A comprehensive guide to Do Not Call registry compliance for lead generators, covering the National DNC Registry, eleven state registries, internal list management, and the operational systems that prevent $500-per-call liability.
Introduction: The 240 Million Numbers You Cannot Call
The National Do Not Call Registry contains over 240 million phone numbers. Each one represents a consumer who has explicitly stated they do not want telemarketing calls. Each call to one of those numbers, without a valid exemption, creates potential liability of $500 to $51,744 per violation – depending on whether federal or state enforcement applies.
For lead generators, DNC compliance is not optional. It is table stakes for operating legally in the telemarketing ecosystem.
The math is unforgiving. A calling campaign that accidentally contacts 1,000 registered numbers faces minimum federal exposure of $500,000. Under state laws with enhanced penalties, that figure can multiply. The Federal Trade Commission has brought enforcement actions resulting in judgments exceeding $100 million against robocallers and telemarketers who ignored DNC requirements.
This is not abstract regulatory theory. In 2024, the FTC and state attorneys general continued aggressive enforcement against DNC violators. The multi-state Anti-Robocall Litigation Task Force – comprising all 50 state attorneys general plus the District of Columbia – has issued cease-and-desist letters, pursued injunctions, and referred cases for criminal prosecution.
This guide covers everything lead generators need to know about DNC compliance in 2025: the federal registry, eleven state registries, internal DNC list requirements, exemptions, technology requirements, and the operational systems that keep you compliant at scale.
The Federal Do Not Call Registry
Origins and Structure
The National Do Not Call Registry was established in 2003 through a joint rulemaking between the Federal Trade Commission and the Federal Communications Commission. The FTC administers the registry under the Telemarketing Sales Rule (TSR), while the FCC enforces related provisions under the Telephone Consumer Protection Act (TCPA).
The registry operates as a centralized database of phone numbers belonging to consumers who have requested not to receive telemarketing calls. Registration is free, permanent (numbers remain on the registry until disconnected or removed by the consumer), and available to both landlines and mobile phones.
Current Registry Statistics (2024-2025)
The National DNC Registry continues to grow:
| Metric | Value |
|---|---|
| Total registered numbers | Over 240 million |
| Active registrations | Approximately 245 million as of 2024 |
| New registrations annually | 10-15 million |
| Registrations since inception | Over 280 million (includes churned numbers) |
The registry represents roughly 80% of all U.S. phone numbers in active use. The probability that any given consumer phone number is registered is high enough that calling without scrubbing is statistically reckless.
Legal Framework
The TSR and TCPA create overlapping but distinct DNC requirements.
FTC Telemarketing Sales Rule
The TSR applies to interstate telemarketing calls and prohibits calls to numbers on the National DNC Registry for the sale of goods or services. Telemarketers must access and scrub against the registry before calling, with the rule establishing a 31-day maximum interval for registry access. Civil penalties reach up to $51,744 per violation, adjusted annually for inflation.
FCC TCPA Rules
The TCPA rules apply to both interstate and intrastate calls, requiring entities making telemarketing calls to maintain procedures for DNC compliance. The statute creates a private right of action for consumers with $500-$1,500 statutory damages per violation and requires honoring internal DNC requests.
The distinction matters because FTC enforcement applies to business conduct (with civil penalties), while TCPA enforcement includes both FCC action and private lawsuits (with statutory damages). A single non-compliant call can trigger both regulatory penalty and private litigation.
Who Must Comply
The DNC rules apply to sellers and telemarketers in distinct but related ways. Sellers include any person or entity that provides, offers to provide, or arranges to provide goods or services to customers in exchange for consideration. Telemarketers encompass any person or entity that, in connection with telemarketing, initiates or receives telephone calls to or from a customer or donor.
Lead generators occupy a unique position. If you generate leads that result in telemarketing calls, you have compliance obligations – even if you never make the calls yourself. The TSR holds sellers responsible for their telemarketers’ conduct, and “assisting and facilitating” telemarketing violations creates derivative liability.
If you sell leads to buyers who make telemarketing calls, and those leads include DNC-registered numbers, you may face liability for assisting the resulting violations. The safe practice: scrub leads against the DNC registry before selling them, and contractually require buyers to perform their own scrubbing.
