Skip to content
· by Femke van der Berg

Microsoft SNDS and JMRP in 2026: complete guide with the January 2026 breaking changes nobody documents

Microsoft made breaking changes to SNDS and JMRP in January 2026 that older guides never mention: ARF format redaction, mandatory JMRP-SNDS account linking, automated link expiry, portal URL migration. This is the operator guide that covers what actually changed, how to interpret SNDS green/yellow/red, and how Microsoft's signals compare to Postmaster Tools v2.

microsoft-sndsjmrpoutlook-deliverabilityfeedback-loopsdeliverability-monitoringhotmail

Microsoft’s deliverability tools for Outlook.com, Hotmail, Live and MSN — Smart Network Data Services (SNDS) and the Junk Mail Reporting Program (JMRP) — are documented but rarely explained operationally. The official documentation tells you the records exist and where to register; it does not tell you how to interpret the signals when they conflict, what the January 2026 breaking changes mean for your existing integrations, or how to architect monitoring that combines SNDS with Gmail’s Postmaster Tools v2 and Yahoo’s Sender Hub. After Microsoft’s May 5, 2025 enforcement (550 5.7.515 Access denied for non-compliant 5,000+/day senders), the cost of misreading SNDS signals climbed substantially: yellow status that gets ignored becomes red within 48-72 hours; red status now correlates with hard SMTP rejections rather than soft junk-folder placement. PCI DSS v4.0 (effective March 31, 2025) and DORA (effective January 17, 2025) put additional weight on Microsoft monitoring discipline because both frameworks treat email auth and reputation as security controls subject to audit.

This is the operational field guide we use during Microsoft-side deliverability work: what each signal actually measures, how the January 2026 changes break older monitoring patterns, the SNDS-vs-Postmaster-Tools-v2 decision matrix, the SMTP error code mapping post-May-2025 enforcement, and the multi-receiver integration pattern that survives contact with production reality.

What changed in January 2026 (and why it breaks older guides)

Microsoft pushed four substantial changes to SNDS and JMRP starting January 2026 that older guides do not mention. If you read a tutorial published before December 2025, parts of it are wrong now.

Change 1 — ARF format redaction

JMRP feedback reports historically included the full original message body when a recipient marked an email as junk. This was enormously useful for content-level diagnosis: you could see exactly which message triggered the complaint and what the recipient saw.

What changed: ARF reports now include only original message headers plus selected authentication headers (Authentication-Results, Received-SPF). The sender address is redacted. The full email body is no longer appended.

Operational implication: you can no longer review the actual message content from JMRP reports. Content-level complaint diagnosis now requires your own internal tracking — campaign IDs in headers, message UUIDs, custom X-headers correlating to your sending records. If your existing JMRP processing pipeline parsed the body for content analysis, that pipeline is now broken silently.

Fix: add internal correlation IDs to your sending so that when JMRP reports the headers of a complained message, you can look up the corresponding campaign, content variant, and recipient context from your own records.

Historically, JMRP feeds could exist independently of SNDS access. Many operators had JMRP set up years ago without ever registering for SNDS.

What changed: JMRP feeds not linked to SNDS accounts will be removed. Microsoft requires creating new JMRP feeds from within SNDS-authorised accounts, with network access kept up to date.

Operational implication: standalone JMRP setups from years past will eventually stop receiving complaints. The transition is not immediate but is gradual; standalone JMRP is being deprecated.

Fix: register for SNDS for all sending IPs, then re-create JMRP feeds from within the SNDS-linked account. Plan this as a 2-4 week project for typical multi-IP setups.

The “Automated Data Access” link feature lets you generate authenticated URLs for programmatic SNDS data retrieval (typical pattern: cron job pulls SNDS CSV daily for monitoring dashboard).

What changed: these automated links now expire after 30 days. Previously they persisted indefinitely.

Operational implication: monitoring scripts using Automated Data Access links will silently break monthly when the link expires. Your dashboard will show the same data forever, with no error indication that the source has stopped updating.

