This article summarizes what developers need to know about
the Outlook 2002 e-mail security features and how those features can affect
This article describes security features in Outlook 2002, in
Outlook 2002 Service Pack 1, and in Outlook 2002 Service Pack 2. Additional
features were added to Outlook 2002 Service Pack 3.
For more information about those changes, click the following
article number to view the article in the Microsoft Knowledge Base:
Description of the developer-related security changes in Outlook 2002 Service Pack 3 (S838871)
In addition to the information in this article, you should be
familiar with the general Outlook 2002 e-mail security features. Information
about the Outlook e-mail security features is provided in Help. On the Help
menu, click Microsoft Outlook Help
. In the contents, click Security and Encryption
For more information about how the security
features affect end-users, click the following article number to view the
article in the Microsoft Knowledge Base:
You receive warning messages when you use a third-party add-in or custom solution in Outlook 2002
This article describes the default behavior of Outlook 2002 with
regard to various restrictions placed on programming interfaces. If you wish to
avoid these restrictions, administrators can configure client computers so that
they do not contain all of these restrictions. As a developer, you need to be
familiar with the administrative options that are available with these security
For more information about how to override these restrictions, click the
following article number to view the article in the Microsoft Knowledge Base:
Administrator information about e-mail security features
Outlook 2002 includes the same type of security
features that were previously released as the Microsoft Outlook 98 and
Microsoft Outlook 2000 E-mail Security Updates. These features provide Outlook
with additional levels of protection against malicious e-mail messages but may
adversely affect solutions that you build by using developer features that are
included in Outlook and other messaging technologies or Application Programming
Interfaces (APIs). In some cases, solutions may not function at all; in other
cases, solutions may result in a warning message that interrupts your solution
when you try to run it.
The security features change Outlook and
general messaging functionality in the following areas:
- General attachment behavior
- The Outlook object model
- The Collaboration Data Objects (CDO) 1.21s object
- Simple Messaging Application Programming Interface, or
- Other areas in Outlook that are related to security, such
as code embedded in HTML-based mail messages
Outlook object model security features
Attachments with Level 1, or "unsafe," file extensions are not
accessible in the Outlook object model, specifically:
- The Attachments collection in the object model is unaware
of unsafe attachments.
- If you try to send mail programmatically with one of these
attachments, the mail is not sent. If the program is written in the C or C++
programming languages, you receive the MAPI_E_CANCELLED return code.
- If you attempt to open an "unsafe" file system object (or
"freedoc" file) by using the Outlook object model, you receive the E_FAIL
return code in the C or C++ programming languages. In previous versions of
Outlook, you could open an "unsafe" file system object by using the Display
method in the Outlook object model.
When you run a program that uses the Outlook object model to call
the Send method, you receive a warning message. This warning message tells you
that a program is trying to send mail on your behalf and asks if you want to
allow the message to be sent. The warning message contains both a Yes
and a No
button; however, the Yes
button is not available until five seconds have passed since the
warning message appeared. You can dismiss the warning message immediately if
you click No
. When you click No
, the Send method returns an E_FAIL error in the C or C++
Accessing address books and recipients
If a program tries to reference any type of recipient information
by using the Outlook object model, a dialog box is displayed that asks you to
confirm access to this information. You can allow access to the Address Book or
recipient information for up to ten minutes after you receive the dialog box.
This allows features, such as mobile device synchronization, to be completed.
If you decide not to allow access to your Address Book or recipient
information, you receive the E_FAIL return code for all of these messages in
the C or C++ programming languages.
You receive the confirmation
dialog box when a solution tries to programmatically access the following
features of the Outlook object model:
- The AddressEntries collection or any AddressEntry
- The Recipients collection or any Recipient
- The following properties of a ContactItem object:
- The following properties of a MailItem object:
- The following properties of a AppointmentItem object:
- The following properties of a TaskItem object:
- The GetMember method of a DistListItem object.
- The ContactNames property of a JournalItem
- The SenderName property of a MeetingItem object.
- The SenderName property of a PostItem object.
- The GetRecipientFromID property of a Namespace
- The Execute method of an Action object.
- The Formula property of a UserProperty object.
When you use the SaveAs method to save items to the file system,
you receive an "address book" warning message. This includes all types of items
whether or not the items have attachments or active content. This change has
been made so that someone cannot programmatically save items to a file, and
then parse the file to retrieve e-mail addresses.
Send CommandBar button
It is no longer possible to use the Execute method to
programmatically click the Send
button on the Outlook toolbar. Although this is not commonly done
in Outlook solutions, this change has been made to prevent malicious intent.