Exemptions from DNC Requirements
Several categories of calls are exempt from National DNC Registry restrictions.
Existing Business Relationship
Sellers may call consumers with whom they have an established business relationship – defined as a purchase, transaction, or inquiry within specified timeframes. Transaction-based EBR extends 18 months from the last purchase or transaction, while inquiry-based EBR lasts 3 months from the last inquiry or application. The EBR exemption applies only to the company that has the relationship. It does not transfer to affiliates or third parties without explicit consent.
Prior Express Written Consent
Consumers who provide valid TCPA-compliant consent may be called regardless of DNC registration. However, consent must meet all PEWC requirements – including clear disclosure, non-conditional terms, and proper documentation.
Non-Commercial Calls
Calls not made for commercial purposes – including charitable solicitations, political calls, and survey research – are exempt from the National DNC Registry restrictions. However, these calls may still be subject to other TCPA requirements.
Business-to-Business Calls
The DNC rules primarily protect consumers. Calls to businesses are generally not restricted by the National DNC Registry, though some states restrict B2B telemarketing.
Tax-Exempt Nonprofits
Calls by or on behalf of tax-exempt nonprofit organizations are exempt from the National DNC Registry requirements, though not from internal DNC obligations.
Accessing the Registry
Telemarketers must access the National DNC Registry through the FTC’s Telemarketing Sales Rule registration process.
Registration Requirements
To access the registry, you must register your organization at telemarketing.donotcall.gov and provide organization identification and contact information. Area code fees currently run $72 per area code, with a maximum annual fee of $20,829 for access to all area codes. Once registered, download registry data for all area codes in your calling footprint.
Access Frequency
You must download fresh registry data at least every 31 days. Many operations scrub more frequently – weekly or even daily – to minimize the exposure window during which newly registered numbers remain on calling lists. Each download includes all numbers registered since your previous access, ensuring you capture recent additions.
Data Retention
Registry data must not be used for any purpose other than DNC compliance. Retain data only as long as necessary for scrubbing purposes, and do not share registry data with third parties except as necessary for compliance operations.
Scrubbing Requirements
Before making telemarketing calls, you must compare your calling lists against the DNC registry.
Pre-Call Scrubbing
Every number on your calling list must be checked against current registry data no older than 31 days. Numbers that appear on the registry must be removed from calling lists unless an exemption applies. The scrubbing process must be documented for compliance purposes, creating an audit trail that demonstrates due diligence in the event of litigation or regulatory inquiry.
Safe Harbor Provisions
The TSR provides a safe harbor for sellers and telemarketers who can demonstrate comprehensive compliance efforts. To qualify, you must maintain written procedures for DNC compliance and train personnel on those procedures. You must have accessed the registry within the past 31 days and scrubbed calling lists against current registry data. Additionally, you must record and honor all DNC requests received from consumers.
Meeting safe harbor requirements does not immunize you from liability, but it demonstrates good faith compliance and may reduce penalties.
State Do Not Call Registries
The National DNC Registry is not the only game in town. Eleven states maintain their own Do Not Call registries with separate registration, scrubbing, and compliance requirements.
States with Separate DNC Registries
| State | Registry Administrator | Key Requirements |
|---|---|---|
| Colorado | Colorado Attorney General | Registration required; $2,000 per violation |
| Connecticut | Department of Consumer Protection | 9 AM-8 PM calling window |
| Indiana | Office of Attorney General | Separate registration and fees |
| Louisiana | Public Service Commission | No calls during emergencies or Mardi Gras |
| Massachusetts | Office of Consumer Affairs | Strict enforcement history |
| Missouri | Attorney General | Annual registration renewal |
| Oklahoma | Attorney General | Max 3 calls per 24 hours per subject |
| Pennsylvania | Office of Attorney General | Separate state list required |
| Tennessee | Division of Consumer Affairs | Coordination with National DNC |
| Texas | Office of Attorney General | Registration bond required |
| Wyoming | Secretary of State | Infrequent but active enforcement |
State Registry Compliance Requirements
Separate Subscription Required
Accessing the National DNC Registry does not give you access to state registries. Each state registry requires separate subscription, often with its own fees, access procedures, and renewal schedules. Budget for these additional costs when planning multi-state calling operations.
