A comprehensive guide to the Telephone Consumer Protection Act requirements for text message marketing – covering consent standards, revocation rules, state-specific requirements, and compliance strategies for lead generation professionals.
Introduction: The $500 Text Message
A text message costs approximately $0.01 to send. A non-compliant text message costs $500 to $1,500 in statutory damages. That ratio – 50,000:1 to 150,000:1 – explains why SMS marketing compliance has become existential for lead generation businesses.
In the first quarter of 2025 alone, 507 TCPA class actions were filed – a 112% increase over the same period in 2024. Nearly 80% of all TCPA lawsuits are now filed as class actions. The average settlement exceeds $6.6 million. Text message claims represent a growing share of this litigation as SMS has become a primary marketing channel.
The Telephone Consumer Protection Act applies to text messages with the same force it applies to phone calls. Every compliance requirement for automated calling – prior express written consent, calling hour restrictions, revocation handling, seller identification – applies equally to SMS marketing. The statutory damages are identical. The class action dynamics are identical. The plaintiff bar’s enthusiasm for pursuing these claims is identical.
This guide covers everything lead generation professionals need to understand about TCPA compliance for text message marketing. From the foundational requirements to state-specific variations, from consent capture to revocation handling, from documentation to litigation defense – the complete framework for SMS marketing that generates revenue without generating lawsuits.
How the TCPA Applies to Text Messages
Text Messages Are “Calls” Under the TCPA
Courts have consistently held that text messages constitute “calls” under the Telephone Consumer Protection Act. The statutory prohibition on using an automatic telephone dialing system to make any call to a wireless number without consent applies to SMS messages sent through automated platforms.
The Federal Communications Commission confirmed this interpretation in multiple rulings. The reasoning is straightforward: the TCPA restricts communications made using automated technology to wireless numbers, and text messages sent through marketing platforms meet that definition regardless of whether they involve voice communication.
This means every TCPA requirement you have learned about phone calls applies to text messages. Marketing texts require prior express written consent, while informational messages require prior express consent. Calling hour restrictions limit messages to between 8:00 a.m. and 9:00 p.m. in the recipient’s local time zone under federal law, with narrower windows in some states. Do Not Call list suppression applies to marketing messages, and revocation requests must be honored within 10 business days. Seller identification requirements apply to consent disclosures just as they do for phone solicitations.
The ATDS Question for SMS Platforms
The definition of “automatic telephone dialing system” (ATDS) has been heavily litigated in the text message context. Following the Supreme Court’s 2021 decision in Facebook v. Duguid, an ATDS must use a random or sequential number generator to store or produce phone numbers. Systems that simply send messages to stored lists without random generation may not qualify as ATDS under federal law.
However, this does not eliminate SMS compliance obligations.
Prerecorded Message Provisions Operate Independently
While the Duguid decision narrowed ATDS liability, SMS marketing typically involves automated messaging that may trigger consent requirements regardless of ATDS status.
State Laws Use Broader Definitions
Florida’s Telephone Solicitation Act and other state mini-TCPAs often define automated systems more broadly than the post-Duguid federal standard. An SMS platform that escapes federal ATDS liability may still trigger state liability.
Most Marketing SMS Platforms Qualify as Automated Systems
The technology infrastructure behind mass text messaging – API integrations, scheduled sending, automated responses – typically constitutes automated technology requiring consent. The conservative approach for SMS marketing is to assume consent requirements apply. Relying on the Duguid narrowing as a complete defense creates unnecessary risk when the cost of proper consent capture is minimal compared to litigation exposure.
Statutory Damages for SMS Violations
The TCPA’s private right of action applies to text messages with the same damages structure as phone calls. Each non-compliant text message carries $500 in statutory damages, increasing to $1,500 per violation if the court finds the violation was willful or knowing. There is no cap on aggregate damages, and the statute of limitations extends four years.
The math compounds quickly. An SMS campaign sending 10,000 messages with a consent defect creates $5 million to $15 million in potential exposure. A monthly campaign of 50,000 texts with 1% non-compliance generates 500 potentially actionable messages per month – 6,000 over a year, representing $3 million to $9 million in exposure for a single calendar year of activity.
