IETF Logo Mail Archive

Re: [calsify] Calendar spam - it is speeding up - security issue / warning

David Thewlis <dave.thewlis@calconnect.org> Fri, 14 June 2019 02:10 UTC

Return-Path: <dave.thewlis@calconnect.org>
X-Original-To: calsify@ietfa.amsl.com
Delivered-To: calsify@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 381831200F9 for <calsify@ietfa.amsl.com>; Thu, 13 Jun 2019 19:10:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=calconnect.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xGg5E2o68EjV for <calsify@ietfa.amsl.com>; Thu, 13 Jun 2019 19:10:19 -0700 (PDT)
Received: from dog.birch.relay.mailchannels.net (dog.birch.relay.mailchannels.net [23.83.209.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8EAA1200EF for <calsify@ietf.org>; Thu, 13 Jun 2019 19:10:18 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|dave.thewlis@calconnect.org
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 42ED1500364; Fri, 14 Jun 2019 02:10:17 +0000 (UTC)
Received: from pdx1-sub0-mail-a62.g.dreamhost.com (100-96-28-110.trex.outbound.svc.cluster.local [100.96.28.110]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 8504F501775; Fri, 14 Jun 2019 02:10:16 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|dave.thewlis@calconnect.org
Received: from pdx1-sub0-mail-a62.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Fri, 14 Jun 2019 02:10:17 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|dave.thewlis@calconnect.org
X-MailChannels-Auth-Id: dreamhost
X-Trade-Coil: 2937892746a79c86_1560478217052_1635630132
X-MC-Loop-Signature: 1560478217052:1102051751
X-MC-Ingress-Time: 1560478217051
Received: from pdx1-sub0-mail-a62.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a62.g.dreamhost.com (Postfix) with ESMTP id 3DC0582A93; Thu, 13 Jun 2019 19:10:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=calconnect.org; h= content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; s=calconnect.org; bh=QhXnxzm408NpdQE4 KksV8e9+WVk=; b=f2k8qw/55uaWYmQ4skn/AaBBCkE2/vYTJiOSxOJKF10afY+t /xrLteZqXFba2kjZ7UH5OB/JGTSZmuefyvBS7XGUhiJBMsMSi1AnHxGRFIXN37vl piRKkIjeGTfm42e0TVcA3mV7IqrjCiWZS4FwdIctsfygU5Rry+InycMBBog=
Received: from [192.168.0.218] (47-208-67-174.erkacmtk02.res.dyn.suddenlink.net [47.208.67.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: dave.thewlis@calconnect.org) by pdx1-sub0-mail-a62.g.dreamhost.com (Postfix) with ESMTPSA id CC9D782A83; Thu, 13 Jun 2019 19:10:10 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_38E03D48-FCE6-4E97-B52A-543D4DB5E1FE"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
X-DH-BACKEND: pdx1-sub0-mail-a62
From: David Thewlis <dave.thewlis@calconnect.org>
In-Reply-To: <f7d8336f-edd2-7d26-1589-87e58dd8672b@gmail.com>
Date: Thu, 13 Jun 2019 19:10:09 -0700
Cc: Doug Royer <douglasroyer@gmail.com>
Message-Id: <25453529-BE41-4A4E-B6BD-5EB662C73DEC@calconnect.org>
References: <f7d8336f-edd2-7d26-1589-87e58dd8672b@gmail.com>
To: "calsify@ietf.org" <calsify@ietf.org>
X-Mailer: Apple Mail (2.3445.104.11)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduuddrudeitddgheegucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurheptggguffhjgffkfhfvffosegrtdhmrehhtddvnecuhfhrohhmpeffrghvihguucfvhhgvfihlihhsuceouggrvhgvrdhthhgvfihlihhssegtrghltghonhhnvggtthdrohhrgheqnecuffhomhgrihhnpehfohhrsggvshdrtghomhdptggrlhgtohhnnhgvtghtrdhorhhgpdhivghtfhdrohhrghdpughouhhgrhhohigvrhdruhhsnecukfhppeegjedrvddtkedrieejrddujeegnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopegludelvddrudeikedrtddrvddukegnpdhinhgvthepgeejrddvtdekrdeijedrudejgedprhgvthhurhhnqdhprghthhepffgrvhhiugcuvfhhvgiflhhishcuoegurghvvgdrthhhvgiflhhishestggrlhgtohhnnhgvtghtrdhorhhgqedpmhgrihhlfhhrohhmpegurghvvgdrthhhvgiflhhishestggrlhgtohhnnhgvtghtrdhorhhgpdhnrhgtphhtthhopegurghvvgdrthhhvgiflhhishestggrlhgtohhnnhgvtghtrdhorhhgnecuvehluhhsthgvrhfuihiivgeptd
Archived-At: <https://mailarchive.ietf.org/arch/msg/calsify/3CtfbW_RbFUS6lDZBc4yCiZW9J0>
Subject: Re: [calsify] Calendar spam - it is speeding up - security issue / warning
X-BeenThere: calsify@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <calsify.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/calsify>, <mailto:calsify-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/calsify/>
List-Post: <mailto:calsify@ietf.org>
List-Help: <mailto:calsify-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/calsify>, <mailto:calsify-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jun 2019 02:10:22 -0000

FYI earlier this year, CalConnect published a best current practices for calendar operators on calendar spam.  This was developed in conjunction with M3AAWG; we understand that they will be publishing it as well.  See https://standards.calconnect.org/csd/cc-18003.html <https://standards.calconnect.org/csd/cc-18003.html>.

Dave Thewlis


> On Jun 13, 2019, at 18:13, Doug Royer <douglasroyer@gmail.com> wrote:
> 
> Years ago, I predicted without more controls (no clue what), that calendaring can be used to attempt to schedule appointments and spam.
> 
> No proposal from me. Perhaps after reading the article below, new security controls may be needed soon. It might make a new great topic / draft. Clearly - do not click on appointments in email to find out what they are about.
> 
> This article is pointing out the latest calendaring security abuse. (it is a bit of pay-to-view, you can still read it).
> 
> Summary, spammers are sending out calendar appointments with URLs that look like appointments (and are fake links or malicious links), or have valid iCalendar objects that have or link to malicious calendar attachments. The MUA/CUA or perhaps user is being careless about what is loaded.
> 
> The original post that led me to this article pointed out that Thunderbird with the calendar add-on, may be vulnerable to this.
> 
> Not entirely new or new news. But it seems to be picking up.
> 
> https://www.forbes.com/sites/daveywinder/2019/06/11/new-security-warning-issued-for-googles-1-5-billion-gmail-and-calendar-users/#700c55f7565e
> 
> No proposal from me. Just for those on this list, if you happen to have an idea for helping slow or stop this kind of thing, it may be time to rethink iTIP and calendar security.
> 
> -- 
> 
> Doug Royer - (http://DougRoyer.US)
> Douglas.Royer@gmail.com
> 714-989-6135
> 
> _______________________________________________
> calsify mailing list
> calsify@ietf.org
> https://www.ietf.org/mailman/listinfo/calsify





--
Dave Thewlis, Executive Director
CalConnect - The Calendaring and Scheduling Consortium
+1 707 840 9391 voice | +1 707 498 2238 mobile | +1 415 946 3454 fax
http://www.calconnect.org | Dave.Thewlis@calconnect.org

v2.23.0 | Report a Bug | By Email