Managing email deliverability often involves keeping a close eye on your reputation with major mailbox providers. Microsoft's Smart Network Data Services (SNDS) is an essential tool for understanding how Outlook.com and other Microsoft properties view your sending IPs, providing insights into complaint rates, spam trap hits, and blocklisting (or blacklisting) status. Many email professionals, especially those new to a team or working with an Email Service Provider (ESP), often ask how to grant someone access to their SNDS account. This process can seem a bit opaque at first, but it's designed with security and IP ownership verification in mind.
Unlike some other tools where you might simply add users to a shared dashboard, SNDS operates on a principle of verifying that you are truly responsible for the IP addresses you want to monitor. This means the way you grant access isn't through a direct invite from an existing SNDS account. Instead, it involves a process where the person needing access requests it themselves, and the verified IP owner then approves that request. Understanding this core difference is key to successfully granting access.
Understanding SNDS access for your IPs
SNDS access is fundamentally tied to the ownership of specific IP addresses or IP ranges. When you initially set up your SNDS account, you verified that you were the legitimate sender for those IPs, usually through a reverse DNS lookup or by receiving an email to a designated administrative email address like abuse@ or postmaster@ for the associated domain. This foundational step is crucial because it ensures that only authorized entities can view sensitive deliverability data for an IP.
Therefore, if someone needs access to your SNDS data, they will need to initiate the request themselves. They must create their own Microsoft account if they don't already have one, and then navigate to the SNDS portal to request access for the specific IP addresses or ranges they need to monitor. This self-service approach is a core part of the system's security architecture.
Once their request is made, it triggers an approval process where the actual IP owner, or the designated email address associated with the IP's reverse DNS entry (e.g., abuse@ or postmaster@), receives a notification. This is where you, or your organization, come in. You will then have the opportunity to review and approve their request. This decentralized method ensures that control remains with the rightful IP owner, even when multiple individuals or teams require access.
Collaborating with your email service provider
Many organizations don't directly own their sending IP addresses. Instead, they use Email Service Providers (ESPs) like SendGrid, Mailgun, or SparkPost, which manage the underlying IP infrastructure. In such cases, the ESP is typically the registered owner of the IP addresses. This means that if you're using an ESP and someone on your team needs SNDS access, the approval for their request won't come to you directly, but to your ESP.
Communicating with your ESP
If your Email Service Provider manages your sending IP addresses, they are the ones who will receive and need to approve SNDS access requests. It is best practice to proactively communicate with your ESP's support team before someone on your team requests access, informing them that a request is coming. This helps streamline the approval process and avoids delays.
Your ESP will have a process in place to handle these requests. They receive the approval email to their administrative addresses and then, assuming the request is legitimate and for IPs allocated to you, they will approve it. Some ESPs might offer direct integration or specific instructions for obtaining SNDS data. For example, some platforms might pull SNDS data directly into their dashboards, abstracting the direct SNDS access. However, for direct portal access, the ESP's approval is essential.
Direct IP ownership
When you directly own your sending IP addresses, you have full control over SNDS access. You (or your designated abuse@ or postmaster@ contact) will receive the access request email directly from Microsoft.
Control: You directly approve or deny requests.
Visibility: Clear understanding of who has access.
If your Email Service Provider owns the sending IPs, they are the ones who will receive the SNDS access requests. You'll need to coordinate with them to ensure your team members gain access. Learn more about getting Microsoft SNDS access with an ESP.
Coordination: Requires communication with your ESP.
Simplified Management: You don't handle IP verification directly.
Whether you manage your own IPs or use an ESP, the considerations around shared versus dedicated IPs are also important. If you are on a shared IP, your ESP might be hesitant to grant direct SNDS access due to the multi-tenant nature of the IP. For dedicated IPs, securing access is generally simpler, as the IP is exclusively associated with your sending practices.
The steps to request and approve SNDS access
The first step for the person who needs access is to navigate to the Microsoft Smart Network Data Service Request Access page. On this page, they will be prompted to enter the IP address, IP range, or Autonomous System Number (ASN) for which they are requesting data. It's crucial they enter the correct IP addresses that your organization uses for sending email.