You receive the E_FAIL return code for all of these messages in the C or C++
Outlook does not allow access to certain dialog boxes by using
the Microsoft Visual Basic or Microsoft Visual Basic for Applications SendKeys
command. This prevents malicious programs from automatically
dismissing the warning messages and circumventing the new security features.
VBScript in unpublished forms no longer runs
When you create a custom Outlook form, you can choose to directly
embed Visual Basic Scripting Edition (VBScript) within an item. You may do this
if other users cannot access a published form. These types of forms are called
For more information about
one-off forms, click the following article number to view the article in the
Microsoft Knowledge Base:
Description of form definitions and one-off forms in Outlook 2002
When you open one of these items in a version of
Outlook that does not have the Outlook E-mail Security Update applied to it,
Outlook displays a security warning message that asks if you want to enable or
disable the code in the form. In Outlook 2002, the code is disabled, and you
cannot activate it.
CDO 1.21s security features
The CDO 1.21 object model has been changed to reflect the changes
made to the Outlook object model and Simple MAPI. The version number of CDO has
been updated to 1.21s to reflect these security features.
more information, click the following article number to view the article in the
Microsoft Knowledge Base:
Summary of Collaboration Data Objects (CDO) 1.21s e-mail security features in Outlook 2002
For more information about the CDO object model,
see the following article on the Microsoft Web site:
Simple MAPI security features
When Outlook is installed on a computer as the default Simple
MAPI client, Outlook processes requests that are made by using Simple MAPI
calls. Therefore, when you install Outlook 2002, Simple MAPI calls are handled
by Outlook and those calls provide the same level of protection as the Outlook
object model. By default, if you use many Simple MAPI functions, you receive a
warning message that says a program is trying to either access recipient
information or send mail on your behalf.
The following list describes
how Outlook responds to Simple MAPI calls.
Simple MAPI call Behavior if handled by Outlook
MAPISendMail OK with the MAPI_DIALOG argument, otherwise prompt
For more information about the Simple MAPI calls,
see the following article on the Microsoft Web site:
Office applications are reset to high security
To help protect against harmful macro viruses that may be in
Microsoft Office documents, Office XP defaults to putting programs in "high
security" mode. This includes all Office XP programs that support Visual Basic
for Applications, except Microsoft Access, because Microsoft Access has no
equivalent settings for macro security. As a result, all Access document types
are included in the list of unsafe file extensions that cannot be accessed.
Outlook and HTML mail
The following information is an excerpt from the Microsoft
To protect against viruses that might be contained in HTML messages you receive, scripts won't run and ActiveX controls will be deactivated regardless of your security zone setting. By default, the Microsoft Outlook security zone is set to Restricted Site.
Avoiding the security features
The e-mail security features affect all custom solutions that use
the Outlook object model, CDO, or Simple MAPI, even if they are digitally
signed. This includes the following:
- Outlook custom forms that are published to any folder or
forms library, including the Organizational Forms Library
- Outlook COM Add-ins
- Outlook Visual Basic for Applications
- Any other type of development project that uses the Outlook
object model, CDO or Simple MAPI
As a developer, you have various options when you try to avoid
the security features. To summarize your typical options depending on where you
are developing your solution:
- Outlook custom forms: Publish forms so that they are not one-off forms, or use the
administrator features to enable VBScript code in one-off forms to
- Outlook Visual Basic for Applications: Use the administrator features to disable object model
restrictions, or convert your Visual Basic for Applications code to a COM
Add-in, and then register it by using the administrator form.
- COM add-ins: COM add-ins can be trusted if an administrator registers them by
using the administrator form. However, when you are using a COM add-in, only
the Outlook object model is exempted; the CDO object model will still generate
You cannot trust COM add-ins in Outlook 2000. This was a
feature that was added to the Outlook 2002 version of the administrator
- Automating the Outlook or CDO object models: Use the administrator features to disable object model
If feasible, you may want to consider redesigning your solution
so that it runs on a server instead of a client. Server-based APIs are not
protected by these e-mail security features.
You may also want to
consider using a different messaging API or library:
- Collaboration Data Objects for Windows 2000
(CDOSYS) This library is available with Microsoft Windows 2000
(Professional and Server editions) and Microsoft Windows XP (Professional
Edition). CDOSYS is installed by the Internet Information Services (IIS)
component of Windows, so you must install IIS in order to use
information, click the following article number to view the article in the
Microsoft Knowledge Base:
For additional information about CDOSYS, visit the
following Microsoft Developer Network (MSDN) Web site:
How to send HTML formatted mail using CDO for Windows 2000 and the local pickup directory
- Extended MAPI You must write your code in C/C++. For additional information,
visit the following Microsoft Developer Network (MSDN) Web site: