Introduction into Calendar spam
“Calendar spam
” – unsolicited, or otherwise unwanted, calendar events and meeting invitations – is a recently exploited channel for abuse aimed at users of calendaring & scheduling systems.
It is a new form of application-specific spam which takes advantage of the application layer across multiple technologies that spans scheduling, calendaring and messaging systems.
As is the case with email spam, calendar spam is not only used to deliver unwanted information, but can also be used for malicious purposes such as phishing attempts and delivering dangerous payloads.
Because calendar events and meeting invitations are often (but not exclusively) transported and delivered via email, combatting calendar spam requires awareness, intervention and integration with email systems and services.
What CalConnect did
CalConnect teamed up with the Messaging MalWare Mobile Anti-Abuse Working Group (M3AAWG) to help calendaring and email service providers as well as users get a better understanding on how calendar spam works and what effects it might have.
As a result of working together on the topic, Calendar operator practices — Guidelines to protect against calendar abuse was published on 2019-01-18.
It includes an introduction into the topic and advice, what can be done to help users not being affected by calendar spam.