Data Format Considerations
State registry data may be delivered in formats different from the federal registry. Your scrubbing systems must handle multiple data formats, requiring either manual normalization or automated parsing that accommodates state-specific file structures.
Cumulative Suppression
State registries may contain numbers not on the National DNC Registry. Suppression must occur against both federal and applicable state lists. A number cleared against the National DNC Registry may still be registered on a state list, creating liability if you call without state-level scrubbing.
State-Specific Penalties
State DNC violations carry penalties under state law, often in addition to federal penalties. Some states impose higher per-violation amounts than federal rules, meaning the same call can generate both federal and state liability simultaneously.
Florida State DNC Considerations
While Florida does not maintain a separate state DNC registry, the Florida Telephone Solicitation Act (FTSA) creates enhanced DNC-related requirements. Understanding these state mini-TCPA laws is essential for compliance. Callers must honor internal DNC requests within 30 days, matching the federal standard, but violations of DNC requirements under FTSA carry $500-$1,500 statutory damages. Florida generated 330 TCPA/FTSA cases in 2024 – nearly 12% of all filings nationally.
The absence of a separate Florida registry does not reduce compliance burden. The FTSA’s private right of action makes Florida one of the highest-risk states for DNC litigation.
Texas DNC Requirements (Updated September 2025)
Texas Senate Bill 140, effective September 2025, significantly expanded state telemarketing requirements.
Businesses conducting telephone solicitation to or from Texas must register with the Secretary of State and post a $10,000 security bond. Texas maintains a state DNC list that must be suppressed against in addition to the National DNC Registry, creating a dual-scrubbing requirement for any operation calling Texas consumers.
Violations are actionable under the Texas Deceptive Trade Practices Act with potential treble damages for intentional violations. The law’s scope extends beyond voice calls to cover text messages, image messages, and other electronic transmissions – meaning SMS marketing campaigns face the same registration and suppression requirements as outbound calling.
Oklahoma DNC and Calling Restrictions
Oklahoma’s Telephone Solicitation Act (OTSA) combines state DNC requirements with operational restrictions that go beyond simple suppression.
Oklahoma maintains its own DNC list administered by the Attorney General’s office, requiring separate subscription and scrubbing. The state imposes call frequency limits of maximum three calls per 24-hour period to the same telephone number for the same goods or services – regardless of consent or DNC status. Holiday restrictions prohibit telephone solicitations on state or federal holidays, and telephone sellers must register with the Oklahoma Attorney General before conducting any solicitations to Oklahoma consumers.
Internal Do Not Call Lists
Beyond the National and state registries, federal law requires companies to maintain their own internal DNC lists.
Legal Requirements
The TCPA and TSR both require that companies making telemarketing calls honor requests from consumers not to receive future calls, maintain a record of those requests, and ensure that suppression is applied before subsequent calls.
When a consumer says “put me on your do not call list” or words to that effect, you are obligated to comply – regardless of whether they are on any external registry.
Processing Consumer Requests
Request Recognition
Internal DNC requests can be made in any reasonable manner. Common channels include verbal requests during a call, written requests by mail or email, text message opt-outs for SMS marketing, and web form submissions. You cannot limit consumers to a single method of requesting DNC status.
Processing Timeline
Federal rules require honoring internal DNC requests within 30 days, but the April 2025 FCC revocation rules tightened this to 10 business days for opt-out requests. Best practice is to process requests within 24-48 hours to minimize exposure and demonstrate good faith compliance.
Scope of Suppression
Internal DNC requests apply to the specific company receiving the request. Requests do not automatically extend to affiliates or related companies unless explicitly stated by the consumer. Some consumers request DNC status for all marketing – document and honor the scope as stated, treating ambiguous requests conservatively.
Documentation Requirements
For each internal DNC request, capture and retain essential information: the date and time of the request, the method used (phone, email, text, or other channel), the phone number or numbers to be suppressed, the consumer name if provided, the scope of the request if specified (such as “all marketing” versus “this product only”), and confirmation that suppression was applied.
