Outlook Express

This topic contains 0 replies, has 1 voice, and was last updated by  Webmaster 1 year, 11 months ago.

  • Author
  • #2213


    Applies To:Windows Server 2003 with SP1
    What new functionality is added to this feature in Windows Server 2003 Service Pack 1?
    Plain text mode
    Detailed description
    The plain text modefeature of Outlook Express provides users with the option to render incoming mail messages in plain text
    instead of Hypertext Markup Language(HTML).When Outlook Express is running in plain text mode, therich edit control is
    used instead of the MSHTML control. You avoid somesecurity issues that result from the use of MSHTML by using therich edit
    Why is this change important?
    The use of therich edit control provides an additional barrier to malicious codethat is transmitted using e-mail. Computers
    running earlier versions of Windows XP had a vulnerability to malicious code because Outlook Express processes HTML header
    scripts in the HTML content.The MSHTML control automatically executes thesescripts.Therich edit control does notexecute
    HTML scripts, so this is mitigated. Because plain texte-mail does not require HTML header processing to be displayed properly,
    thereis usually littlevisible differencefrom this processing changein standard messageformats. Portions of e-mail messages
    that do notappear to render correctly arerelying on HTML rendering and could presenta danger to your system.
    What works differently?
    Thefollowing Outlook Express features are notavailable when running in plain text mode:
    Changing text sizeto a larger or smaller font.
    Full text searching through the body of a mail message.
    You can configure plain text modein several ways, including:
    Reading a message.
    In Outlook Express, on the Tools menu,click Options,and then click the Read tab.Select the Read all messages in
    plain text check box.
    Composing a message.
    In Outlook Express, on the Tools menu,click Options,and then click the Send tab. Under Mail Sending Format, select
    the Plain Text option.
    With a new menu option.
    On the View menu,click Message in HTML.
    This new menu item switches thecurrent messageview to HTML if it is currently in plain textview, both in the preview
    display as well as in thefull message display.
    How do I resolve these issues?
    If you aresurethat thesource of an e-mail messagecan betrusted and you want to usethefull featureset that is provided
    with the MSHTML control to support rich HTML e-mail for reading or composing,you can switch to the HTML mode by using
    the View menu option procedureas described abovein “With a new menu option.”
    Limit external HTML content downloads
    Detailed description
    This Outlook Express feature helps users to avoid getting repeated spam mailings by preventing the user from unknowingly
    validating his or her e-mail address to spam originators. Businesses that usespam as a marketing techniquetypically include
    references to images that reside on their Web servers insidethee-mail message.Some of thesespam e-mail messages contain
    single pixel images thatare notvisibleto therecipient of thee-mail so that therecipient will not beawarethat thereis any
    content that is malicious.When the user opened an e-mail that contains theimage, previous versions of Outlook Express
    automatically contacted the Web server to download and display theimages.When therequest for theimage was madeto the
    Web server, it could ascertain thata spam e-mail message was received by an activee-mail account, which validated thee-mail
    address in thespam originator’s mailing list. Now, when the Block images and other external content in HTML e-mail
    setting is enabled, the default behavior of Outlook Express changes so that it does not contact the Web server to download
    external content, which helps prevent theverification of thee-mail address with thespam originator.This download behavior
    is configurableand is enabled by default when you install Windows Server 2003 Service Pack 1.
    This featurealso helps to minimizea common problem that is experienced by people whosecomputers use dial-up network
    connections. Prior to implementing this feature, if users downloaded mail messages and then disconnected their network
    connection, when they attempted to view an HTML messages that included pictures or other external Internet content, their
    modem would automatically start to dial out to download theexternal content.
    Why is this change important?
    This featureincreases the privacy that is provided to users of Outlook Express.Their e-mail address is notautomatically
    validated by the Web server of spam originators without their knowledge when a spam e-mail messageis opened. Using this
    feature may result in thefollowing advantages:
    The user receives less spam.
    The user is less distracted by thereceipt of spam.
    Automaticattempts by a user’s modem to reconnect to theInternetafter receiving HTML e-mail decrease.
    What works differently?
    Implementing this featurein Outlook Express helps prevent therendering of pictures in HTML e-mail if the pictures must be
    retrieved from servers thatarein either theInternet or Restricted Web content zones.This new default behavior results in the
    user’s name not being validated by the Web site hosting the pictures, which makes the user’s e-mail nameless useful to spam
    senders.This may result in the user getting less spam over time.
    To communicatethat these pictures are missing, thereis now an External MessageInformation Bar that is displayed in both the
    Outlook Express message window as well as in the preview area.This External MessageInformation Bar appears whenever the
    messagecontains references to external Internet content, such as images or scriptand the options areset to render the
    messagein HTML.
    When Outlook Express blocks content, theactual imageis replaced with thestandard placeholder for the blocked imagein the
    text of the mail message. Images arethe only blocked items that providea visual cuethat something is not being displayed.
    For sounds, IFrames,and other content, thereis no visual indication in the body of the mail message.When users printan