Class certification is common in SMS cases. When a text message campaign uses consistent messaging and consent practices across recipients, courts often find the commonality requirements for class treatment satisfied. A single plaintiff’s lawsuit can represent thousands or millions of text recipients.
Prior Express Written Consent for SMS Marketing
The Six Required Elements
Prior express written consent (PEWC) is the foundational requirement for SMS marketing. The FCC’s regulations at 47 CFR § 64.1200(f)(9) establish six elements that valid consent must include:
1. Written Agreement
The consent must be documented in writing. Electronic signatures satisfying the E-SIGN Act (Electronic Signatures in Global and National Commerce Act) qualify, but this intersection creates additional requirements discussed below. A checkbox on a web form, a typed confirmation, or a digital signature can constitute a written agreement if properly implemented.
2. Signature of the Person
The individual who will receive the text messages must have signed the consent. This signature requirement is met through affirmative action – checking a box, clicking a button, or providing a digital signature. Passive consent mechanisms where a consumer fails to uncheck a pre-selected box do not satisfy this requirement.
3. Clear Authorization for Text Messages
The consent language must explicitly authorize text messages. Generic language like “I agree to be contacted” is insufficient. The disclosure must specifically state that the consumer is authorizing text messages (and calls, if applicable) using automated technology.
4. Identification of Specific Phone Number
The consent must identify the exact telephone number to which text messages will be sent. This typically means the phone number field on the form where the consumer enters the number for which they are providing consent.
5. Not a Condition of Purchase
Consent cannot be required as a condition of purchasing goods or services. The consumer must be able to complete the transaction or receive the service without providing marketing consent. This requirement prevents companies from burying consent in mandatory terms of service that cannot be declined.
6. Clear and Conspicuous Disclosure
The consent language must be “apparent to a reasonable consumer” – not buried in fine print, hidden behind multiple hyperlinks, or obscured by surrounding content. The disclosure should be prominently displayed in proximity to the consent mechanism.
Sample Compliant Consent Language
Effective consent language for SMS marketing addresses all six required elements:
By clicking “Submit,” I provide my electronic signature and give prior express written consent to receive marketing text messages from [Specific Company Name] at the phone number I have provided. I understand that message and data rates may apply, and that I may receive automated text messages about [products/services]. I understand that consent is not a condition of purchase. Reply STOP to opt out at any time.
This language works because it explicitly authorizes “text messages” rather than using vague contact terminology. It identifies the specific company that will send messages, clearly states that consent is not a purchase condition, includes the standard carrier disclaimer about message and data rates, and provides clear opt-out instructions.
For lead generation operations where leads may be sold to multiple buyers, the consent language must identify all parties who may send messages or provide a mechanism for dynamic disclosure. The January 2025 vacatur of the FCC’s one-to-one consent rule does not eliminate the need for seller identification – consent must still clearly authorize the parties who will contact the consumer.
The E-SIGN Overlay
When consent is captured electronically – as it typically is in lead generation – the federal E-SIGN Act creates additional requirements that courts have increasingly recognized.
In Bradley v. Dentalplans.com (D. Md. 2024) and similar cases, courts have held that because the TCPA requires “written” consent with specific disclosures, obtaining that consent electronically triggers E-SIGN’s consumer disclosure and consent requirements.
E-SIGN Consumer Disclosure
Before obtaining electronic consent to receive marketing text messages, the consumer must receive a disclosure about electronic records and signatures. This disclosure must explain that the consumer is agreeing to receive records electronically rather than in paper form.
E-SIGN Consent
The consumer must consent to receive required disclosures electronically, separate from their TCPA consent. This creates a two-step consent architecture where E-SIGN consent precedes or accompanies TCPA consent.
Hardware/Software Disclosure
The consumer must be informed of the hardware and software requirements to access electronic records. While this may seem like a formality, courts have invalidated electronic consent where this disclosure was missing.
The practical implication is that electronic TCPA consent captured without E-SIGN compliance may be unenforceable. For lead generators obtaining consent through web forms, this requires careful structuring of the consent flow to address both TCPA and E-SIGN requirements.
