If a policy has response rule with "Limit Incident Data Retention" action to discard original message (as seen below)

Then behavior of clicking on "Open Original Message" (highlighted below) in incident snapshot is NOT consistent between SMTP prevent and O365

SMTP prevent shows the follow dialog box (this is the expected behavior)

Where as O365 allows the user to save/open the message 

and saves a 0 bytes message / opens an empty message

Release : 16.0

If detection server is a CDS, we store a row with an encrypted empty string in MessageLob table to indicate that the Original message was discarded. But if detection server is an SMTP prevent on-prem server, then we do not store any row in MessageLob table.

This is just a place holder and is by design.