Under event settings in Google calendar settings, I selected ‘From Everyone’ and it now syncs fine between em Client and Google calendar.
Hurrah!
2 Likes
Cool! We’ll add this info to our knowledgebase. Thanks everyone for opening and sticking to this topic, and shoutout to our developer for figuring it out 
This is a serious security issue. “From Everyone” is a really bad idea.
Bad agents are sending phishing invites that will automatically be added to your calendar. We had an issue in our org with this and have to change to the “when I respond to the invitation in email”. Unfortunately since the bad actor invite was automatically accepted once, the account is now getting bombarded with spam invites. I highly suggest you change that setting.
Its only an issue if you accept a calendar invitation. If you don’t know them delete the invitation. Same goes with any emails you have to be aware of phishing email these days & delete them. The mail client carnt be held responsible for that. Its all about user education with emails.
Unfortunately since the bad actor invite was automatically accepted once, the account is now getting bombarded with spam invites.
Just put a block on the sender.
I wish that were the case. If you have “from everyone” the invite will be placed on your calendar whether you accept the invite or not. This is part of Google’s ‘smart features’ but if you disable that, then you lose out on a lot of other beneficial things. The only alternative I’ve found from that is to use known or when you reply to invite.
As far as blocking the sender, Of course we do, but it’s almost futile as the email and domain is basically randomized and they don’t use the same one twice.
Edit to add a reference (is this allowed?) from folks who can explain it more eloquently than I:
https://www.montclair.edu/phish-files/2025/10/16/beware-of-calendar-phishing/
Otherwise just google the subject and you’ll see what I’m talking about.
I wish that were the case. If you have “from everyone” the invite will be placed on your calendar whether you accept the invite or not.
I wasn’t aware it did that.
Yes you are correct that it adds the event automatically to the Google calendar “as soon as I received the email” without accepting the invite from further testing and it creates a public event.
Even creating the event as private in eM Client mobile app doesn’t make any difference.
@Kim_Fisher Can the devs look at this again to make it work with setting Google calendar settings to “when I respond to the invitation in the email” or “only if the sender is known” to fix this issue.
Hey, we appreciate the concerns you’ve brought up and are currently reviewing it.
Hey all, I’m sorry to say that we simply cannot do anything about this. Our developers have thoroughly explored it, but it is a Google limitation and we haven’t been able to find a way around it.
Re: the security issue, though. I don’t mean to trivialize it, but I want to stress this only comes up if yes, you actively interact with these invites – as is the case with spam emails after all. The rule of thumb: identify phishing attempts, don’t interact. Again, I really do empathize with cases where one might accidentally interact with such an invite, and if you ever start getting an onslaught of fraudulent invites, I understand you might want to consider whether the setting for the sake of syncing invites is worth it. But I do consider it a hypothetical, and again, our hands are tied in this case.
Thanks for looking into this issue. At least we can now get invites synced online this way and hopefully Google will update this in the future.
1 Like
Well, use Android Thunderbird and not have to deal with this.