Documentation and Verification
Proving consent requires documentation sufficient to withstand litigation discovery and courtroom scrutiny. The burden of proof rests with the sender – if you cannot prove consent existed at the time of the text message, courts will presume non-compliance.
Essential Documentation for Every Lead
Every lead requires a consent timestamp recording the exact date and time consent was provided, in a format that cannot be manipulated post-hoc. The IP address from which the consent was submitted establishes that a real person (not a bot) provided consent. You must capture the exact disclosure language shown to the consumer, including any seller identifications, along with evidence of the affirmative action taken – whether checkbox selection, button click, or signature. The specific phone number for which consent was granted must be documented, along with the URL of the consent page and relevant form configuration. Session recording or replay provides visual evidence of the consumer’s interaction with the form, which can prove invaluable in litigation.
Third-Party Verification
Third-party verification through services like TrustedForm or Jornaya’s TCPA Guardian has become industry standard. These services provide independent documentation that can be presented in litigation as evidence of consent.
However, a verification certificate does not guarantee compliance. The certificate documents what happened – it does not ensure that what happened was compliant. If the underlying disclosure was deficient, the seller was not identified, or consent was a condition of purchase, the certificate documents the problem rather than solving it.
Retrieve and review certificates before contacting leads. Validate that the consent language meets requirements and that your company was properly identified in the disclosure.
Retention Period
The four-year TCPA statute of limitations means consent documentation should be retained for at least four years after the last contact made pursuant to that consent. Industry best practice is five years or longer to account for litigation filed near the end of the limitations period.
SMS Timing and Calling Hour Restrictions
Federal Time-of-Day Requirements
The TCPA prohibits telephone solicitations – including marketing text messages – before 8:00 a.m. or after 9:00 p.m. in the recipient’s local time zone. This restriction applies to all marketing texts regardless of consent status.
The critical principle: recipient local time, not sender time.
A text message sent at 9:30 a.m. Eastern from a New York operation to a consumer in California arrives at 6:30 a.m. Pacific – an illegal message under federal law. The sender’s location is irrelevant; the recipient’s timezone controls.
State Variations on Calling Hours
Several states impose narrower windows than the federal standard:
| State | Permitted Hours | Difference from Federal |
|---|---|---|
| Florida | 8:00 AM – 8:00 PM | 1 hour narrower (evening) |
| Maryland | 8:00 AM – 8:00 PM | 1 hour narrower (evening) |
| Connecticut | 9:00 AM – 8:00 PM | 1 hour narrower (morning), 1 hour narrower (evening) |
| Texas | 9:00 AM – 9:00 PM Mon-Sat; 12:00 PM – 9:00 PM Sunday | Morning restriction, Sunday restriction |
| Oklahoma | 8:00 AM – 9:00 PM | Matches federal, but holiday restrictions apply |
For national SMS campaigns, the practical effect is that an 8:30 p.m. message to a Florida consumer – compliant under federal law – violates Florida’s Telephone Solicitation Act. A 9:00 a.m. message to a Connecticut consumer – compliant under federal law – may violate Connecticut requirements.
Time Zone Determination Challenges
Determining the recipient’s actual time zone creates operational complexity, particularly for mobile numbers:
Area Codes Are Unreliable
Mobile number portability means a 212 (New York) area code may belong to someone living in California. An 808 (Hawaii) number may belong to someone who relocated to Florida. Area code-based time zone determination produces errors.
Better Approaches
More reliable methods include capturing ZIP code at lead submission and mapping to time zone, using billing address from payment data if available, or employing commercial time zone lookup services that consider multiple data points. When uncertain, use a conservative window that falls within legal hours across all scenarios.
Safe Window When Uncertain
If you cannot reliably determine recipient location, the safest window is 11:00 a.m. to 7:00 p.m. Eastern Time. This window falls within legal hours across all U.S. time zones, including the narrowest restrictions. Some operations use 12:00 p.m. to 6:00 p.m. Eastern for additional margin.
