4.2.4 Phishing Message Functionality Not Enabled By the User

If the PidNamePhishingStamp property ([MS-OXPROPS] section 2.461) is present, the client will compare its STAMP field, as specified in section, with the least significant 28 bits of the PhishingTagValue value. If the PidNamePhishingStamp property value is 0x0E241D99, and the PhishingTagValue value is 0xAE241D99, the comparison results in a match, indicating that the message is likely to be a phishing message. If the value of the ENABLED field, as specified in section, of the PidNamePhishingStamp property (section is zero (0), the user has not enabled functionality within the message. Therefore, the client will disable functionality within the message, display a warning to the user, and add phishing-related user interface elements that allow the user to enable message functionality.