iCloud Calendar Spam
A new event alarm was created in my primary iCloud calendar without my consent.
No matter what I do – Accept, Maybe, Decline – the sender of the spam appointment receives the notification of my action. There’s no way to just simply delete the damn invitation from your calendar without sending the reply!
[…]
These calendar invites aren’t coming from some magic hacked portal in your phone. The invites are coming as e-mails into your iCloud.com e-mail account and then being automatically converted into in-app push notifications to both iOS and macOS. Once that’s done the original e-mail is deleted.
One solution is to go to the settings on the iCloud Web site and change from In-app to Email notifications.
Fantastical does support ignoring and deleting a calendar invitation without notifying the sender.
Update (2016-11-28): See also: Stuart Breckenridge.
Update (2016-12-01): John Gruber:
The most interesting thing about this is that it’s a way to send completely unauthenticated spam, and it has been just sitting around unexploited until now. This feature has been around for years, but the spammers seemingly didn’t find it until very recently.
There are many blog articles and forum posts out there about how to delete these messages without notifying the sender that you have done so. The prevalent wisdom says that adding the events to a temporary calendar, then deleting that calendar, will delete the events without sending a notification. This seems to be backed up by the fact that macOS will give you the option to delete without notifying[…]
Unfortunately, I’ve been testing this for a couple days, between my calendar and my wife’s calendar, and it doesn’t work for me. Even if I click Delete and Don’t Notify, or if I do this from iOS as some sites suggest, the sender will always get a notification that the invitation was declined.
[…]
There is also the question of how to prevent this from happening in the future. Unfortunately, again, the conventional wisdom appears to be failing.
[…]
Of course, this does nothing to stop the problem once it has started. However, you may be able to change your Apple ID e-mail address, which would help to cut off the flow. If your address ends in @icloud.com, @me.com, or @mac.com, you may not be able to change it at this point, but for anyone else it would be worth a try.
Update (2016-12-12): Joe Rossignol:
Apple has added a “Report Junk” option to iCloud.com to help combat a recent increase in calendar spam, as noticed by a Reddit user over the weekend.
[…] MJ Tsai (Added 2016-11-28) […]