Retain internal DNC records for at least five years after the last contact with that consumer. This documentation becomes critical in litigation when consumers claim they requested DNC status but continued receiving calls.
Integration with Calling Systems
Internal DNC lists must be integrated with your dialing infrastructure.
Real-Time Suppression
Before any outbound call is placed, the system should verify the number is not on your internal DNC list. Post-dial suppression is too late – the call attempt itself may constitute a violation. Your dialing platform must check against internal DNC data in real time, not batch-process suppressions after campaigns launch.
Cross-System Synchronization
If you use multiple calling platforms, CRMs, or dialing systems, internal DNC status must synchronize across all of them. A consumer who opts out through your website should be suppressed in your call center the same day. Data silos create compliance gaps that become litigation exposure.
Affiliate Coordination
If you share leads or calling lists with affiliates, establish procedures for sharing DNC status. A consumer who opts out from Company A should not receive calls from Company B if the companies share calling lists. Document these sharing arrangements and ensure bidirectional DNC updates.
The April 2025 FCC Revocation Rules
The FCC’s April 2025 revocation rules significantly changed how companies must handle opt-out requests. These rules affect both internal DNC processing and broader consent management.
Key Requirements
Ten Business Day Processing
Companies must honor revocation requests within ten business days of receipt, significantly tightening the previous 30-day standard. This compressed timeline requires operational changes to ensure requests flow from intake to suppression within the window.
Any Reasonable Method
Consumers may revoke consent (which includes requesting DNC status) through “any reasonable manner that clearly expresses a desire not to receive further calls or text messages.” You cannot designate an exclusive method of revocation. Attempting to force consumers through a specific channel creates compliance risk.
Keyword Recognition
The FCC identified specific keywords that constitute automatic revocation when received via text message: “stop,” “quit,” “revoke,” “opt out,” “cancel,” “unsubscribe,” and “end.” These trigger immediate revocation obligations – your SMS platform must recognize these keywords and process suppression automatically.
Ambiguous Requests
When consumer intent is unclear, the safer approach is to treat the communication as a revocation. “I’m not interested” may not be a clear DNC request, but “don’t call me again” is. Train staff and configure systems to err on the side of suppression when doubt exists.
Confirmation Messages
Companies may send a one-time confirmation message after receiving an opt-out request, but strict conditions apply. The confirmation must be sent within five minutes of the opt-out request and cannot include any marketing content. If consent existed for multiple message categories, the confirmation may request clarification about which categories the consumer wishes to opt out of. However, if the consumer does not respond to the clarification request, revocation applies to all categories by default.
Practical Implementation
To comply with the ten-business-day requirement, configure your messaging platforms to automatically recognize opt-out keywords and process suppression without manual intervention. Establish escalation procedures for ambiguous requests that require human review, ensuring these are triaged quickly rather than languishing in a queue. Ensure opt-out status propagates to all calling and texting systems within the ten-day window through automated synchronization. Finally, log the date of request and date of suppression to create audit trails that demonstrate timely compliance.
Technology Requirements for DNC Compliance
DNC compliance at scale requires technology infrastructure that automates suppression and maintains audit trails.
Core Technology Components
DNC Database Management
Your technology stack requires a central repository for National DNC, state DNC, and internal DNC data. This system must support automated ingestion of registry updates, maintain normalized data formats for efficient matching, and provide redundancy and backup for compliance continuity. Without a unified database, you risk gaps where numbers slip through scrubbing processes.
Real-Time Scrubbing Engine
The scrubbing engine performs pre-dial verification of every number against all applicable DNC sources. It must deliver sub-second response times for high-volume operations and support configurable rules for exemption handling, including EBR, consent, and B2B exemptions. Most critically, it must provide hard blocks that prevent non-compliant calls from being placed rather than just flagging them for manual review.
Audit Trail and Logging
Compliance documentation requires complete logs of all scrub requests and results, documentation of registry access dates, records of internal DNC additions with processing dates, and exportable reports for litigation defense. When a consumer claims they were called after requesting DNC status, your audit trail must reconstruct exactly what happened.