State Holiday Restrictions
Federal law does not prohibit marketing communications on holidays. Several states do:
| State | Restricted Holidays |
|---|---|
| Alabama | All state holidays, Jefferson Davis Day, Confederate Memorial Day |
| Louisiana | Mardi Gras, all DNC-designated holidays |
| Oklahoma | State and federal holidays |
| Utah | Pioneer Day (July 24) |
| Pennsylvania | All legal state holidays |
A text message sent on Pioneer Day to a Utah consumer, or on Mardi Gras to a Louisiana consumer, creates liability even if the message would otherwise be compliant. Your SMS platform must track state holidays beyond the standard federal calendar.
State of Emergency Restrictions
Louisiana and New York prohibit marketing communications during declared states of emergency. A hurricane, wildfire, or public health emergency triggers these restrictions with little advance notice.
For national SMS operations, this creates a monitoring obligation: track active emergency declarations in states where you send messages and suppress marketing texts to affected areas during declared emergencies.
Revocation and Opt-Out Requirements
The April 2025 Revocation Rules
The FCC’s April 2025 revocation rules fundamentally changed how companies must handle consent withdrawal for text messages. Understanding and implementing these requirements is essential to SMS compliance.
Any Reasonable Method
Consumers may revoke consent through “any reasonable manner that clearly expresses a desire not to receive further calls or text messages.” Companies may not designate an exclusive means of revocation that precludes other reasonable methods.
The FCC identified seven specific keywords that constitute definitive revocation when received via text message: STOP, QUIT, REVOKE, OPT OUT, CANCEL, UNSUBSCRIBE, and END. These terms trigger immediate revocation obligations regardless of other language in the consumer’s message. A reply of “STOP PLEASE” or “Please cancel these texts” must be honored as revocation.
However, the requirement extends beyond these keywords. Any communication that reasonably conveys intent to stop receiving messages must be honored. “No more texts,” “Leave me alone,” or “I didn’t ask for this” may require interpretation, but treating ambiguous communications as revocations is the safer approach.
Ten Business Day Processing Window
Companies must honor revocation requests within ten business days of receipt. This represents a significant tightening from prior practice where thirty-day windows were common.
The ten-day requirement creates operational urgency. If a consumer texts “STOP” on Monday and receives another marketing message on day eleven, you have a violation. Your SMS platform must support real-time or near-real-time opt-out processing, not batch processing that takes weeks to propagate.
Scope of Revocation
The FCC granted a partial waiver delaying certain “reasonable methods” provisions until April 2025. When fully implemented, companies may be required to treat a revocation request made in response to one type of message as applying to all other messages from that sender.
As of late 2025, the currently effective requirements include honoring revocation within ten business days, recognizing standard opt-out keywords, processing any reasonable revocation method, adding clear opt-out instructions to marketing texts, and honoring Do Not Call requests within ten business days. The requirements delayed until April 2025 include the requirement to treat revocation of one message type as applying to all message types and the requirement to coordinate revocation across affiliated systems.
Confirmation Message Requirements
Companies may send a one-time text message confirming a revocation request, but strict conditions apply. The confirmation must be sent within five minutes of the opt-out request and cannot include any marketing content. If the consumer provided consent for multiple message categories, the confirmation may request clarification about which categories to discontinue. However, if the consumer does not respond to a clarification request, revocation applies to all categories.
Example compliant confirmation:
You have been successfully unsubscribed from [Company Name] texts. You will receive no further messages. Reply HELP for support.
Example non-compliant confirmation:
You’ve been unsubscribed. Before you go, here’s 20% off your next purchase… [marketing content]
Technical Implementation
Effective revocation handling requires specific technical capabilities.
Real-Time Opt-Out Detection
Incoming messages must be scanned for opt-out keywords and similar expressions immediately upon receipt. Batch processing that runs overnight or weekly does not meet the ten-day requirement in practice, as messages sent during the processing delay may trigger violations.
Immediate Suppression
The phone number must be added to suppression lists in real-time, not queued for batch processing. Your system architecture must ensure that no message can be sent to a number after an opt-out request is received, regardless of campaign scheduling or queue depth.
Cross-System Synchronization
If you operate multiple SMS platforms, CRM systems, or marketing tools, opt-out status must propagate across all systems within the ten-day window (preferably much faster). A consumer who opts out via one platform must not receive messages from another platform you control.
Audit Trail
Document when opt-out requests were received, when they were processed, and when suppression was implemented. This documentation proves compliance if challenged and identifies any system delays that might create liability.