Fix: build monthly link rotation into your monitoring pipeline. Either generate new links via API monthly or build human-in-the-loop alerting that surfaces when the link is about to expire so you can manually rotate it.

Change 4 — Portal URL migration

SNDS is moving to a new URL as part of an upcoming service update. The current sendersupport.olc.protection.outlook.com/snds URL will eventually redirect or stop responding.

Operational implication: hardcoded URLs in your monitoring scripts and bookmarks will break when the migration completes. Microsoft has not published the new URL or migration date as of April 2026.

Fix: parametrise the SNDS base URL in your code so the migration is a config change, not a code rewrite. Subscribe to the SNDS announcements page for migration date notification.

The Microsoft monitoring stack — what data flows where

Before the per-tool detail, the diagram below shows how SNDS, JMRP, Postmaster Tools v2 and Yahoo Sender Hub fit together in a working monitoring architecture. The point is to make explicit that these four data sources measure different things at different layers, and combining them correctly is the architectural challenge — there is no unified dashboard that does this for you out of the box.

Microsoft monitoring stack — data flow from sender side to combined dashboard
Sender side — sending MTA + bounce log captureSending MTA (PowerMTA, KumoMTA, Postfix)Custom X-headers: Campaign-ID · Message-UUID · Template-VariantRequired for post-Jan-2026 ARF correlation (body redacted)Bounce log capture550 5.7.515 (May 2025 enforcement) · 5.7.x reputation · 4.7.x deferralDiagnostic for SmartScreen verdict alignmentReceiver-side data sources — four parallel monitoring inputsSNDSIP-level reputationGreen / Yellow / RedTrap hits (always 0)Automated Data Access30-day link expiry (Jan 2026)JMRPPer-message complaintsARF format (redacted)Auth headers preservedBody REMOVED Jan 2026Must link to SNDS accountPostmaster Tools v2Domain-level (Gmail)Compliance StatusSpam rate dashboardAPI v2 batch queryReleased October 2024Yahoo Sender HubYahoo + AOL signalInsights DashboardFBL feedbackWeb portal (no API)Released October 2025Combined deliverability dashboardPer-IP + per-domain views · cross-receiver alerting · DMARC aggregate parsingBuild options: SaaS aggregator (Dmarcian, EasyDMARC, Valimail) or in-house engineeringBreak-even build-vs-buy: ~12-18 months at €2K-8K/month tooling costArchitectural constraintSNDS is IP-based (assumes dedicated IPs) · Postmaster Tools v2 is domain-based (works on shared IPs)Shared-IP operators have limited SNDS access (gated through ESP) · dedicated-IP operators have full SNDS directChoose monitoring stack tier based on this constraint, not on volume alone

The diagram makes explicit the most-misunderstood aspect of Microsoft monitoring: SNDS and Postmaster Tools v2 are not interchangeable. They measure different things at different layers — SNDS at the IP level, Postmaster Tools v2 at the domain level — and choosing between them is structural, not a preference. Operators on shared IPs cannot fully replace Postmaster Tools v2’s domain-level signal with SNDS no matter how much they want to; operators on dedicated IPs need both because each one surfaces issues the other does not.

What SNDS actually measures (and what it does not)

The data SNDS shows you, with the operational meaning of each:

IP reputation (filter result): green / yellow / red coloured indicator showing how Microsoft’s SmartScreen content filter classifies traffic from your IP. Green = under 10% spam-classified, yellow = 10-90%, red = over 90%.

Message volume: approximate emails sent from your IP to Microsoft consumer recipients per day.

Complaint count: JMR complaints categorised as Spam for the IP per day.

Trap hits: emails sent to spam trap addresses Microsoft maintains. Target is always zero. Any trap hit indicates list quality failure.

RCPT and DATA command counts: SMTP-level metrics. Discrepancy between RCPT (recipient acknowledgements) and DATA (full message accepted) indicates recipients are being rejected before message body transmission, often a sign of address validation failures or spam pre-filtering.

