Legal

Abuse Policy

Last updated: May 2026

1. Introduction

This Abuse Policy describes how RDPCore handles reports of abuse, illegal content, and policy violations on our network and infrastructure. We are committed to maintaining a safe, secure, and reputable network for all customers and the wider internet community.

This policy should be read alongside our Acceptable Use Policy, which defines prohibited activities on our services.

2. How to Report Abuse

2.1 Contact

To report abuse originating from our network or hosted on our infrastructure, please contact:

  • Email: abuse@rdpcore.com
  • RIPE Database abuse-c: abuse@rdpcore.com (registered in RIPE NCC database for AS214311)

2.2 What to Include

To help us investigate and resolve your report efficiently, please include as much of the following information as possible:

  • The IP address(es) involved;
  • Date and time of the incident (including timezone);
  • A description of the abuse or violation;
  • Relevant log excerpts, headers, or screenshots as evidence;
  • URLs or hostnames involved (if applicable);
  • Your contact information for follow-up (unless reporting anonymously).

Reports that lack sufficient detail (e.g., no IP address, no timestamp, no description) may not be actionable and may experience delays in processing.

2.3 Automated Reports

We accept automated abuse reports (e.g., from Spamhaus, Abusix, Shadowserver, fail2ban) in standard formats including ARF (Abuse Reporting Format), X-ARF, and plain text. Automated reports should be sent to abuse@rdpcore.com.

3. Our Response Process

3.1 Acknowledgement

We aim to acknowledge receipt of all abuse reports within twenty-four (24) hours during business days. Complex reports or those received during weekends/holidays may take longer to acknowledge.

3.2 Investigation

Upon receiving a valid report, we will:

  • Verify the report and identify the affected customer;
  • Assess the severity and urgency of the issue;
  • Notify the customer and request resolution within an appropriate timeframe;
  • Take immediate action where required (see Section 4).

Failure by the customer to cooperate with an abuse investigation or to respond within the specified timeframe may result in immediate suspension or termination of the affected service.

3.3 Resolution Timeframes

We require our customers to resolve reported issues within the following timeframes from notification:

Severity Examples Resolution Time
Critical CSAM, active DDoS, malware C2, imminent threat Immediate (no notice)
High Phishing, malware hosting, active spam, fraud 24 hours
Medium Open relay, vulnerable software, minor spam 48 hours
Low Misconfiguration, outdated software, informational 7 days

Severity classification is determined at our sole discretion based on the nature, impact, and urgency of the reported issue. All severity classifications are final.

We are not obligated to take action on reports that are incomplete, unverifiable, or relate to matters outside our control.

3.4 Data Availability

Our ability to investigate abuse reports is limited by available logs and data retention policies. We do not guarantee the availability of historical data beyond our standard retention periods.

3.5 Automated Detection

We may use automated systems to detect abuse patterns and initiate mitigation actions (such as rate limiting, null-routing, or temporary suspension) without prior notice to the customer.

4. Immediate Action

We reserve the right to take immediate action without prior notice to the customer in the following circumstances:

  • Child sexual abuse material (CSAM) — immediate termination and law enforcement referral (NCMEC, NCA, or relevant authority);
  • Active outbound DDoS attacks or participation in botnet activity;
  • Distribution of malware or operation of command-and-control infrastructure;
  • Activities that pose an immediate threat to our network stability or other customers;
  • Court orders or law enforcement requests requiring immediate action;
  • Terrorism-related content as defined under UK law.

Immediate action may include service suspension, IP null-routing, content removal, or account termination as appropriate to the situation. We do not guarantee restoration time for null-routed IP addresses. Where required, we will prioritise compliance with law enforcement over customer notification.

RDPCore shall not be liable for any loss, damage, or disruption resulting from actions taken under this Abuse Policy, including but not limited to service suspension, null-routing, content removal, or account termination.

5. Escalation and Repeat Offences

5.1 First Offence

For non-critical violations, we will typically issue a warning and provide the customer with an opportunity to resolve the issue within the specified timeframe.

5.2 Second Offence

A second violation of the same or similar nature within a twelve (12) month period may result in temporary service suspension until the issue is resolved and assurances are provided.

5.3 Third Offence or Pattern of Abuse

A third violation, or a pattern of repeated abuse (even if individually minor), may result in permanent account termination without refund. We maintain internal records of all abuse incidents associated with each account.

5.4 Severity Override

Regardless of the number of prior offences, a single serious violation (as classified in Section 3.3 as Critical or High) may result in immediate termination without prior warning at our sole discretion.

6. Customer Notification

When we take action on an abuse report, we will notify the affected customer via their registered email address with:

  • A description of the reported issue;
  • The action taken or required;
  • The timeframe for resolution;
  • Consequences of non-compliance.

We will not disclose the identity of the reporter to the customer unless required by law or court order, or with the reporter’s explicit consent.

7. Reporter Feedback

We aim to provide feedback to abuse reporters on the outcome of their report where practicable. Due to privacy and confidentiality considerations, we may not be able to share specific details of actions taken against our customer, but will confirm that the report has been addressed.

8. False or Malicious Reports

We take all abuse reports seriously. However, we reserve the right to disregard reports that are clearly false, malicious, or submitted in bad faith (e.g., as a competitive attack or harassment tool). Repeated submission of false reports may result in the reporter being blocked from our abuse handling system.

9. EU Digital Services Act

In accordance with the EU Digital Services Act (Regulation (EU) 2022/2065), our abuse handling process serves as our notice-and-action mechanism for reports of illegal content. Notices submitted under the DSA will be processed in a timely, diligent, and non-arbitrary manner. We will inform both the reporter and the content provider of our decision and the reasons for it, in accordance with Article 16 of the DSA.

10. External Cooperation

We cooperate with the following organisations and authorities in abuse handling:

  • RIPE NCC (IP address abuse contacts and policy compliance);
  • Spamhaus, Abusix, and other reputation/blocklist providers;
  • NCMEC / Internet Watch Foundation (IWF) for CSAM reports;
  • UK National Crime Agency (NCA) and relevant EU law enforcement;
  • CERT teams and incident response organisations;
  • Upstream network providers and data centre operators.

We may share limited information (IP addresses, timestamps, nature of abuse) with these organisations where necessary to resolve incidents or comply with legal obligations.

10.1 Upstream Enforcement

Where required, we may escalate abuse incidents to upstream network providers or data centre operators. Upstream providers may impose additional restrictions, including traffic filtering, null-routing, or service suspension beyond our control. We are not liable for actions taken by upstream providers in response to abuse originating from your services.

11. Contact