Sudden increase in iCloud spam.

I find spam hits my Apple email addresses in waves. Nothing for a few weeks then a sudden deluge. As soon as it comes in, I forward the emails to abuse@icloud.com and, where appropriate, report@phishing.gov.uk. That seems to kill it off after a day or so. Not sure why Apple can’t filter it out consistently though…

I too am seeing a significant uptick of spam reaching my junk folder. While this is the right place for this, the fact that Apple removed the ability to empty the junk folder from the iPhone mail app and made it a two step process now, it annoys me that these cannot just be permanently deleted.

The recent spam campaigns targeting iCloud and .me addresses use a technique to hide additional recipients within the headers. If you inspect a spam message's headers, you will likely see that the To: field is not even your email address. Further down in the header, you will see a couple references to the .me address (that for some reason Apple won't let us abandon the old .me addresses). You will also see that the mail is likely coming from a proton mail address with the prefix being the same as your iCloud address.

Bottom line. Apple needs to provide more mature spam prevention controls. They are being gamed by threat actors.

You need to follow the articles Report and reduce spam in iCloud Mail - Apple Support

Manage junk mail in Mail on iCloud.com - Apple Support

I am being deluged with SPAM to my <username>@icloud.com email address. I do not use this address as I have an @mac.com address that I have been using since the day Steve announced this feature. I also, of course, have @me.com addresses. It seems I cannot delete the @icloud.com address as this will permanently delete my legacy addresses. I set a block on the @icloud.com address in Apple Mail.app but this did nothing. What can I do to stop this deluge of SPAM? Thanks.

It has really increased after August 1, 2023.

Lots of junk FROM icloud accounts…

Me too, I wonder if Apple has changed the default spam filters. I don’t use my iCloud email address much except to use iCloud services but I have had the addresses since the very beginning.

Please don’t reply with the help article about spam, did it years ago.

This is new behavior.

Same. Hundreds of spam mail a day and I cannot get it to stop. I have tried unsubscribing but I get an error that it didn't come from a valid email address. I have marked them as JUNK so now that folder is going rampant. I have tried to block the sender but they just keep coming. I want to delete this email all together now because of it but you cannot get another iCloud email. The apple support chat guy told me to create a new third party email and make that my new Apple ID and just stop using my iCloud account. That isn't fixing the problem and why do I need another email address? Why can't I get a new iCloud email and update my Apple ID? Because Apple says no.

I'm also getting hammered with this.

Either Apple changed something, or spammers have taken this to the next level. Also, most if not all appear to be phishing spam. About 90% of mine do go into my junk mail folder, but considering I have had this email address since the day iCloud became a thing (and mac.com before then), and very rarely observed any spam, this is a very sudden change in behavior.

Agreed. For every 2 I unsubscribe from, 6 more show up. Junk mail isn’t catching even an 1/8th of them. I tried to talk to support and they told me to get another email with someone else. I shouldn’t have to have multiple emails!

I keep getting an email from ICloud Storage 47 stating that my iCloud storage is full and I need to “update my storage payment method” isn’t this something I could just double click for payment? Does this sound like scam?

I get hundreds of those a day and the number or letter changes behind iCloud storage. If you click on the senders name it’ll show you the email it’s from. From my experience it’s a scam. If you need to increase storage or change your storage plan, I recommend doing it from settings.

Neither of those articles address the problem we are facing. This new spam technique is designed to circumvent the spam controls currently available. Apple needs to step up the options to include options to filter out emails where you are not in the To field or reject messages based on other header fields.

In my case, most if not all are phishing spam, and the sheer number makes me wonder if it is a Denial of Service attack.

My wife forwards her iCloud email to gmail, and for all of Google's sins, they are able to filter out all of this spam. If they can do it, so can Apple. (In fact, I had assumed Apple did just that since the inception of iCloud, which is why this is such an unpleasant surprise.)

It’s definitely not a Denial of Service. Denial of service attacks result in the targeted service becoming unavailable.

you are correct a number of these are phishing, especially the fake iCloud folder being full or deleted. A lot of this a combination of spoofing and baiting techniques. Simple services like Gmail and Outlook have decent protections again these more trivial techniques. One would think Apple could implement the same