Comments column: Microsoft’s notes about specific actions taken against your IP. Common values: “Abuse Reported”, “JMR Block”, “1 virus(es) detected”.

HELO and MAIL identifier: the SMTP identifiers your mail server presented during the session. Mismatch with your sending domain or PTR record is a configuration warning.

What SNDS does not measure:

Domain-level reputation: SNDS is entirely IP-based. If you send from a shared IP pool (most ESPs), you cannot get domain-level reputation data from SNDS. For domain reputation on Microsoft, you have no equivalent of Gmail’s Postmaster Tools — domain signal at Microsoft has to be inferred from JMRP patterns plus inbox placement testing.

Inbox placement: SNDS tells you how SmartScreen classifies your traffic, not whether messages reach the primary inbox. Green-rated IPs can still have mail landing in spam if recipient engagement is low. Inbox placement testing (GlockApps, seed list services) is required for placement signal.

Microsoft 365 enterprise filtering: SNDS covers consumer Microsoft domains (Outlook.com, Hotmail, Live, MSN). It does not cover Microsoft 365 enterprise tenants. For corporate Outlook deliverability, you need different tools and different remediation paths.

Cross-receiver patterns: SNDS is Microsoft-only. You see nothing about Gmail, Yahoo, Apple Mail, or any other receiver.

Reading SNDS green/yellow/red correctly

The colour system is intentionally vague — Microsoft does not want to give spammers precision tooling — but the operational interpretation is clearer than the documentation suggests.

Green status

Less than 10% of your IP’s mail to Microsoft consumer recipients is filtered as spam by SmartScreen. This is the normal status for healthy senders.

Common operator misinterpretation: green ≠ inbox placement. Green means SmartScreen does not consider you spam-shaped. Recipients can still move your mail to junk, lowering complaint-driven placement decisions. Engagement metrics matter independently of SmartScreen verdict.

What to do: maintain monitoring, do not assume green is permanent. A green IP can flip to yellow within 24-48 hours after a single bad campaign or list segment.

Yellow status

10-90% of your IP’s mail is filtered as spam. This is the warning zone.

Diagnostic priority order:

  1. Check JMRP reports for a spike in complaints — usually the proximate cause
  2. Check the Comments column for “Abuse Reported” or “JMR Block” entries
  3. Review recent campaigns sent from this IP for content or list quality issues
  4. Compare RCPT vs DATA counts — significant gap indicates address validation problems

What to do: pause aggressive sending from the affected IP, identify the problematic campaign or segment, suppress complaining addresses (from JMRP), wait 5-7 days for SmartScreen to re-evaluate.

Red status

Over 90% of your IP’s mail is filtered as spam. This is the critical zone — most of your Microsoft delivery is failing.

Reality: red status often comes with active blocking via JMR Block. You may also see 550 5.7.515 or similar 5xx rejection codes in your bounce logs.

Diagnostic priority order:

  1. Check Comments for “JMR Block” — confirms blocking is active
  2. Pull JMRP reports immediately — identify the source of complaints
  3. Suppress all complaining addresses from JMRP across your entire list (cross-domain if applicable)
  4. Stop all campaigns from the affected IP immediately
  5. Check for list contamination (purchased addresses, scraped addresses, ancient unengaged contacts)

Recovery path: red status recovery requires:

  • 7-14 days of zero new complaints from the affected IP
  • Suppression of the complaint sources (suspect address segments, recent campaigns)
  • Possible Microsoft Sender Support form submission for delisting after the source issue is fixed
  • Reduced sending volume to demonstrate improved patterns

Red status is not auto-recovering. Operators who continue sending normal volume from a red IP see persistent rejection until the underlying issue is structurally fixed.

SNDS color-code distribution during a typical 60-day warmup

The chart below shows how SNDS color status evolves during a typical 60-day Microsoft warmup. The pattern matters because most operators encounter a yellow excursion around days 14-21 (Microsoft’s filter is more reactive than Gmail’s during the volume ramp), and recognising the excursion as expected rather than as an incident determines whether the warmup recovers or stalls.

