Why are we seeing transactional deliverability issues on Microsoft even though SNDS seems to be showing up green?
Matthew Whittaker
Co-founder & CTO, Suped
Published 29 May 2025
Updated 16 Aug 2025
8 min read
It can be frustrating to see your transactional email deliverability issues persist at Microsoft, particularly when Smart Network Data Services (SNDS) shows your sending IPs as 'green'. This situation often leads to confusion, as the green light in SNDS implies good standing, yet bounces and filtering continue. This is a common scenario for many senders, especially those dealing with business and corporate domains.
The core of the problem lies in a misunderstanding of how Microsoft’s diverse email systems, specifically Outlook.com/Hotmail (consumer) and Office 365 (business), interpret and apply sender reputation. While SNDS provides valuable insights, it primarily reflects the reputation for the consumer side of Microsoft’s email infrastructure, not necessarily the more stringent filtering applied to enterprise-level Microsoft 365 environments.
Understanding SNDS versus Microsoft 365 filtering
The bounce message you’re likely seeing, such as '5.7.606 Access denied, banned sending IP', explicitly indicates an IP-based block, but this isn't necessarily reflected in SNDS. This is because SNDS data doesn't fully cover Office 365 accounts. Microsoft 365 (formerly Office 365) employs a more complex and dynamic set of filtering rules that extend beyond the basic IP reputation displayed in SNDS. These rules consider a broader range of factors, including content, user engagement, and internal reputation metrics specific to the corporate environment.
The primary purpose of SNDS is to offer transparency for senders targeting Outlook.com and Hotmail.com, providing a general overview of your sending IP's reputation with Microsoft's consumer mail systems. However, Office 365 environments have their own layers of protection, often influenced by the actions of end-users within those organizations and Microsoft's own proprietary blocklists (or blacklist, as some refer to them) which are not publicly visible via SNDS. This means an IP can be perfectly fine for consumer inboxes, yet completely blocked for business ones.
This discrepancy often means that while your IP might appear green in SNDS, it could still be internally blocklisted (or blacklisted) or flagged by Microsoft's more advanced threat protection systems specifically for Office 365 users. The Microsoft Office 365 delisting portal becomes the critical tool for addressing these specific blocks, as opposed to relying solely on SNDS data.
SNDS overview
Scope: Primarily covers consumer services like Outlook.com and Hotmail.com.
Data types: Provides IP reputation (green/yellow/red) and some basic spam complaint data.
Usefulness: Good for general IP health for consumer email, but limited for business environments.
Microsoft 365 filtering
Scope: Applies to business and corporate domains hosted on Microsoft 365.
Data types: Incorporates a wider range of metrics including internal reputation, user feedback, and advanced threat protection systems.
Usefulness: Requires direct engagement with Microsoft's delisting portals for specific blocks.
Beyond IP reputation: Content and user engagement
When your transactional emails, like onboarding messages or password resets, are affected, the root cause often extends beyond simple IP blocklists (or blacklists). Microsoft 365's filtering is highly sophisticated, focusing on content, recipient engagement, and overall sender behavior. A sudden jump in bounce rates, like the shift from 3.5% to 25%, suggests a significant issue with the quality of your recipient list or the email content itself.
For transactional emails, even if users are added by an account admin, if those added users do not engage positively with the emails, or worse, mark them as spam, your reputation with Microsoft 365 can suffer quickly. Unlike bulk mail, transactional emails are expected to have very high engagement rates and very low complaint rates. Any deviation from this can trigger automated filtering, even if your IPs appear clean on public blacklists or SNDS.
Microsoft's systems are designed to protect their users from unwanted mail, whether it's clearly spam or just unsolicited. Every Microsoft 365 user has access to a 'this-is-spam' button, and frequent use of this button against your emails can severely damage your reputation, regardless of SNDS status. This feedback loop is a powerful signal to Microsoft's filters, leading to email blocks and a trip to the junk folder.
Common causes of Microsoft 365 deliverability issues
List quality: Sending to invalid or inactive addresses increases bounce rates.
Complaint rates: Even a small percentage of users marking your transactional emails as junk can be detrimental.
Content issues: Suspicious links, generic content, or poor formatting can trigger filters.
Shared IP reputation: If you're on a shared IP, other senders' bad practices can affect you.
Addressing transactional email challenges
The key to resolving these transactional deliverability issues is to focus on maintaining a pristine sender reputation across all facets, not just what SNDS reports. For transactional emails, ensuring that every recipient has explicitly opted in and expects the email is paramount. Even if an account admin adds users, it's crucial that those users genuinely intend to receive communications via your platform. This is detailed further in our article on how to resolve Microsoft email blocks when SNDS shows normal status.
A common cause for a sudden spike in bounce rates after migrating to a new platform (like Iterable, which uses Mailgun IPs) could be sending to a list that was not sufficiently cleaned or validated for a period, even if they are 'net new folks' for your current platform. Old or inactive email addresses can become spam traps or simply hard bounces, signaling poor list hygiene to Microsoft 365, leading to blocklisting (or blacklisting). This is a critical factor often missed when troubleshooting Microsoft Outlook and Hotmail deliverability issues.