Integration Layer
The technology must connect to your CRM, dialing platform, and lead management systems through APIs. Webhook support enables real-time opt-out propagation, and batch import/export capabilities support list management workflows. Disconnected systems create compliance gaps.
Commercial DNC Solutions
Several vendors provide integrated DNC compliance services. Many operations also use litigator scrubbing services alongside DNC databases to further reduce litigation exposure.
DNCScrub (Contact Center Compliance) offers comprehensive suppression covering federal and state registries, internal DNC management, and litigator databases, with both real-time API access and batch processing capabilities. DNC.com provides registry access and suppression services with compliance reporting and documentation features. Gryphon Networks delivers an enterprise compliance platform with real-time call blocking, DNC management, and regulatory change monitoring. TeleSign offers number validation and DNC screening integrated with identity verification.
When evaluating vendors, assess their coverage of all eleven state registries plus the National DNC, their update frequency for registry data, and their real-time API performance at your call volume. Audit trail capabilities matter for litigation defense, as does integration with your existing technology stack. Compare cost structures carefully – per-lookup pricing may favor lower-volume operations while subscription models work better at scale.
Integration Architecture
Effective DNC compliance requires integration across your entire calling infrastructure:
Lead Capture → Lead Validation → DNC Scrub → Lead Distribution → Pre-Dial Verification → Call Placement
↓ ↓ ↓
Consent Capture Suppression Internal DNC Real-Time
Documentation Decision Check BlockEvery stage includes DNC checkpoints. A lead that passes initial DNC scrubbing might still fail at pre-dial verification if the consumer registered after lead capture or submitted an internal DNC request.
Penalties and Enforcement
Federal Penalties (FTC)
The FTC enforces DNC violations under the Telemarketing Sales Rule with civil penalties of up to $51,744 per violation, adjusted annually for inflation. Penalties apply per call to a DNC-registered number without exemption.
The FTC has brought hundreds of enforcement actions against DNC violators, with judgments routinely exceeding $1 million and some exceeding $100 million. In addition to penalties, the FTC may seek disgorgement of profits derived from unlawful telemarketing, stripping violators of financial gains beyond the penalty amount.
Federal Penalties (FCC)
The FCC enforces DNC violations under the TCPA through forfeiture penalties, though consumer complaints more commonly result in private litigation than FCC action. The FCC has increased pressure on voice service providers to block robocall traffic, creating additional consequences for non-compliant callers who may lose access to telephone services entirely – a business-ending outcome for operations dependent on outbound calling.
Private Right of Action (TCPA)
The TCPA’s private right of action creates the most immediate litigation risk. Statutory damages run $500 per violation for calls to DNC-registered numbers without exemption, increasing to $1,500 per violation if the court finds the violation was willful or knowing. The FCC continues aggressive enforcement against violators. There is no aggregate limit on TCPA damages, meaning class actions involving thousands of calls can create exposure in the millions.
DNC violation claims are frequently pursued as class actions, with plaintiffs seeking to represent all consumers who received similar calls. Class certification is common in TCPA litigation. Prevailing plaintiffs typically recover attorney’s fees, which can exceed statutory damages in smaller cases – making even individual claims attractive to the plaintiffs’ bar.
State Attorney General Enforcement
State attorneys general have become increasingly aggressive in telemarketing enforcement. All 50 state attorneys general plus the District of Columbia participate in the Anti-Robocall Litigation Task Force, which coordinates investigations, shares information, and pursues joint enforcement actions.
Some states impose penalties that exceed federal amounts. New York’s maximum per-call penalty is $20,000, and Montana’s mini-TCPA includes no penalty cap. Egregious telemarketing violations may result in criminal referrals – the FTC and state attorneys general have referred cases to the Department of Justice for wire fraud and other criminal charges.
Real Enforcement Examples
Recent enforcement actions demonstrate the real-world consequences.
In 2017, the FTC and four state attorneys general secured a $280 million judgment against Dish Network for DNC violations – one of the largest telemarketing enforcement actions in history. In 2024, multiple enforcement actions targeted lead generators and their affiliate telemarketers for DNC violations in the mortgage vertical, with combined penalties exceeding $50 million. The FTC pursued multiple actions against healthcare robocallers selling Medicare and health insurance products in 2024-2025, citing widespread DNC violations among other charges.