SNDS color status distribution by warmup week (typical 60-day arc)
SNDS color status distribution by warmup week, typical 60-day Microsoft warmup arc
Categoría Green (%)Yellow (%)Red (%)
Week 1 306010
Week 2 45505
Week 3 60382
Week 4 78220
Week 5 88120
Week 6 9280
Week 7 9550
Week 8 9640

Distribution reflects Blue Spirit operational guidance from 100+ managed Microsoft warmup engagements 2024-2026. The yellow excursion in weeks 1-3 is structural, not pathological — Microsoft's SmartScreen filter classifies aggressively during the early reputation accumulation window because there is insufficient signal to warrant green status. Operators who panic at week 2 yellow status and abort the warmup typically restart from a worse position than if they had held the discipline. Red excursions in week 1 are acceptable IF they correspond to single-day spikes that resolve naturally; sustained red across multiple consecutive days in week 1 indicates a list-quality problem that warmup will not fix. By week 4, green should be the dominant state; if yellow remains majority by week 4, the warmup is stalling and recovery framework intervention should be considered. The chart visualizes the median trajectory; individual warmups vary based on list quality, content type, sending pattern consistency.

The yellow excursion in weeks 1-3 is the most-misunderstood pattern in Microsoft warmups. Operators frequently panic when they see yellow status during week 2 and either abort the warmup, drastically reduce volume, or escalate to managed services. The data shows that yellow is the expected median state during weeks 1-3, not an exception. The actionable threshold is sustained red (multiple consecutive days) or yellow persisting past week 4 — those indicate genuine warmup failures.

SNDS vs Postmaster Tools v2 — when each tells you what

Operators frequently want to know which tool to trust when they conflict. The honest answer: they measure different things at different layers, and neither alone gives you the full picture.

DimensionSNDS (Microsoft)Postmaster Tools v2 (Gmail)
GranularityIP-levelDomain-level
ScopeConsumer Microsoft onlyPersonal Gmail only
Reputation signalGreen/Yellow/Red SmartScreen verdictCompliance Status binary Pass/Needs Work
Complaint visibilityPer-message via JMRP (with Jan 2026 limitations)Aggregate spam rate dashboard
Authentication signalLimited (in JMRP headers)SPF/DKIM/DMARC dashboards
Volume threshold~100/day for visibility~5,000/day for full Compliance Status
Update lagDaily aggregationRolling averages, up to 7 days for Compliance Status
Programmatic accessAutomated Data Access links (now 30-day expiry)API v2 with batch query
Architecture assumptionDedicated IP ownershipDomain ownership (works on shared IPs)

The architectural difference matters: SNDS assumes you own dedicated IPs, while Postmaster Tools v2 works for any sender on any infrastructure. If you are on shared IPs (typical of operators using Mailgun, SendGrid, Postmark, or any modern ESP), SNDS data is harder to access because the IP belongs to your ESP, not you. JMRP can still work via the ESP setting it up, but SNDS visibility requires the ESP to grant you access.

For operators on shared IPs, the practical Microsoft monitoring stack:

  1. Request JMRP feed access from your ESP — most ESPs route JMRP complaints back to senders
  2. Use ESP-side SNDS data if exposed — Mailgun and SendGrid surface some SNDS-derived metrics in their dashboards
  3. Inbox placement testing to seed Microsoft consumer mailboxes for actual placement signal
  4. Bounce log analysis for 550 5.7.515 rejections that indicate Microsoft enforcement actions

For operators on dedicated IPs (PowerMTA, KumoMTA, large-scale self-hosted), SNDS is essential and the JMRP integration is direct.

SMTP error codes from Microsoft post-May-2025 enforcement

The May 5, 2025 enforcement introduced new SMTP rejection codes for non-compliant 5,000+/day senders. The table below maps the codes you will see in bounce logs to their meaning and the corresponding diagnostic action.

