4.2.4 Phishing Message Functionality Not Enabled By the User
If the PidNamePhishingStamp property ([MS-OXPROPS] section 2.461) is present, the client will compare its STAMP field, as specified in section 220.127.116.11, with the least significant 28 bits of the PhishingTagValue value. If the PidNamePhishingStamp property value is 0x0E241D99, and the PhishingTagValue value is 0xAE241D99, the comparison results in a match, indicating that the message is likely to be a phishing message. If the value of the ENABLED field, as specified in section 18.104.22.168, of the PidNamePhishingStamp property (section 22.214.171.124) is zero (0), the user has not enabled functionality within the message. Therefore, the client will disable functionality within the message, display a warning to the user, and add phishing-related user interface elements that allow the user to enable message functionality.