Legal

Acceptable Use Policy

Effective · Last updated

This Acceptable Use Policy (AUP) sits alongside our Terms of Service and sets out what you can and can't do on DomainShark. It exists so the service stays fast, accurate and useful for everyone looking for a great .au domain. By using DomainShark you agree to follow this AUP.

1. Use the website like a human

The DomainShark website is designed for interactive use by people. The blessed path for programmatic access is the developer API (see Section 3 below). On the website, you must not:

  • scrape, crawl, mirror or systematically harvest pages, listings or search results;
  • run automated scripts, bots, headless browsers or load-generators against website pages or AJAX endpoints;
  • republish the SharkDEX dataset (in whole or in part) on another site, in an app, or as a downloadable file;
  • extract domain lists for resale or for use in unsolicited outreach;
  • cache or proxy our pages for redistribution.

If you have a legitimate research, integration or licensing need, sign up for the developer API or get in touch via the contact form, we'd rather talk than ban.

2. Respect the token quota

Search has a fair-use token quota: 5 tokens per keyword search and 1 token per “Surprise me”. You must not:

  • create multiple accounts to evade the quota;
  • rotate IP addresses, VPNs or proxies to evade the quota;
  • script the search interface, the AJAX endpoint or the slug URLs;
  • solve bot-challenge / human-verification widgets by automated means.

3. Use the developer API as documented

The DomainShark developer API is the supported channel for programmatic access. It has a limited demo tier (for evaluation) and one or more paid subscription tiers. When using the API you must:

  • stay within the documented per-second, per-minute, per-hour and per-month limits of your tier honour Retry-After on 429 responses and back off on 5xx;
  • keep API keys secret, do not embed them in public client-side code, public repositories, mobile apps or browser extensions where they can be extracted;
  • use one key per project / workload, so we can suspend the smallest unit possible if there's a problem;
  • identify your client with a meaningful User-Agent (project name + contact URL or email is ideal);
  • respect the per-tier field exposure, page-size caps and pagination contract.

You must not:

  • share or resell API keys, or split a workload across multiple keys, accounts or IPs to defeat tier caps;
  • republish or resell API output as a competing drop list, search index, dataset, RSS feed or sitemap;
  • use API output for unsolicited commercial outreach (cold email, cold SMS, or other contact to registrants or prior holders) in breach of the Spam Act 2003 (Cth);
  • use bulk API responses to train, fine-tune or evaluate machine-learning models without a separate written data licence from us;
  • bypass scraping rules by routing scraping through the API (the API itself has redistribution rules see Terms of Service, Section 16);
  • attempt to enumerate, brute-force or guess endpoints, keys, internal identifiers, or undocumented parameters.

The full developer API terms (tiers, billing, webhook handling, deprecation policy) are in Terms of Service, Section 16.

4. Don't break things

You must not probe, scan, fuzz, brute-force or otherwise interfere with the security or availability of the service. You must not test for vulnerabilities without prior written permission. We welcome responsible security disclosures, use the contact form with “Security” in the subject line.

5. Use forms in good faith

The contact, removal, change-of-registrant and sell-listing forms exist to handle real requests. You must not:

  • submit false, misleading or vexatious removal requests;
  • impersonate the registrant or representative of a domain you do not control;
  • upload content that is unlawful, infringing, defamatory, abusive, hateful, malicious or deceptive;
  • use the contact form for unsolicited commercial messaging.

6. Don't game the marketplace

If you list or buy through the marketplace, you must not engage in shill bidding, fake offers, fee avoidance, or otherwise manipulate listings, prices or commission. List only domains you own or are authorised to sell.

7. Follow the law and auDA policies

You must comply with all laws that apply to your use of the service, including the Privacy Act 1988 (Cth), the Spam Act 2003 (Cth), Australian Consumer Law, intellectual property law, and the auDA .au Licensing Rules. Eligibility for Australian domains is set by auDA, we cannot register a domain on your behalf if you do not meet it.

8. Enforcement

If we reasonably believe you have breached this AUP, we may (without notice) throttle, suspend or terminate your access, hide your listings, reverse abusive transactions, ban your IP range or account, retain technical evidence, and cooperate with law enforcement. Repeated or serious breaches will result in permanent termination.

9. Reporting abuse

If someone is abusing the service, or you've noticed a listing or message that breaks this AUP, please tell us via the contact form with “Abuse” in the subject line. To request removal of a specific domain from the SharkDEX, use /remove.