SMTP codeMeaningDiagnostic action
550 5.7.515 Access deniedMicrosoft May 2025 bulk-sender enforcement: sender does not meet authentication requirements (SPF, DKIM, DMARC at p=none minimum) for 5,000+/day volumeVerify SPF + DKIM + DMARC published and aligned per authentication guide; verify volume threshold (5,000/day per RFC threshold means approximately 30K/month consumer Microsoft)
550 5.7.1 Service unavailable; Client host blockedIP-level reputation block (correlates with red SNDS status); sender added to internal blocklistPull SNDS Comments column for “JMR Block”; pull JMRP for complaint sources; full incident response per the recovery framework
550 5.7.606-625 Access denied, banned sending IPSpecific IP geographic or pattern-based block (less common)Verify IP reputation across multiple monitoring sources; consider IP swap if persistent
550 5.4.30 RemoteServerNotFoundDNS resolution failure for receiving server (typically not sender-side)Verify recipient domain DNS; transient retry; not usually a sender problem
550 5.7.708 Service unavailable. Access denied, traffic not accepted from this IPIP listed on Microsoft internal abuse listMicrosoft Sender Support form for delisting after fixing root cause; delisting takes 7-14 days for first-time, longer for repeat
421 4.7.500-699 Service unavailableTemporary throttle / deferral, often during reputation evaluation periodsReduce sending rate; let reputation re-evaluate over 24-72 hours; not indicative of permanent block
550 5.7.501 Access denied, spam abuse detectedContent-level spam classificationReview recent campaigns for content patterns triggering classification; frequently correlates with subject lines or body content matching known spam patterns
550 5.7.230 Spam content detected after authentication passedHybrid authentication-pass-but-content-failAuthentication is fine; problem is content-level. Engagement-driven re-evaluation; volume reduction recommended
550 5.7.350 Remote server returned message detected as spamRecipient organisation policy rejection (typically Microsoft 365 enterprise tenant)Recipient-side filter; sender authentication and reputation are not the proximate cause; affects Microsoft 365 enterprise targets specifically
552 5.2.3 Message size exceeds fixed maximum sizeMessage body exceeded recipient size limit (typically 25-35 MB)Reduce attachment size; not related to reputation

The single most important diagnostic in 2026: 550 5.7.515 is the post-May-2025 enforcement signature. If you see this code in bounce logs and you are sending more than 5,000/day to Microsoft consumer mailboxes, your authentication baseline is incomplete. This is not a reputation problem — it is a structural authentication problem that must be fixed before any other diagnostic work matters.

How JMRP reports work post-January 2026

The new ARF format changes the operational pattern for JMRP processing.

What you receive: ARF-formatted complaint message containing original message headers, Authentication-Results header, Received-SPF header. The sender address is redacted. The original message body is not included.

What you can do with this:

  • Identify the complaining address from the To: header (so you can suppress them)
  • Correlate the complaint to a campaign via your custom X-headers (Campaign-ID, Message-UUID, etc.)
  • Check authentication results for the message that was complained about
  • Track complaint patterns over time

What you can no longer do without internal correlation:

  • See the actual content of the complained message
  • Diagnose subject line or body content as the cause
  • Determine which template variant or A/B test arm triggered complaints

The fix is internal correlation IDs. We recommend:

X-Campaign-ID: <unique campaign identifier>
X-Message-UUID: <unique per-message identifier>  
X-Template-Variant: <A/B test arm or template name>
X-Segment-ID: <list segment identifier>
X-Send-Time: <ISO 8601 timestamp>

When JMRP reports come in with these headers preserved, your processing pipeline can look up the full message context from your sending records. Without this internal correlation, JMRP reports become significantly less actionable post-January 2026.

Trap hits — the metric that always matters

Trap hit count is the most important metric in SNDS that the colour system does not capture. Trap hits should always be zero. Any non-zero count is a list quality emergency.

