Skip to main content
The Blocklist helps Organization Admins stop unwanted bookings made with suspicious emails or domains. Organization members can report bookings they believe are spam. Reported bookings are flagged and auto-cancelled (including all future occurrences for recurring events).
Admins then review these reports at /admin/privacy and decide to Ignore or Block the email/domain. Admins can also add blocklist entries directly without a prior report.

What happens when a booking is reported

  1. The booking is marked Reported.
  2. The booking (and any future recurrences) is automatically cancelled.
  3. The report appears in Privacy & Security → Blocklist for System Admin review.
Past occurrences in a recurring series are not retroactively cancelled.

Reviewing reports (Privacy & Security)

For each report the system admins see:
  • Booker email
  • Who reported it and when
  • Linked booking (event, host, time)
  • Actions: Ignore or Block

Actions

  • Ignore: Closes the report. The email/domain isn’t added to the blocklist
  • Block (Email or Domain):
    • Email: Blocks that exact email.
    • Domain: Blocks all addresses at that domain (e.g., @example.com).
When blocked, any future booking attempts are silently rejected. The booker is not told they’ve been blocked.

Add to Organization Blocklist

From the Blocklist:
  1. Click Add to Blocklist.
  2. Choose Email or Domain.
  3. Provide the value and (optionally) a description explaining reason/notes.
  4. Save.
This immediately activates the block for all users in your organization.

How blocking works (under the hood)

  • Checks run at booking time against global blocklist and your org’s blocklist.
  • Silent failure: We do not reveal the block to suspected spammers (prevents evasion and harassment).
  • PII safe: We do **not **reveal the host’s PII in such cases.
  • Scope: Org-wide. A blocked email/domain cannot book any user in your org.

Benefits

  • Reduces noise and protects calendars from spam or harassment.
  • Prevents recurring spam by shutting down future attempts automatically.
  • Protects host privacy & safety by avoiding explicit “you’re blocked” notices.
  • Saves time for admins and hosts; fewer manual cancellations and follow-ups.
  • Organization-wide coverage ensures consistent enforcement for all members.

Best practices

  • Prefer domain blocks for obvious throwaway/spam domains; use email blocks for one-off bad actors on otherwise legitimate domains.
  • Add a note when blocking (reason, source). It helps future reviewers.
  • Review regularly: Clear out resolved reports to keep the queue tidy.
  • Start narrow, widen later: If unsure, block the email first; escalate to a domain block if you see a pattern.

Permissions & access

  • Who can report: Any user who receives a suspicious booking.
  • Who can review/block: System Admins (and Owners).
  • Where: /admin/privacyBlocklist .

Unblocking / managing entries

  • Navigate to Blocklist.
  • Find the entry → Remove.
  • Removing an entry re-enables booking attempts from that email/domain.
Removing a block does not restore previously cancelled bookings; those must be recreated if needed.

FAQs

Q: Will the booker know they were blocked?
A: No. We intentionally keep it silent to prevent abuse escalation and evasion. Q: Can I block subdomains only (e.g., `@mail.bad.com but not @good.bad.com)?
A: Use a domain entry for the exact domain you want blocked. If you need finer control, prefer email blocks or add multiple domain entries. Q: Do past recurring instances get cancelled when reported?
A: We cancel the reported instance and future occurrences. Past instances are not retroactively altered. Q: Can I import a list of domains?
A: Add entries individually today. If you need bulk operations, contact support for recommended workflows.