3.1.4.2 End User Opens a Message

:end user opens a message" When an end user opens a message, the client tries to retrieve the value of the PidNamePhishingStamp property (section 2.2.1.1). If the property is present, its STAMP field, as specified in section 2.2.1.1, is compared against the fifth value of the multivalued property PidTagAdditionalRenEntryIds ([MS-OXPROPS] section 2.509). If this comparison does not result in a match, the PidNamePhishingStamp property SHOULD be ignored. If the comparison results in a match, the client considers the message to be a phishing message. If the value of the ENABLED field, as specified in section 2.2.1.1, in the PidNamePhishingStamp property is 1, the user has enabled the functionality and the client SHOULD display the message as a normal message. If the value of the ENABLED field in the PidNamePhishingStamp property is zero (0), the client SHOULD disable the functionality of the message. The functionality that the client disables (according to the value of the ENABLED field in the PidNamePhishingStamp property) is implementation-dependent.

The user has the option to enable all functionality within a message by interacting with the user interface. If the user enables functionality within a message, the value of the ENABLED field of the PidNamePhishingStamp property on that message is set to 1.

The functionality is also enabled when the PidTagJunkPhishingEnableLinks property ([MS-OXPROPS] section 2.761) is set to TRUE.