Microsoft maintains spam trap addresses that:

  • Were never opted in to anything
  • Are seeded across the public internet to catch list scrapers
  • Include recycled addresses (former real users, now reactivated as traps)

A single trap hit can degrade reputation immediately. Repeated trap hits indicate systematic list quality failure (purchased lists, scraped addresses, very old unengaged segments converted to traps).

Remediation when trap hits appear:

  1. Identify which segment or campaign produced the hit (timing correlation with your sends)
  2. Verify the entire suspect list against multiple verification services (Prospeo, ZeroBounce, NeverBounce)
  3. Suppress all addresses with no engagement in the past 90 days
  4. Pause all sends from the affected IP until trap hits return to zero
  5. Wait 14-30 days for reputation to recover before resuming volume

Trap hits do not show what address was hit — Microsoft does not reveal trap addresses (revealing them would defeat the purpose). You cannot find and remove specific traps. The only fix is improving the entire list’s quality.

Multi-IP pool monitoring — when single-IP signals do not aggregate cleanly

Single-IP SNDS monitoring is the simple case. Multi-IP pool monitoring is operationally different in three important ways that older guides do not address.

Per-IP signal segmentation: SNDS reports per IP, not per pool. A 16-IP pool produces 16 separate SNDS rows. Aggregating them into a single “pool health” view requires custom data processing — there is no SNDS pool dashboard. The aggregation matters because pool-wide problems (a list-quality incident affecting all IPs) look different from per-IP problems (one IP having a bad day for unrelated reasons), and the response is different.

JMRP attribution accuracy: a JMRP complaint reports the originating IP. In a pool, this means complaints distribute across IPs based on routing, not based on cause. A list-quality problem affecting 2% of subscribers will produce JMRP complaints distributed proportionally across whichever IPs delivered to the affected subscribers. Per-IP attribution can mislead diagnosis when the actual cause is pool-wide.

Rotation policies during incidents: when one IP shows yellow SNDS status, the operationally correct response is route around it, not pause the entire pool. PowerMTA and KumoMTA both support per-IP throttling and routing decisions; building this discipline into the monitoring runbook means an incident on IP-7 of a 16-IP pool reduces total throughput by 6.25%, not 100%.

For pool architectures, the monitoring layer must produce three distinct views:

  1. Per-IP detail: SNDS row per IP, JMRP complaint count per IP, bounce log distribution per IP
  2. Pool aggregate: weighted average SNDS status (where each IP’s contribution is weighted by daily volume), pool-wide complaint rate, pool-wide trap hit count
  3. Pool segmentation: which IPs handle which subscriber segments, which content types, which sending brands (for multi-brand pool architectures)

Without all three views, multi-IP operators consistently mis-diagnose incidents — either over-reacting to single-IP yellow status as a pool emergency, or under-reacting to pool-wide problems by treating them as isolated per-IP issues. The architectural pattern works at scale; the implementation work is non-trivial.

For senders combining transactional and marketing on separate IP segments — production-grade architecture for any sender above 500K/day — see our transactional vs marketing IP separation guide for the segmentation pattern that survives reputation contagion between traffic types.

EU regional considerations — Microsoft monitoring for European-heavy senders

Microsoft consumer mailboxes (Outlook.com, Hotmail.com, Live.com, MSN) are globally distributed but have regional ML model variations and regional postmaster contact patterns that EU-heavy operators should understand.

EU data residency for Outlook.com / Hotmail.com: Microsoft operates EU data centres (Dublin, Amsterdam, Frankfurt regions) for European consumer mailboxes. SNDS data is global — you see one row per IP regardless of which Microsoft region processed the message. JMRP complaints are global. There is no EU-specific SNDS endpoint; the same sendersupport.olc.protection.outlook.com URL serves all regions.

