Lately, I've been dealing with a flood of phishing calendar invites hitting my users' Outlook 365 accounts. It seems the spammer is sending invites to a distribution list, which means it's affecting a large number of people at once. Despite being reported as spam by my users, these invites are still cluttering their calendars. I'm wondering if there are any transport rules or PowerShell commands that I can implement to prevent these invites from reaching the calendar altogether. I've looked through the transport rules but haven't found anything that seems helpful.
4 Answers
We've encountered this issue as well. I found an older thread discussing it, but it didn't lead to much. Our anti-spam platform, Vade, seems to have received updates that help in catching these invites now.
I managed to block those invites using Checkpoint. They had this exemption rule set for calendar invites, so while the original emails were getting flagged, the calendar invites would still go through. You might want to look into similar measures.
Have you tried configuring the distribution list to block external senders? That might help in stopping these invites from getting through.
I was curious if all your calendars are set to auto-accept invites. If that's the case, that would explain why they appear regardless of user action. My team has faced similar issues, and sometimes these invites just end up in the inbox instead of trash if that setting is enabled.
I've seen that too! Microsoft tends to class these as junk and files them accordingly. Others suggested updating DKIM settings to strict might help cut them off.
Yeah, even when set to not accept, they clutter the calendar regardless. I included a screenshot to show you what I'm talking about.