Building a DNC Compliance Program
Sustainable DNC compliance requires more than technology. It requires policies, training, monitoring, and continuous improvement.
Policy Development
Document written policies covering the core areas of DNC compliance.
Registry Access and Scrubbing
Your policy should establish a schedule for downloading National DNC Registry data no less frequently than every 31 days, along with procedures for accessing applicable state registries. Define the process for scrubbing calling lists before campaigns launch and the verification procedures to confirm scrubbing occurred before any dialing begins.
Internal DNC Processing
Document the methods by which consumers can request internal DNC status, including all accepted channels. Establish a timeline for processing requests that targets 24-48 hours with a maximum of 10 business days. Include procedures for documenting requests and requirements for cross-system synchronization to ensure suppression applies across all platforms.
Exemption Handling
Specify criteria for applying the EBR exemption, including required transaction dates and inquiry dates. Define requirements for consent-based exemption including PEWC documentation standards. Establish verification procedures that must be completed before any exemption is applied, and document the record-keeping requirements for exemption decisions.
Monitoring and Audit Policies
Set a regular audit schedule for DNC compliance, define sampling procedures for verification, and establish escalation procedures for identified violations. Include corrective action protocols that specify how to remediate compliance gaps once discovered.
Training Requirements
All personnel involved in telemarketing should receive DNC training.
Initial Training
Initial training should cover DNC legal requirements and penalties, company-specific policies and procedures, how to recognize and process DNC requests, exemption criteria and documentation requirements, and escalation procedures for questions. New hires should complete this training before participating in any calling activities.
Refresher Training
Refresher training should occur at least annually, whenever policies or regulations change, and when compliance issues are identified. Keep training current with regulatory developments – the April 2025 FCC revocation rules, for example, required immediate training updates for affected personnel.
Training Documentation
Maintain records of training completion for all personnel. Include DNC training in new hire onboarding checklists and document acknowledgment of policy review. These records become evidence of your compliance program in litigation.
Monitoring and Audit
Regular monitoring catches problems before they become lawsuits.
Real-Time Monitoring
Track DNC scrub rejection rates to understand what percentage of your calling lists are being suppressed. Monitor for calls that bypass scrubbing controls – these represent immediate compliance failures. Alert on internal DNC requests not processed within SLA to catch processing delays before they become violations.
Periodic Audits
Conduct audits on a regular schedule. Monthly, sample calling records to verify DNC scrubbing occurred for all campaigns. Quarterly, audit your internal DNC list for completeness and processing timeliness. Annually, conduct a full compliance review including policy currency, training completion, and technology effectiveness.
Complaint Analysis
Track all DNC-related complaints received through any channel. Investigate root causes of complaints to determine whether they represent systemic failures or isolated incidents. Implement corrective actions for identified issues and document both the findings and the remediation.
Vendor Management
If you use third parties for calling or lead generation, DNC compliance extends to their activities.
Conduct due diligence to verify vendors have adequate DNC compliance programs before engagement. Include DNC compliance obligations, audit rights, and indemnification provisions in vendor agreements. Regularly verify vendor compliance through audits and complaint monitoring – do not assume compliance continues after initial verification. Establish procedures for handling DNC violations by vendors, including notification requirements, investigation protocols, and remediation expectations. Vendor failures become your liability if you failed to exercise appropriate oversight.
