4.1 Setting the PidNamePhishingStamp Property

When the client receives a new message, the client determines whether the message is likely to be a phishing message. If the client determines that the message is likely to be a phishing message, the client sets the PidNamePhishingStamp property (section 2.2.1.1) on the message, as described in section 3.1.5, on message delivery. The client calculates the PidNamePhishingStamp property value as described in the following example:

If the fifth value queried from the PidTagAdditionalRenEntryIds property ([MS-OXPROPS] section 2.500) is 0xAE241D99, the client begins calculating the PidNamePhishingStamp property by setting the STAMP field, as specified in section 2.2.1.1,  as follows: (0xAE241D99 AND 0x0FFFFFFF) = 0x0E241D99.

The value of the ENABLED field, as specified in section 2.2.1.1, of the PidNamePhishingStamp property can be either zero (0), if the user has not enabled the functionality of the message, or 1, if the user has enabled the functionality of the message. If the value of the ENABLED field is zero (0), the final value of the PidNamePhishingStamp property is 0x0E241D99. If the value of the ENABLED field is 1, the final PidNamePhishingStamp property value is the result of the bitwise operation (0x0E241D99 OR 0x10000000) = 0x1E241D99.

Show: