CalConnect project to provide documentation on calendar spam best practices.

Background

In 2016, on "Black Friday", the day following Thanksgiving Day in the United States, many calendar systems were compromised by a wave of "calendar spam", unsolicited invitations delivered via email. These calendaring systems had no defenses against such an attack; there was no way for users to easily find and/or delete these unwanted events without sort of deleting the whole calendar. Calendar spam has repeated the history of email spam, with subsequent attacks being more subtle, more sophisticated, less dramatic, but equally difficult to detect and remediate.

Since then changes have been done to several calendaring systems to improve the handling of situations like that. CalConnect wants to offer their members in cooperation with the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) information about best practices to cope with calendar spam.

As a result of CalConnect’s collaboration with M3AAWG, members identified the need to review, and potentially revise, the effect DMARC has on calendar interoperability between organizational domains and email transport systems. DMARC is a mechanism to establish a level of authenticity for email, which provides a mechanism to stop some forms of abuse, such as spam. The CALSPAM technical committee has been reopened to address this topic.

Charter

The goal of this TC is to add authenticity and trust to interoperating calendaring systems, and to better protect users from receiving undesired information delivered through calendar systems, which currently range from spam to phishing attacks.

The TC aims to understand the current and potential usage of calendar systems as a vector for delivering undesired information; devise measures and best practices for developers and operators of those systems to ensure legitimate usage.

The TC works together with M3AAWG through CalConnect’s liaison relationship on the subject of calendar spam.

Out of Scope

Deliverables

  • A best practices document for calendar software in a format that is engaging for developers

  • Guidance on how mail and calendaring systems should interact with each other as joined work with M3AAWG

  • Identifying necessary changes to RFCs.

Begin and End Dates

  • Begin: February 2018

  • End: Open

Milestones and Work Products

Period Milestone

February 2018

TC initiated

June 2018

draft of best practice document will be presented at CalConnect & M3AAWG conference

January 2019

document published

February 2019

decide about TC future directions

April 2019

TC closed as document published and status co-publish with M3AAWG uncertain and only depending on M3AAWG moving forward.

CALSPAM Mailing List

Besides participation here, there is a closed CALSPAM Mailing list within CalConnect to organise the work.

You must be an employee of a Consortium member (or Member of M3AAWG) to be subscribed to this mailing list. You must be subscribed to the TC CALSPAM mailing list to post messages to this mailing list.

Participation on the CALSPAM mailing list will be in accordance with standard CalConnect practices and procedures.

Chair

Jesse Thompson, UW-Madison (zjt+calconnect@wisc.edu)

Please contact the Chair for more information or to join this Technical Committee.