Compliance Checklist for Lead Generators
Use this checklist to verify your DNC compliance program:
Registry Access and Scrubbing
- National DNC Registry subscription is current
- Registry data is downloaded at least every 31 days
- State registry subscriptions are current for all applicable states (11 states)
- All calling lists are scrubbed before dialing
- Scrubbing occurs against all applicable registries (federal + state)
- Technology provides real-time pre-dial verification
- Audit trails document scrubbing for each calling session
Internal DNC Management
- Multiple channels accept internal DNC requests (phone, email, text, web)
- Opt-out keywords are automatically recognized and processed
- Requests are processed within 10 business days (April 2025 requirement)
- Internal DNC data synchronizes across all calling systems
- Request documentation includes date, method, scope, and processing date
- Records are retained for at least 5 years
Exemption Management
- EBR exemptions are documented with transaction/inquiry dates
- Consent exemptions are supported by PEWC documentation
- Exemption criteria are verified before calling DNC-registered numbers
- Exemption documentation is retrievable for litigation defense
Technology and Integration
- DNC technology integrates with all calling platforms
- Real-time lookup performance meets volume requirements
- Audit logs capture all DNC decisions
- System prevents calls that fail DNC verification
- Vendor relationships are documented and monitored
Policies and Training
- Written DNC compliance policies are current
- All relevant personnel have completed DNC training
- Training records are maintained
- Policies are reviewed and updated at least annually
- Regulatory changes are incorporated promptly
Monitoring and Response
- Regular audits verify DNC compliance
- Complaints are tracked and investigated
- Corrective actions are implemented and documented
- Incident response procedures are established
Frequently Asked Questions
1. What is the National Do Not Call Registry and how does it work?
The National Do Not Call Registry is a database of over 240 million phone numbers belonging to consumers who have requested not to receive telemarketing calls. The registry is maintained by the Federal Trade Commission and is free for consumers to use. Telemarketers must subscribe to the registry, download the data at least every 31 days, and suppress all registered numbers from their calling lists before making telemarketing calls. Violations carry penalties of up to $51,744 per call from the FTC and $500-$1,500 per call in private litigation under the TCPA.
2. How often must I update my DNC data from the National Registry?
The Telemarketing Sales Rule requires accessing the National DNC Registry no less frequently than every 31 days. However, many operations scrub more frequently – weekly or even daily – to reduce the window during which newly registered numbers remain on calling lists. The more frequently you update, the lower your exposure to calls to recently registered consumers.
3. Which states have their own Do Not Call registries separate from the National Registry?
Eleven states maintain separate Do Not Call registries: Colorado, Connecticut, Indiana, Louisiana, Massachusetts, Missouri, Oklahoma, Pennsylvania, Tennessee, Texas, and Wyoming. If you make telemarketing calls to consumers in these states, you must scrub against both the National DNC Registry and the applicable state registry. State registries have their own subscription requirements, fees, and access procedures.
4. What is an internal Do Not Call list and am I required to maintain one?
Yes. Both the TCPA and the Telemarketing Sales Rule require companies making telemarketing calls to maintain internal DNC lists. When a consumer requests not to receive calls from your company, you must add them to your internal list and suppress future calls to that number. The April 2025 FCC rules require processing opt-out requests within 10 business days. Internal DNC lists are company-specific – they apply to calls from your organization but do not affect calls from unrelated companies.
5. What exemptions allow calling numbers on the DNC Registry?
Several exemptions permit calling DNC-registered numbers: (1) Existing Business Relationship – you may call consumers who have purchased from you within 18 months or inquired within 3 months; (2) Prior Express Written Consent – consumers who provide valid TCPA-compliant consent may be called regardless of DNC status; (3) Non-commercial calls including charitable solicitations, political calls, and surveys; (4) Business-to-business calls, which are generally not restricted by the consumer DNC rules; (5) Calls by or on behalf of tax-exempt nonprofit organizations. Exemptions must be documented and verifiable.
6. What are the penalties for calling a number on the Do Not Call Registry?
Federal penalties include up to $51,744 per violation from FTC enforcement (adjusted annually for inflation). Private litigation under the TCPA provides $500 per violation, increasing to $1,500 for willful violations, with no cap on aggregate damages. State laws may impose additional penalties – New York allows up to $20,000 per violation, and Montana has no penalty cap. Class actions can create exposure in the millions of dollars for high-volume violators.
7. How do the April 2025 FCC revocation rules affect DNC compliance?
The April 2025 FCC rules require companies to honor opt-out and revocation requests within 10 business days through any reasonable method. This affects internal DNC processing by shortening the previous 30-day standard. Specific keywords received via text – “stop,” “quit,” “revoke,” “opt out,” “cancel,” “unsubscribe,” and “end” – trigger immediate revocation obligations. Companies must synchronize opt-out status across all calling and texting systems within this window.
