1.3 Overview

This protocol enables the client to identify and mark e-mail messages that are likely to be phishing messages. When an e-mail message is delivered to a messaging client, the client examines the properties of the Message object to determine the likelihood of it being a phishing message. If the examination determines that the message is likely to be a phishing message, the client modifies a property on the Message object to mark it as suspicious. A messaging client's user interface can use this property value to identify a potential phishing message and display a warning to the end user.

This protocol does not specify the algorithm that determines the likelihood of a message being a phishing message; it only specifies how the Message object is changed to indicate the result of the algorithm.