CalConnect project to provide documentation on calendar spam best practices.
Background
In 2016, on "Black Friday", the day following Thanksgiving Day in the United States, many calendar systems were compromised by a wave of "calendar spam", unsolicited invitations delivered via email. These calendaring systems had no defenses against such an attack; there was no way for users to easily find and/or delete these unwanted events without sort of deleting the whole calendar. Calendar spam has repeated the history of email spam, with subsequent attacks being more subtle, more sophisticated, less dramatic, but equally difficult to detect and remediate.
Since then changes have been done to several calendaring systems to improve the handling of situations like that. CalConnect wants to offer their members in cooperation with the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) information about best practices to cope with calendar spam.
As a result of CalConnect’s collaboration with M3AAWG, members identified the need to review, and potentially revise, the effect DMARC has on calendar interoperability between organizational domains and email transport systems. DMARC is a mechanism to establish a level of authenticity for email, which provides a mechanism to stop some forms of abuse, such as spam. The CALSPAM technical committee has been reopened to address this topic.
Charter
The goal of this TC is to add authenticity and trust to interoperating calendaring systems, and to better protect users from receiving undesired information delivered through calendar systems, which currently range from spam to phishing attacks.
The TC aims to understand the current and potential usage of calendar systems as a vector for delivering undesired information; devise measures and best practices for developers and operators of those systems to ensure legitimate usage.
The TC works together with M3AAWG through CalConnect’s liaison relationship on the subject of calendar spam.
Out of Scope
Deliverables
-
A best practices document for calendar software in a format that is engaging for developers
-
Guidance on how mail and calendaring systems should interact with each other as joined work with M3AAWG
-
Identifying necessary changes to RFCs.
Begin and End Dates
-
Begin: February 2018
-
End: Open
Milestones and Work Products
Period | Milestone |
---|---|
February 2018 |
TC initiated |
June 2018 |
draft of best practice document will be presented at CalConnect & M3AAWG conference |
January 2019 |
|
February 2019 |
decide about TC future directions |
April 2019 |
TC closed as document published and status co-publish with M3AAWG uncertain and only depending on M3AAWG moving forward. |
CALSPAM Mailing List
Besides participation here, there is a closed CALSPAM Mailing list within CalConnect to organise the work.
You must be an employee of a Consortium member (or Member of M3AAWG) to be subscribed to this mailing list. You must be subscribed to the TC CALSPAM mailing list to post messages to this mailing list.
Participation on the CALSPAM mailing list will be in accordance with standard CalConnect practices and procedures.
Chair
Jesse Thompson, UW-Madison (zjt+calconnect@wisc.edu)
Please contact the Chair for more information or to join this Technical Committee.