Where is the security issue? The emails Microsoft sends are not signed in any way. There is no way to verify that the email was actually sent by Microsoft, nor can you be sure that the content was not altered. Basically, anyone who finds your company's JMRP address, can send false complaints and at the very least tie up your customer service people with wild goose chases.
Automated systems for handling these emails can only verify the SPF records and hope that the headers haven't been spoofed or messages altered in transit (Unlike Domain Keys or DKIM, SenderID doesn't protect against such issues.) The possible attacks are two fold-
- Forge complaints from known subscribers who want to receive the mailings, thereby causing the sender to lose business
- Alter real complaints in transit so that complainers don't get unsubscribed, thereby hurting the mail sender's reputation.
This could all be solved just by signing the emails using S/MIME or some other form of validation but Microsoft doesn't seem to be interested.
In short, don't trust JMRP emails blindly. Tell Microsoft you want them to sign the emails so we can all receive less spam.