Re-Engagement Prevention
Once opted out, a consumer cannot be added back to SMS lists without fresh consent. You cannot assume their opt-out “expires” after some period. Even if years pass, the opt-out remains effective until the consumer provides new consent.
State Mini-TCPA Requirements for SMS
Florida Telephone Solicitation Act (FTSA)
Florida is the most active jurisdiction for telemarketing litigation, generating 330 TCPA-related cases in 2024 – nearly 12% of national filings. The Florida Telephone Solicitation Act creates specific SMS requirements that exceed federal standards in several ways.
Calling Hours
FTSA restricts texting to 8:00 a.m. to 8:00 p.m. local time – one hour narrower than the federal window. A text sent at 8:30 p.m. to a Florida consumer violates state law even though it complies with federal requirements.
Autodialer Definition
The FTSA definition is broader than federal law post-Duguid. Equipment that dials stored numbers “with one click or touch” may qualify as an autodialer under FTSA even without random number generation. Most SMS platforms meet this definition, meaning the Duguid defense that might work federally offers no protection in Florida.
Consent and Penalties
Prior express written consent is required for automated text messages, with seller identification requirements. Penalties of $500 per violation ($1,500 for willful violations) stack with federal TCPA damages for combined exposure of $1,000 to $3,000 per message. Consumers may sue directly, and class actions are permitted.
2023 Amendments
The Florida legislature added a 15-day safe harbor and procedural requirements for bringing claims, but the statute remains more restrictive than federal law. The safe harbor allows businesses to cure violations if certain conditions are met, but it does not eliminate liability for the underlying violation.
Oklahoma Telephone Solicitation Act (OTSA)
Oklahoma’s mini-TCPA creates unique frequency restrictions for SMS that have no federal equivalent.
Frequency Limits
The maximum is three communications per 24-hour period to the same number for the same goods or services. This applies regardless of consent status. Even with valid consent, sending four texts in one day to an Oklahoma consumer creates liability.
Hours and Holidays
Calling hours of 8:00 a.m. to 9:00 p.m. match the federal standard, but holiday restrictions prohibit communications on state and federal holidays. Oklahoma’s holiday calendar includes dates that might not be on a national operator’s radar.
Registration and DNC Requirements
Telephone sellers must register with the Oklahoma Attorney General. Additionally, Oklahoma maintains a separate Do Not Call registry requiring suppression in addition to the national registry. Prior express written consent with seller identification is required for automated texts.
Maryland Stop the Spam Calls Act
Maryland’s law, effective January 2024, adds restrictions on SMS marketing. The calling hours are 8:00 a.m. to 8:00 p.m. local time – one hour narrower than federal law. The autodialer definition is broader than federal law, potentially capturing SMS platforms excluded from federal ATDS liability post-Duguid. Enforcement rests with the Attorney General, with private right provisions still being interpreted by courts.
Texas Telemarketing Expansion (September 2025)
Texas Senate Bill 140 significantly expanded state telemarketing law effective September 2025.
Expanded Scope
The definition of “telephone solicitation” now explicitly includes text messages and other electronic transmissions. This removes any ambiguity about whether SMS falls within Texas telemarketing law.
Registration and Bonding
Businesses conducting telephone solicitations to or from Texas must register with the Secretary of State and post a $10,000 security bond. This creates an administrative barrier that smaller companies may find burdensome.
DTPA Integration
Violations are actionable under the Texas Deceptive Trade Practices Act, allowing actual damages, mental anguish damages, treble damages for intentional violations, and attorney’s fees. This creates exposure beyond statutory per-message damages.
Unique Calling Hours
Texas restricts texting to 9:00 a.m. to 9:00 p.m. Monday through Saturday, with a unique Sunday restriction of 12:00 p.m. to 9:00 p.m. This means a text sent at 10:00 a.m. on Sunday to a Texas consumer violates state law even though it would comply with federal requirements.
Compliance Strategy for Multi-State SMS
For national SMS campaigns, two practical approaches exist.