Implementing robust list validation at the point of data acquisition, even if it's an internal admin adding users, is crucial. This can help filter out problematic addresses before they negatively impact your sender reputation. Additionally, monitoring DMARC reports can offer valuable insights into authentication failures that might contribute to deliverability issues, complementing the information you get from SNDS. Learn more about DMARC, SPF, and DKIM for improved deliverability.
Factor
Impact on Microsoft 365 Deliverability
Mitigation Strategy
Spam complaints
High complaint rates directly reduce sender reputation and trigger internal blocks.
Ensure clear opt-in. Monitor feedback loops and remove complainers immediately.
Bounce rate
High hard bounce rates indicate poor list hygiene and can lead to IP reputation damage.
Implement real-time email validation and regularly clean your lists.
Engagement
Low open and click rates, combined with high deletions or junk classifications, negatively affect sender score.
Send relevant content. Segment audiences and re-engage inactive subscribers.
Authentication
Improper or missing SPF, DKIM, and DMARC records can lead to emails being flagged.
Ensure all authentication records are correctly set up and aligned.
Actionable steps for improvement
Given that your IPs are shared (managed by Iterable via Mailgun), communication with your email service provider (ESP) is critical. They are responsible for the overall health of their shared IP pools. If you're experiencing severe blocks despite SNDS showing green, it's likely due to other senders on the same shared IP affecting its reputation with Microsoft 365, or a specific issue with your sending practices that Microsoft's filters are picking up. The bounce message itself provides a direct link to the Microsoft support page for delisting requests.
Beyond contacting your ESP and delisting, focus on your internal processes. Even though account admins add users, you might need to educate them on best practices for adding legitimate recipients only. Consider implementing stricter validation or confirmation steps for newly added users, especially for high-volume transactional streams. This proactive approach can significantly boost email deliverability rates.
For ongoing issues, consider creating a dedicated feedback loop with your Microsoft 365 recipients. While Microsoft doesn't provide a direct feedback loop program for Office 365 like JMRP for consumer domains, you can monitor unsubscribe rates, bounces, and direct complaints more closely. This will give you a better real-time understanding of how your emails are being perceived and filtered within these critical business environments. Consistent monitoring and quick action are key to navigating the complexities of email deliverability issues in 2025 and beyond.
Example Microsoft 365 Bounce Message
5.7.606 Access denied, banned sending IP [69.72.36.93]. To request removal from this list please visit https://sender.office.com/ and follow the directions. For more information please go to http://go.microsoft.com/fwlink/?LinkID=526655 AS(1430)
Summary of key takeaways
Navigating Microsoft’s email filtering systems, especially for transactional emails, requires a more nuanced approach than simply checking SNDS. While SNDS offers a baseline for consumer-facing reputation, the intricacies of Microsoft 365 (Office 365) demand a deeper focus on list quality, user engagement, and prompt responses to bounce messages. Addressing these areas, often in collaboration with your email service provider, is essential to ensuring your critical transactional emails consistently reach their intended recipients.
Prioritizing strict list hygiene, monitoring bounce rates closely, and proactively managing sender reputation through direct delisting requests and ESP communication will pave the way for more reliable transactional email delivery on Microsoft 365. Remember that email deliverability is an ongoing effort, requiring continuous vigilance and adaptation to evolving filtering mechanisms.
Views from the trenches
Best practices
Implement a strict opt-in process for all recipients to ensure genuine engagement.
Regularly clean your email lists to remove inactive or bouncing addresses.
Monitor Microsoft 365 bounce messages closely and use their delisting portal.
Communicate proactively with your ESP about any persistent deliverability issues.
Common pitfalls
Relying solely on SNDS green status for Microsoft 365 deliverability.
Failing to address high bounce rates from new or unvalidated list segments.
Underestimating the impact of internal spam complaints from corporate users.
Assuming transactional emails are immune to reputation filtering.
Expert tips
Look beyond public blocklists; Microsoft 365 uses internal reputation systems.
Collaborate with account admins to enforce proper user addition protocols.
Focus on consistent positive engagement to build domain and IP reputation.
Utilize DMARC reports for deeper insights into authentication issues.
Expert view
Expert from Email Geeks says SNDS data does not reflect deliverability for Office 365 accounts, so it's not useful in troubleshooting issues for those domains. This is a common misconception.
2021-05-24 - Email Geeks
Expert view
Expert from Email Geeks says if you are seeing repeated access denied bounces, you need to delist your IP using the Microsoft Office 365 delisting portal. This is the first step to resolving the issue.
Microsoft 365 user has access to a 'this-is-spam' button, and frequent use of this button against your emails can severely damage your reputation, regardless of SNDS status. This feedback loop is a powerful signal to Microsoft's filters, leading to email blocks and a trip to the junk folder.
