I first spoken on a panel about it more than a year earlier than that, along with some people from 1&1 who were very keen to see progress on at least defining the risks!
But it's hard to get attention on fixing things, even in the big players (maybe especially in the big players) until there's user impact.
It's also why, from the very first moment we added this feature in our system, the default in Fastmail has been "only auto-add if it's from somebody in my addressbook". And the "from somebody in my addressbook" test checks for DKIM or SPF alignment.
We also allow turning auto-add off of course, or restricting it only to senders in a particular named addressbook group.
As an alternative, could you just have it so if I mark an email as spam, any calendar events from it are deleted from my calendar?
We think the default is the right balance for most people, and provide easy knobs to adjust the settings if you want.
Right now marking the email spam doesn't find the related calendar events. There's some design work to be done there around user interface when marking emails as spam in bulk (particularly with support for undo and rolling back the calendar changes which isn't as simple as just applying the attached event again, because you may have updated the calendar event since)
I don't even ask for an auto-add. Just a button. But apparently this is one of the most forgotten feature ever.
Either devs don't think about it, or they tested it and it confused the non tech-saavy users so much they decided against it. I can imagine the later very well, though. My mother would click and the setup for a calendar she doesn't have would start, loosing her the process.
From 2012, the first(?) time this was a widespread issue on the web:
and Google has been enduring calendar spam for years beyong Google+:
It's especially annoying as the spammers create repeated alerts (often late at night). I've wound up with dozens of these I have to manually clear from my calendar.
All of this started a few weeks ago. Perhaps it was a regression rather than a new exploit?
Google/Gmail engineers: please file this as a bug.
If you long-press the "Desktop" link and "open in new tab", the webapp will be opened in the browser and not in the Android app.
Wonder if it was something going around, and maybe Google has already fixed it. Hasn't happened again, fingers crossed.
BTW, could you please create a Firefox extension for your site? I see that you only have a Chrome extension.
Can you write up that?
Then all peoples cals can go to their personal slack regardless of source
That means if you are sharing you calendar you can't use this option, since it makes it impossible to remove the events that are now spamming everybody else. You have to just manually mark them as spam every time they appear. I get an event like this maybe every other day at the moment, even though they're almost all identical and I've reported them as spam, it's unbelievably annoying. Even more annoying: gmail is actually picking up the invitation email itself as spam, so it's fully aware that it's unwanted, but then it appears in my calendar regardless. Gmail filters to delete them immediately on arrival don't seem to do anything.
I'm right back to the spam dark ages right now, it's terrible.
Between this and the fact any joker can share a document with one's drive... Making google hard to use for business.
I'm now deathly afraid to have any of these products opened when connected to a projector/presenting...
This issue is baffling to me. If Gmail knows it's spam why on earth are they inserted. Also why inserting 50 events over 4 days suspicious in the first place i don't know.
A "post mortem" would be interesting - why hasn't this been resolved in a couple of days if the solution is that simple and it affects thousands of users over many months?
I'd much prefer a "don't show un-responded invites from people you do not know" option.
That's insanely dumb.
Why not at least limit calendar invites to contacts or contacts of contacts?
I definitely don't want my email application looking at my contacts' contacts, though. That would leak information. And would only work within the same provider.
The system in my mind wouldn't tell contacts of contacts "hey, did you know you can invite this person that you've never met with the email@example.com that you were previously unaware of (and knows Susy and John) via google calendar?"
It would just whitelist contacts of contacts, and would probably cut out 99.9% of the spam with little to no impact on the user.
It's much less intrusive than Facebook saying "hey, these two friends of yours know this person who is not your friend, do you know them?", at least.
I'm sure there are other scenarios. I don't want my contacts list being used to filter email for other people in my contacts list. It's my list. Not a public web-of-trust thing.
I also haven't had seen any spam invites, presumably since Apple's thing is smart enough to ignore email in the spam folder?
I shudder to think how many innocent people will see this and follow through with the scam.
Neither of us could delete the event, either via google calendar or ical. Nor could I find the original email I assume it came from. In the end I just deleted the whole shared calendar.
I wonder if you got a different type of spam than I did.
For some reason Google thinks it’s cool that I’ve emailed “firstname.lastname@example.org” at some point in my life. Foo set their birthday in Gmail and now their birthday shows on my calendar along with people I actually want.
From https://support.google.com/calendar/thread/13429505?hl=en :
> We're aware of the spam occurring in Calendar and are working diligently to resolve this issue. We'll post updates to this thread as they become available.
Also mostly russian nonsense
I was concerned because:
* we received more sophisticated than usual SPAM/phishing to our employees 'from' one of our partners around the same time
* we work in politics
* the timezone on the calendar spam was Russia and multiple staff received the spam invites
Unfortunately, it's pretty inconvenient to just not show calendar events that I haven't accepted. If you have a busy calendar, it can be helpful to prioritize events - some will inevitably be declined or left hanging, but those are useful to see.
It's pretty crazy that calendar invites that are already filtered out to my spam email folder show up in my normal google calendar. Seems like a quick solution for google to go fix.
They'll send a calendar invite and pretend it's a follow up to a meeting we had. Yeah like I can't see through that bullshit. Immediate report as spam.
I've been deleting the next 4 days every 4 days for the last two weeks.
The weird part is that I had a strong password (1password) + 2-factor on both accounts. I use FF with containers so I only use my email on a container and nowhere else.
I had reviewed all the 3rd party apps and security settings on both accounts and it all looked normal to me. The only issue is that I didn't had the SPF, DMARC and DKIM setup - fixed after it.
I sent email to abuse@google but got no response.
Apple are being real dicks about the all-or-nothing nature of these events. Why can't we have some granularity as to the holidays we see in our Calendar?
Opposing customization in favor of a common consistent curated experience based on Apple’s superior knowledge (especially compared to customers themselves) of what customers want has been the Apple way for a long time.
Step 1: Turn off default holidays calendar.
Step 2: Subscribe to calendar feed of your choice.
No MUA is clear how they even parse ICS or "text/calendar" URLs.
This should be a standard!