Option 1: Apply Most Restrictive Standard Universally
This approach uses the 9:00 a.m. to 8:00 p.m. window for all messages (meeting the Connecticut standard), limits to three texts per day per number (meeting the Oklahoma standard), captures one-to-one consent identifying specific senders, suppresses against all state DNC lists, and skips state and federal holidays. This sacrifices some operational flexibility for compliance simplicity, but ensures that any message sent is compliant in every state.
Option 2: Implement State-Level Routing Logic
This approach geocodes each phone number to state (not relying on area code), applies state-specific rules for calling hours, frequency, and consent, tracks frequency limits at the state level for Oklahoma, and maintains state-by-state suppression and holiday calendars. This preserves operational flexibility but requires sophisticated platform capabilities and ongoing maintenance as state laws evolve.
SMS Do Not Call Compliance
National DNC Registry
The National Do Not Call Registry, maintained by the FTC, contains over 240 million phone numbers. Marketing text messages to numbers on this registry without prior express written consent violate both TCPA and FTC Telemarketing Sales Rule requirements.
Suppression Requirements
Every marketing SMS campaign requires scrubbing against the national registry before sending. Registry data must be updated at least every 31 days (the legal maximum interval), and suppression must be documented for each campaign. These records provide evidence of compliance if your practices are later challenged.
Prior Relationship Exception
Numbers on the registry may be contacted if the consumer has an established business relationship with your company or has provided prior express written consent. Consent obtained through lead forms typically satisfies this exception for the consented party, but the consent must meet all PEWC requirements to provide this protection.
State DNC Registries
Multiple states maintain separate Do Not Call registries beyond the national list, including Florida, Oklahoma, Texas, Colorado, Indiana, Missouri, Pennsylvania, and Tennessee. Your SMS suppression process must include applicable state registries in addition to the national list. Commercial suppression services typically aggregate these sources, but verify coverage for all states in your messaging footprint.
Internal DNC Lists
Beyond external registries, you must maintain internal Do Not Call lists of consumers who have replied STOP or used other opt-out language, requested via phone, email, or other channel not to receive messages, or previously opted out from your SMS program. Internal DNC lists must be checked before every message. A consumer’s opt-out request creates permanent suppression for your company’s marketing unless they provide fresh consent.
Litigator Suppression
Approximately 31-41% of TCPA plaintiffs are serial litigators – individuals who actively seek non-compliant communications to generate lawsuits. Litigator suppression lists, maintained by companies like Contact Center Compliance and PossibleNOW, identify phone numbers and names associated with TCPA litigation history.
While litigator suppression does not eliminate compliance obligations, it reduces the probability of contacting individuals who are actively seeking litigation opportunities. Consider litigator screening as a supplemental protection layer, not a substitute for proper consent and compliance.
SMS Consent for Purchased Leads
The Consent Transfer Problem
When you purchase leads from third-party generators, the consent obtained by the generator must cover your company’s communications. This creates specific requirements.
Seller Identification
The consent language must have identified your company – or the category of companies including yours – as a party authorized to send messages. Generic consent to “partners” or “affiliates” without specific identification may be insufficient to provide the legal protection you need.
Consent Verification
Before sending SMS to purchased leads, retrieve and review the consent documentation. Verify that your company or your category was identified in the disclosure, that the consent included authorization for text messages specifically, that consent was not a condition of purchase, and that the disclosure was clear and conspicuous. Any deficiency in these elements creates liability when you contact the lead.
Certificate Review
If TrustedForm or Jornaya certificates are provided, claim the certificates and review the session recording or data capture. Confirm the consent language displayed actually meets requirements. A certificate that documents deficient consent is evidence against you, not for you.
One-to-One Consent Considerations
The FCC’s one-to-one consent rule was vacated by the Eleventh Circuit in January 2025, meaning multi-seller consent remains technically permissible under federal law. However, industry practice has shifted significantly. Many sophisticated lead buyers now require one-to-one consent or near-equivalent specificity regardless of regulatory requirements because the litigation risk from vague multi-seller consent exceeds the operational convenience.
State requirements may also be stricter than federal law. Florida and Oklahoma consent requirements emphasize specific seller identification, and multi-seller consent with dozens of named parties may not satisfy these state standards.