Microsoft 365 EU enterprise tenants behave differently from consumer Microsoft. For EU financial entities under DORA (effective January 17, 2025) the tenant regional configuration affects audit posture — verify with the receiving organisation whether they operate EU-region tenants and whether their Microsoft Defender for Office 365 configuration affects authentication evaluation patterns. SNDS does not cover Microsoft 365 enterprise; for B2B SaaS senders with Microsoft 365 enterprise audiences, supplement SNDS-based monitoring with placement testing using EU-based seed addresses.

Cross-receiver EU regional coverage: when monitoring EU-heavy lists, Microsoft Outlook.com / Hotmail accounts are part of the picture but not the whole picture. The European regional providers — Web.de, GMX, T-Online.de, Orange.fr, Free.fr, Libero.it, Virgilio.it — each have their own behaviour during reputation incidents that does not correlate cleanly with Microsoft signal. T-Online.de in particular shows reputation degradation patterns that lag Microsoft by 3-5 days; an Outlook.com problem on Monday typically surfaces at T-Online.de on Friday-Sunday. Multi-receiver placement testing across the EU regional estate catches these patterns earlier than waiting for single-provider signals to align.

Postmaster contact patterns in EU: Orange.fr (postmaster.orange.fr), Web.de (postmaster.web.de), and T-Online.de (postmaster.t-online.de) all have direct postmaster contact channels for serious reputation incidents that affect EU sending. These are slower than Microsoft Sender Support (typical 5-10 business day response vs Microsoft’s 3-5) but functional for incident escalation when needed. For DORA-scoped financial entities, documenting these contact channels in the ICT third-party risk register satisfies one of the audit checkpoints around email authentication incident response.

The integration pattern across Microsoft, Gmail, Yahoo

Multi-receiver monitoring requires combining signals from three independent systems. The pattern that works:

Daily monitoring (automated):

  • SNDS data pull via Automated Data Access link (refresh monthly per the Jan 2026 30-day expiry)
  • Postmaster Tools v2 API call for Compliance Status and spam rate (we covered the Python pattern in our Postmaster Tools v2 guide)
  • Yahoo Sender Hub data review (Yahoo Insights Dashboard launched October 2025)

Weekly review (human):

  • DMARC aggregate report analysis
  • JMRP complaint pattern review (which campaigns produce complaints)
  • Inbox placement testing across all three receivers

Per-incident (event-driven):

  • SNDS yellow/red status triggers immediate JMRP review
  • Postmaster Tools v2 Pass → Needs Work transition triggers authentication audit
  • Yahoo complaint spike triggers list segmentation review

The architectural challenge is that Microsoft, Gmail and Yahoo all measure different things at different cadences with different access patterns. There is no unified dashboard that surfaces all three correctly. Building one requires either a SaaS aggregator (DMARCian, Red Sift OnDMARC, EasyDMARC) or in-house engineering work to combine the three APIs.

For most mid-market operators, the SaaS aggregator path is correct because the engineering work to maintain three separate integrations is not cost-justified at single-domain scale. For large-scale or multi-domain operators (agencies, ESPs), the in-house build pays back at scale.

Choose your Microsoft monitoring stack — the decision tool

The Microsoft monitoring decision is structural, not preferential. Use the tool below to get a calibrated stack recommendation; the math reflects 100+ Microsoft monitoring engagements through 2024-2026 and accounts for the post-January-2026 changes affecting both SNDS and JMRP integrations.

The tool’s logic, in summary:

  • Tier 1 — Minimal shared-IP / low-volume — for shared IPs at managed ESPs or volume below SNDS visibility threshold. ESP-provided JMRP forwarding + Postmaster Tools v2 + inbox placement testing.
  • Tier 2 — Standard shared-IP at scale — for shared IPs with serious volume. ESP-side SNDS metrics + JMRP via ESP + paid DMARC aggregator.
  • Tier 2.5 — Dedicated-IP, low Microsoft volume — set up SNDS access for future scale, rely on JMRP and placement testing currently.
  • Tier 3 — Standard dedicated-IP — full SNDS direct + JMRP integration + Postmaster Tools v2 API + Yahoo Sender Hub + DMARC aggregator. Standard production stack.
  • Tier 4 — Enterprise multi-IP — per-IP segmentation + pool aggregation + custom dashboards combining all four data sources. Build vs buy decision; in-house engineering pays back at scale.
  • Active incident response — incident response sequence overrides standard monitoring decisions. Pause, diagnose, contain, recover, then revert to standard monitoring stack.

