Microsoft has shipped significant changes to Smart Network Data Services (SNDS) and the Junk Mail Reporting Program (JMRP), effective early 2026. These aren’t cosmetic, they impact complaint processing pipelines, automation infrastructure, and access governance.
What changed:
- JMRP reports are now fully ARF-standardized. Original message headers and selected authentication headers (DKIM, SPF, ARC) are included. However, the sender address is redacted and the original message body is completely removed. Any complaint attribution workflow that relied on parsing body content: customer IDs, order references, account tokens, will now be now broken.
- Complaint sample downloads removed. The SNDS portal no longer provides downloadable complaint samples for manual investigation.
- Automated data access links expire after 30 days. Static URLs used in scripts, cron jobs, or dashboards will silently fail once the token lapses. No warning, no fallback.
- JMRP feeds now require verified SNDS account linkage. Unassociated feeds, including those still pointing at former employees, agencies, or legacy vendor endpoints, may be purged without notice.
Technical action items:
1. Implement header-based complaint tracking
Since ARF reports no longer contain message bodies, all complaint attribution must happen via headers. At minimum, inject the following custom headers at send time:
X-Campaign-ID: {{campaign_uuid}}
X-Message-ID: {{unique_message_uuid}}
X-Customer-ID: {{internal_subscriber_id}}
X-Account-ID: {{tenant_or_account_id}}
List-ID: <{{list_slug}}.emailexpert.com>Ensure these values are logged in your sending platform and indexed for lookup against inbound ARF data. Without this, complaint-to-subscriber matching becomes guesswork.
2. Update ARF parsing logic
Review your FBL ingestion pipeline. Confirm:
- Parser correctly handles ARF
message/feedback-reportMIME parts - Identifier extraction targets headers, not body content
- Any regex or matching logic referencing
text/plainortext/htmlbody parts is deprecated or removed - Parsed header values are mapped back to your subscriber/campaign data store
3. Automate 30-day token rotation
For any programmatic SNDS data pulls:
- Implement a scheduled token refresh (minimum monthly, recommend every 21 days for buffer)
- Add health checks — monitor HTTP response codes on each pull; alert on
401,403, or empty responses - Assign explicit ownership so rotation doesn’t become an orphaned task
4. Verify SNDS/JMRP linkage
Log into the SNDS portal and confirm:
- All sending IPs are properly claimed and verified
- Each JMRP feedback address is explicitly linked to a verified SNDS account
- No orphaned or legacy FBL endpoints remain active
5. Access audit
Review who holds SNDS credentials and who receives JMRP reports. Remove former staff, previous agencies, and any vendor endpoints no longer under your control. Treat reputation data as security infrastructure.
Bottom line: Microsoft is enforcing tighter privacy and access controls across its postmaster tooling. Complaint data is still available — but only to senders running header-based identification, actively maintained automation, and verified account governance.
