain when finally ordered to do so by ICANN or CIRA – in the meantime, we would have been attempting to contact our Registrant via email and telephone.
2) We are ordered to do so by the Courts. Specifically, the Courts here in our legal jurisdiction of the Province of Ontario, Canada.
3) The domain is engaged in network abuse or poses a threat to the stability of the internet (or to easyDNS itself). In this last case, we are the final arbiters of what qualifies. This would include things like spreading malware, running botnets, spamming, phishing, etc.
NEW (Aug 15, 2014) #4) We are adding this: If a credible source (i.e. government, LEA) requests it on the basis that the domain poses an imminent threat to public safety or health. See why we added this here.
One of the first things any clueful abuse desk should be able to do upon receiving a complaint about a customer domain makes a basic initial determination: is this domain an abuser? Is it a legitimate domain that has it been compromised? Are they a service provider with many downstream users?
The response is different in each situation, but we basically proceed in a way where we want the problem solved one way or another, very quickly. If you’ve been compromised: fix your system, if you have downstream users: LART that user and if you’re an abuser, you get nuked.
The policy to us seems logical and straightforward. We’ve been doing this for nearly 15 years now and we know actual abuse when we see it (if anybody is worried that we’re “soft on network abuse” they obviously don’t know us, or have never tried it here). We are geeks, not lawyers. So it’s easy for us to make a determination on whether actual network or technical harm is being done and if so, what to do about it. Beyond that, we need it to come from either the governing body that accredits us as a registrar or via proper legal channels.
– See the original blog entry here.