8. How do state mini-TCPA laws like Florida’s FTSA affect DNC compliance?
State mini-TCPA laws add requirements beyond federal DNC rules. Florida’s FTSA, for example, requires honoring internal DNC requests within 30 days, provides a private right of action with $500-$1,500 statutory damages, and applies to calling hours of 8 AM to 8 PM (narrower than federal 8 AM-9 PM). Oklahoma’s OTSA adds call frequency limits of three per 24 hours and holiday calling restrictions. Violations of state laws create liability independent of federal exposure, effectively doubling potential damages.
9. What technology is required for DNC compliance at scale?
Effective DNC compliance requires: (1) Centralized DNC database management for National, state, and internal lists; (2) Real-time pre-dial scrubbing engine with sub-second response times; (3) Audit trail logging documenting every scrub decision; (4) Integration with CRM, dialing platforms, and lead management systems; (5) Automated recognition and processing of opt-out keywords. Commercial solutions like DNCScrub, DNC.com, and Gryphon Networks provide integrated compliance services. The cost of technology is a fraction of a single class action settlement.
10. How should lead generators handle DNC compliance when selling leads to buyers?
Lead generators should: (1) Scrub leads against the National DNC Registry and applicable state registries before selling; (2) Include DNC status in lead data transmitted to buyers; (3) Require contractually that buyers perform their own DNC scrubbing; (4) Provide mechanisms for consumers to opt out of lead marketing; (5) Process internal DNC requests that apply to lead generation activities. Selling leads containing DNC-registered numbers without disclosure may constitute “assisting and facilitating” telemarketing violations, creating derivative liability.
Key Takeaways
-
The National DNC Registry contains over 240 million phone numbers – roughly 80% of all U.S. phone numbers. Calling without scrubbing is statistically reckless and legally indefensible.
-
You must access the National DNC Registry at least every 31 days and scrub all calling lists before dialing. Many operations scrub weekly or daily to minimize exposure windows.
-
Eleven states maintain separate DNC registries with their own subscription requirements and fees: Colorado, Connecticut, Indiana, Louisiana, Massachusetts, Missouri, Oklahoma, Pennsylvania, Tennessee, Texas, and Wyoming.
-
Internal DNC lists are mandatory – you must honor consumer requests not to receive calls within 10 business days under April 2025 FCC rules, document requests, and suppress across all calling systems.
-
Penalties are severe: up to $51,744 per violation from FTC enforcement, $500-$1,500 per violation in private TCPA litigation, with no cap on aggregate damages. The Anti-Robocall Litigation Task Force coordinates enforcement across all 50 states.
-
Exemptions exist but require documentation: Existing Business Relationship (18-month transaction, 3-month inquiry), Prior Express Written Consent, and non-commercial calls are exempt – but only with proper documentation.
-
Technology investment pays for itself: Real-time DNC scrubbing, audit trails, and cross-system synchronization cost thousands; class action settlements cost millions. The math is straightforward.
-
State mini-TCPAs multiply compliance complexity: Florida’s FTSA, Oklahoma’s OTSA, Texas SB 140, and others add calling hour restrictions, frequency limits, and enhanced penalties beyond federal requirements.
Building Sustainable Compliance
DNC compliance is not a one-time project. It is ongoing operational infrastructure that protects your business from liability that can exceed your annual revenue.
The companies that survive in the lead generation and telemarketing space are those that treat DNC compliance as core business architecture – not a legal checkbox to be minimized. They invest in technology, train their personnel, document their practices, and continuously monitor for compliance gaps.
The alternative – cutting corners, scrubbing infrequently, ignoring state registries, or treating internal DNC requests casually – creates compounding liability. Every call to a DNC-registered number adds to your exposure. The four-year TCPA statute of limitations means violations accumulate until a class action materializes.
The math is unforgiving. The choice is clear.
This article provides general information about Do Not Call compliance. It is not legal advice. DNC requirements evolve through regulatory action, legislation, and court interpretation. Consult qualified legal counsel familiar with telemarketing law for guidance on your specific situation.
Statistics and regulatory information current as of December 2025. Sources include FTC regulatory filings, state registry data, and industry compliance resources.