What is IP access management?
IP Access Management is a security feature that allows you to control who can access your SendGrid account based on their IP address. After you allow an IP address, you can only access the SendGrid UI, API, and SMTP relay if you are connecting from an allowed IP address. Any access attempts from other IPs will be blocked. This is a powerful security tool that you can use to help prevent malicious activity on your account.
NOTE: It is possible to remove your own IP address from your list of allowed IP addresses, thus blocking your own access to your account. While we are able to restore your access, we do require thorough proof of your identify and ownership of your account. We take the security of your account very seriously and wish to prevent any bad actors from maliciously gaining access to your account.
If you do not access SendGrid via a static IP address (for example, via VPN or from a business internet service), setting up IP Access Management may result in being locked out of your SendGrid account. If you have locked yourself out of your account, please contact SendGrid Support.
Enable IP Access Management
There is no limit on the number of IP addresses you can allow. To enable IP Access Management and add allowed IP addresses, please follow these steps:
- Navigate to the Settings > IP Access Management in the Twilio SendGrid Dashboard
- Check a message that explains the IP Access Management under Allow Listed IP Addresses
- Click on Add IP Addresses. You can add one or more allowed IPs. IP Access Management will be enabled only once you add one or more IPs
- Check Recent Access Attempts, under this tab you will see a list of IPs that recently attempted to connect to your account, regardless of whether or not they are allowed addresses. You will also see some additional information about those IPs, such as the date of the first and most recent access attempt, the physical location of the IP, and the method by which they attempted to access your account.
-
Add IP addresses
- Click Add IP Addresses
- A dialog will appear. Check the two radio boxes to acknowledge that you understand this feature and select Confirm and Continue
- The Add IP Addresses menu will appear showing Your Current IP and a list of the Recently Accessed IPs.
- You can add recently accessed IPs by clicking the + next to the IP you wish to allow
- You can add all the listed recent addresses by clicking Add all to form below
- Any added IPs will appear in the table labeled IP addresses or ranges to add
- You can enter a single IP address or range of IP addresses that don't appear in your recently accessed list by clicking Manually add IPs
- A field labeled IP addresses or ranges to add: will appear
- Add your desired IP or range of IPs in CIDR notation. See the "Add a range of IP addresses" section of this page for more about CIDR notation and working with ranges. Separate individual IPs and ranges using either a comma, space, or new line
- Once you have added all your desired IP addresses, click Add <number> IPs at the bottom of the menu
- You will be returned to the Add IP Addresses menu. Your manually added IPs will now appear in the table labeled IP addresses or ranges to add
- Your IPs are now staged to be added. Click Save to finalize adding the addresses to your list of allowed IPs.
If you do not add your current IP address, you will be prompted to add it. Choosing not to add your current IP will terminate your session. You will then have to reconnect to your account from one of your allowed addresses.
-
Add a range of IP addresses
You can add a range of IP addresses using CIDR notation or a wildcard character.
To enter a range of IP addresses using CIDR notation:
- Navigate to the Settings > IP Access Management in the Twilio SendGrid Dashboard
- Click + Add IP Addresses
- The Add IP Addresses menu will appear. Click Manually add IPs
- A field labeled IP addresses or ranges to add will appear
- Enter your routing prefix followed by a
/
and the number of bits in your routing mask. For example:192.168.100.14/24
.
Explaining CIDR notation is beyond the scope of this article, and we only recommend that advanced users use this notation when allowing IPs. If you are unfamiliar with CIDR notation, we recommend that you enter each IP individually when allowing a range of IPs.
To enter a range of IP addresses using a wildcard character:
- Navigate to the Settings > IP Access Management in the Twilio SendGrid Dashboard
- Click + Add IP Addresses
- The Add IP Addresses menu will appear. Click Manually add IPs
- A field labeled IP addresses or ranges to add will appear
- Enter your IP followed by an asterisk. For example,
25.203.44.*
will include all IPs that begin with25.203.44
.
-
Add IP addresses from the Recent Access Attempts list
Once IP Access Management is enabled, you can add individual addresses from the Recent Access Attempts list to your list of allowed IPs.
- From the Settings > IP Access Management page, navigate to an address in the Recent Access Attempts list
- Click the action menu to the right of the address you want to allow and select Add To Allowed List.
-
Remove an allowed IP
- From the Settings > IP Access Management page, navigate to the Allow Listed IP Addresses list
- Click the action menu to the right of the allowed address you want to remove and select Remove From Allow List
- Another dialog will open asking you to confirm the removal. Select Remove IP to continue.
It is possible to remove your own IP address from your list of allowed addresses, thus blocking your own access to your account. While we are able to restore your access, we do require thorough proof of your identify and ownership of your account. We take the security of your account very seriously and wish to prevent any bad actors from maliciously gaining access to your account.
-
Disable IP Access Management
You can disable IP Access Management to reopen account access to any IP address and no longer maintain a list of allowed addresses.
- From the Settings > IP Access Management page, click Disable Allow List
- A dialog will open asking you to confirm the decision. Click Disable.
For additional information about using IP Access Management through our API, see our API Reference.