After entering the IP information, the system will prompt them to select an email address for approval. This email address should be an administrative address (like abuse@ or postmaster@) associated with the domain that the IPs send for, or the ESP's designated approval contact. If you control these addresses, you will receive the approval email. If your ESP controls them, they will receive it.
Example IP and CIDR formats
192.0.2.0/24
203.0.113.45
2001:db8::/32
Once the request is submitted, an approval email is sent to the designated contact. This email contains a link to approve or deny the request. The IP owner, whether it's your IT department or your ESP, needs to click this link and complete the approval process. It's important to act on these requests promptly, as there is often a relatively short window of opportunity for approval before the request expires and needs to be re-initiated.
Prompt approval is essential
Microsoft's SNDS approval emails often have a time limit. If the designated approver does not act within this window, the request will expire, and the person needing access will have to submit a new request. Ensure your team knows to monitor the abuse@ and postmaster@ inboxes for these critical notifications. Delays can lead to a lack of visibility into important deliverability data, hindering your ability to address potential blocklist (or blacklist) issues.
Common challenges and important considerations
A common point of confusion arises when the IP address in question is not directly owned by your organization, but rather by an Email Service Provider. If your ESP initially set up your SNDS access, it means they are the registered IP owner with Microsoft. In this scenario, any new access requests for those IPs will go to them for approval. You will need to coordinate with your ESP's support or account manager to ensure these requests are processed.
While SNDS doesn't have a direct add user feature like some other postmaster tools, internal teams can still effectively collaborate. One way is to ensure that the administrative email addresses (like abuse@ and postmaster@) are group mailboxes or distribution lists that multiple team members have access to. This way, anyone on the team can receive and respond to SNDS access requests or other important notifications from Microsoft.
Views from the trenches
Best practices
Always maintain up-to-date contacts for your abuse@ and postmaster@ email addresses to ensure prompt receipt of SNDS approval requests and other critical deliverability alerts.
If using an Email Service Provider, establish clear communication channels with their support team regarding SNDS access requests for your dedicated IP addresses.
Regularly review who has access to your SNDS data and remove access for individuals who no longer require it for security and data privacy reasons.
Common pitfalls
Assuming direct 'add user' functionality exists in SNDS, leading to frustration when trying to grant access via an existing account.
Neglecting to inform your ESP about incoming SNDS access requests, which can lead to delays or unapproved requests for ESP-managed IPs.
Allowing SNDS access requests to expire due to unmonitored abuse@ or postmaster@ inboxes, requiring re-submission of requests.
Expert tips
If you're an ESP user, request a direct integration with SNDS from your provider to get reputation data without managing individual access.
For large organizations, consider setting up a dedicated email alias or distribution list for all postmaster and abuse addresses to centralize SNDS notifications.
Utilize SNDS data proactively to identify and mitigate potential blocklist or blacklist issues before they severely impact your email deliverability.
Marketer view
Marketer from Email Geeks says they don’t directly add users to SNDS, but individuals need to create their own accounts and request access to the relevant IP range.
2020-01-09 - Email Geeks
Marketer view
Marketer from Email Geeks says that when someone requests access, the IP owner will receive an email to their abuse@ or postmaster@ address for approval.
2020-01-09 - Email Geeks
Ensuring continuous deliverability monitoring
Granting someone access to your SNDS account isn't about adding them as a user within the portal. Instead, it revolves around the decentralized process of individual request and IP owner approval. The person needing access must initiate the process by creating their own Microsoft account and requesting access to the relevant IP addresses. The critical step then falls to the verified IP owner, or their designated administrative email contacts, to approve this request promptly.
Whether your organization directly manages its IPs or relies on an Email Service Provider, understanding this flow is vital for maintaining consistent monitoring of your email reputation. By following these steps and ensuring clear communication, especially with your ESP if they manage your IPs, you can ensure that all necessary team members have the insights they need to maintain healthy email deliverability and avoid issues like being put on a blocklist or blacklist.
Microsoft account if they don't already have one, and then navigate to the SNDS portal to request access for the specific IP addresses or ranges they need to monitor. This self-service approach is a core part of the system's security architecture.