Common SNDS setup failures and fixes

Five recurring setup issues we see in client engagements:

Failure 1 — abuse@ or postmaster@ address not configured: SNDS verification sends to these standard addresses. If they bounce or are not monitored, verification fails silently. Fix: ensure both [email protected] and [email protected] route to a monitored mailbox before requesting SNDS access.

Failure 2 — Insufficient volume to populate dashboards: SNDS requires roughly 100 daily messages to Microsoft consumer recipients before data appears. Low-volume senders see empty dashboards and assume something is wrong. Fix: confirm volume, or accept that SNDS is not the right tool below the threshold.

Failure 3 — Standalone JMRP without SNDS link (legacy setups): as of 2026, these are being deprecated. Fix: register SNDS, then re-create JMRP feeds from the SNDS-authorised account.

Failure 4 — Hardcoded portal URL in monitoring scripts: the Jan 2026 URL migration breaks scripts with hardcoded URLs. Fix: parametrise SNDS base URL in config.

Failure 5 — Automated Data Access links assumed permanent: monitoring scripts using these links break monthly post-Jan 2026. Fix: monthly link rotation in monitoring pipeline.

What we recommend at Blue Spirit

For transparency: we operate dedicated-IP infrastructure (PowerMTA hosting) where SNDS access is direct and the JMRP integration is built into our standard client onboarding. For shared-IP setups, the monitoring stack we recommend depends on volume and ESP.

For operators below 50K daily Microsoft consumer volume:

  • Postmaster Tools v2 for Gmail (free)
  • ESP-provided JMRP forwarding for Microsoft complaints
  • Inbox placement testing tool ($30-99/month) for Microsoft placement signal

For operators above 50K daily Microsoft consumer volume on dedicated IPs:

  • Direct SNDS access with Automated Data Access for daily monitoring
  • Direct JMRP feeds with custom processing pipeline
  • Postmaster Tools v2 + Yahoo Sender Hub for the other receivers
  • DMARC aggregator for cross-receiver authentication signal

If you want help architecting Microsoft monitoring at scale or migrating legacy JMRP setups to comply with the January 2026 changes, our deliverability audit covers exactly this work. Most clients we audit have JMRP set up from years ago that needs the SNDS-link migration before Microsoft auto-deprecates the standalone feeds.

For the parallel Gmail-side monitoring see Google Postmaster Tools v2 complete guide. The unified observability stack combining SNDS, Postmaster, and DMARC parsedmarc is in unified email observability with Grafana, parsedmarc, Postmaster, and SNDS. For the broader monitoring stack tradeoffs (free vs paid, mid-tier vs enterprise) see our deliverability monitoring stack guide. When SNDS shows degradation requiring intervention, Gmail domain reputation recovery covers the equivalent recovery framework adaptable to Microsoft. For bulk sender requirements that produce SNDS reputation impact see Gmail Yahoo Microsoft bulk sender 2026 compliance.

The honest summary of SNDS and JMRP in 2026: they remain the only Microsoft-side deliverability signal for consumer Outlook/Hotmail, the January 2026 changes are real and break older integrations silently, and the IP-based architecture means they fit dedicated-IP setups much better than shared-IP setups. For shared-IP operators, JMRP via the ESP plus inbox placement testing is the practical alternative to direct SNDS access. For dedicated-IP operators, SNDS is essential and the new operational discipline (monthly link rotation, internal correlation IDs for JMRP) needs to be built into your monitoring from the start.

Femke van der Berg

Senior Deliverability Engineer · Deliverability & Authentication

Something we should write about? Reply with your topic at [email protected].

Chat with us on WhatsApp