    HTML e-mail that has blocked content, Outlook Express prints thee-mail exactly as itappears on thescreen, with a placeholder
    for the blocked images.Theexternal content is not downloaded.
    An added benefit of this featureis that it minimizes a common dial-up user problem: undesired automatic dial-up network
    connection attempts.When viewing an HTML e-mail message off-line, previous versions of Outlook Express would
    automatically dial out to connect to theInternetand retrieveany referenceimages. However, becausealmostall external HTML
    references in e-mail messages point to resources on theInternet thatare part of theInternet zone, thecontent is not displayed
    by defaultand a dial-up network connection is not requested.
    How do I resolve these issues?
    To turn off all external content blocking, on the Tools menu, point to Options,and then click Security. Clear the Block
    images and other external content in HTML e-mail check box.From that point, no content is blocked, which returns
    Outlook Express to the prior behavior of automatically downloading external content.
    To explicitly download external content for an e-mail message,click theExternal MessageInformation Bar to download the
    external content that was included with the message.
    Attachment Manager API integration
    Outlook Express now integrates a new set of application programming interfaces (APIs),called the Attachment Manager, to
    check e-mail attachments.This allows applications to eliminatecustom codethat performs similar safety checks and instead
    rely on this centrally-managed API set.The use of Attachment Manager provides a consistent user experienceacross all
    applications that check thesecurity of an attachment.
    Why is this change important?
    It is important to havea more unified approach for attachment security across all Windows applications.This helps to ensure
    that users geta consistentexperience with regard to thesecurity check performed on attachments.
    What works differently?
    Apart from theconsistent user experience, this feature does not provideany visiblechangeto the user.
    Do I need to change my code to work with Windows Server 2003 Service Pack 1?
    Thereareseveral differences in functionality thata developer should beaware of.
    When API names are provided, they arethe Attachment Manager API. If the Do not allow attachments to be saved or
    opened that could potentially be a virus setting is disabled, Outlook Express calls SetReferer() and passes http://URL as a
    parameter.This is doneso that thesubsequent call to CheckPolicy() considers Outlook Express to bein theInternet Web
    content zone. Attachment Manager discriminates differently, depending on whether thecaller is in thecontext of theInternet
    or Restricted security zones.Thefollowing sections provide overviews of different behaviors that the Attachment Manager API
    Behavior when previewing a message that includes an attachment
    Beforethe preview area is rendered, CheckPolicy() is called to determinethestate of the menu options associated with the
    attachment icon in the preview area header,and thecorresponding actions as follows:
    If CheckPolicy() returns E_Fail (dangerous attachment), S_OK, or S_False (safeattachment), thereis no changeto the
    previous functionality of Outlook Express.
    Opening theattachment saves thefileas a temporary fileand then calls Execute() to executethefileinstead of the
    currently used ShellExecute() call.
    If Execute() fails, subsequent user actions are handled by Attachment Manager.
    When the Save Attachments dialog box is opened, thelist of attachments contains items thatareenabled in the menu.
    Blocked attachments do notappear in the Save Attachments dialog box.When the user selects the destination folder
    and clicks Save, Outlook Express saves thefiles to thespecified folder and then calls Save() on each of thesaved files.
    In thecase of previewing mail with multipleattachments, CheckPolicy() is called on each of theattachments. Depending on
    whether thereturn valueis E_Fail, or S_OK, or S_False, Outlook Express either disables or enables theattachment namein the
    In futureimplementations, Save() could fail if CheckPolicy() does not return S_OK. In this case, Outlook Express will display
    theerror message”Thefollowing attachments were not saved becausethey could not beverified as being safe”, followed by a
    list of failed files.
    Behavior when reading a message that includes an attachment
    Beforethe Outlook Express message window is rendered, CheckPolicy() is called for every attachment to determine which
    attachments areshown and which are blocked from access to the user.
    If CheckPolicy() returns E_Fail (dangerous attachment), S_OK or S_False (safeattachment), Outlook Express behaves
    justas it did in the past. Double-clicking theattachments thatare displayed in the Attach area of the message window
    follows theexact samesteps as described when executing attachments from the preview area.
    When the user clicks Save As, selects the destination folder and file name,and then clicks Save, Outlook Express saves
    theattachment in thespecified folder and then calls Save() to sync.
    Selecting Print is similar to running theattachment,except that, instead of calling Execute() withoutany parameters,
    Outlook Express issues a call to Execute(“print”). All other tasks, such as saving thefileto a temporary fileremain the
    sameas when executing theattachment.
    If the Do not allow attachments to be saved or opened that could potentially be a virus setting is disabled,
    Outlook Express calls SetReferer() and passes http://URL as a parameter.Thesubsequent call to CheckPolicy() then
    considers Outlook Express to bein theInternet Web content zone.
    Behavior when moving a message that includes an attachment
    If the user moves an item to a location outside Outlook Express — for example, dragging a messagecontaining an attachment
    to the desktop — Outlook Express performs theseactions:
    Generates a temporary file with HDROP.
    Saves a temporary file
    Calls Save() on thetemporary file
    If it is successful, HDROP is madeavailable
    If it fails, HDROP is not madeavailableand the drop target is disabled.

You must be logged in to reply to this topic.