Some Apple users have been plagued with iCloud calendar invite spam in recent weeks, with calendar periods being blocked up with unsolicited events from anonymous senders (usually with Chinese names). It is thought that the spammers are mass targeting any iCloud email account it can find on the web, rather than targeting specific users.
Apple has now acknowledged the issue in a statement to iMore, starting with an apology to anyone who has received iCloud calendar spam. The company says it is actively “identifying and blocking suspicious senders” to try and stem the arrival of the junk messages.
iCloud calendar spam has been a long-running issue but peaked in recent weeks with a fresh wave of spammers exploiting the holiday shopping season.
As any person can send an invite to an arbitrary email address, these unscrupulous senders are simply trying any email address they can find, hoping a real person is on the other end of it.
Here’s Apple’s full statement, as provided to iMore.
Recipients of the spam invites are left in a confusing situation as there isn’t a clear-cut solution for the problem. Users can Decline the invites, which will remove the event from their calendar, but will not prevent the spammers from sending more invites in future and alerts the sender that the email address is active and has a real person on the other end of it. Therefore, pressing Decline can do more harm than good.
Calendar on iOS and Mac currently lacks any way to block these invites. In the absence of an official feature, there is a convoluted workaround to use in the meantime … but isn’t simple or convenient. A definitive comprehensive answer to the question ‘how to fix iCloud calendar spam?’ doesn’t really exist.
Perhaps in a future software release, Apple will add a feature to limit the scope of people that can invite an account. Until something like this arrives, the simplest option is to just ignore the spam events. It’s basically harmless as long as you don’t click on the links in the messages.
As mentioned in the statement, the company is currently attacking the issue from the server-side. It is employing spam-detection techniques to prevent the invites from going out in the first place. Time will tell if this strategy is effective and/or sufficient.