The best practice for lead generators is implementing dynamic consent disclosure that identifies the specific buyer(s) who will receive each lead at the moment of consent capture. This approach provides the strongest legal protection while maintaining operational flexibility.
Lead Quality and Compliance Correlation
Non-compliant leads are worthless leads. A lead with defective consent generates liability when contacted, and that liability may exceed the lifetime value of thousands of compliant leads.
Evaluate lead sources not just on volume and conversion but on consent quality. Examine what consent language the generator uses and how seller identification is handled. Determine what verification (TrustedForm, Jornaya) is provided and what the certificate claim rate and review process looks like. Assess the return/dispute rate for leads from each source. High consent quality costs more per lead but eliminates litigation risk that can dwarf per-lead economics.
10DLC Registration Requirements
What Is 10DLC?
10DLC (10-Digit Long Code) is a carrier-mandated registration system for application-to-person (A2P) SMS messaging in the United States. As of 2023, major carriers require 10DLC registration for businesses sending SMS through standard 10-digit phone numbers.
The system was implemented to combat spam and improve SMS deliverability by verifying sender identity and message content.
Registration Process
10DLC registration involves three components.
Brand Registration
Register your business with The Campaign Registry (TCR), providing business information, EIN, contact details, and use case description. This establishes your identity as a verified sender and enables carriers to associate your messages with a legitimate business entity.
Campaign Registration
Register each SMS use case (marketing, transactional, etc.) with descriptions of message content, opt-in methods, and expected volume. Each campaign is vetted for compliance with carrier requirements. The vetting process examines your consent practices and message content to ensure they meet carrier standards.
Number Assignment
Associate your 10-digit phone numbers with registered campaigns. Numbers can only send messages for their assigned campaign types. This creates accountability – if a number is used to send spam, carriers can trace it back to the registered brand.
Timeline and Costs
Brand registration typically takes 1-5 business days. Campaign registration takes 2-8 weeks depending on use case complexity and carrier vetting. Plan accordingly – if you need to launch an SMS campaign quickly, begin the registration process well in advance.
Cost structures include a one-time brand registration fee (typically $4-44 depending on vetting level), monthly fees per campaign (typically $4-15), and per-message carrier fees that vary by carrier and message volume. These costs are minimal compared to the deliverability benefits and are essential for commercial SMS marketing.
Consequences of Non-Registration
Unregistered SMS campaigns face significant obstacles. Carrier filtering means messages may be blocked or filtered as spam, never reaching the intended recipient. Delivery rates drop significantly for unregistered numbers, undermining campaign effectiveness. Carriers may suspend or terminate non-compliant numbers entirely, disrupting operations. Throughput limitations restrict unregistered numbers to minimal message volume, making scale impossible. For commercial SMS marketing, 10DLC registration is effectively mandatory for reliable delivery.
Lead Generation Use Cases
When registering campaigns for lead generation SMS, register for marketing/promotional use cases if sending marketing messages to leads. If sending both marketing and informational/transactional messages, you may need separate campaign registrations to properly categorize your message types.
Campaign registration requires describing your opt-in process, consent capture, and opt-out handling. Accurate description is required – misrepresentation can result in registration denial or revocation. The information you provide during registration should reflect your actual practices, as carriers may audit compliance.
Documentation and Litigation Defense
Building Defensible Records
When litigation arrives – and for active SMS marketers, it is a matter of when, not if – your defense depends on documentation created at the time of consent and messaging.
Consent Documentation
Consent documentation must include the exact timestamp of consent (not reconstructed later), the IP address of consent submission, and the full consent language displayed (not a template – the actual language shown). Evidence of affirmative action such as checkbox state, button click, or signature must be captured, along with the phone number consented, the form URL and version, and session recording or replay through TrustedForm or Jornaya.
Message Documentation
Message documentation must include the timestamp of each message sent, the phone number messaged, and the message content. Each message should be linked to the consent record that authorized it. Capture delivery status, any responses received, and opt-out requests with their processing timestamps.
Suppression Documentation
Suppression documentation must include DNC registry check timestamps, litigator list check results, internal DNC list verification, and opt-out history for each number. This evidence demonstrates that you checked required sources before sending each message.
Retention Requirements
Retain all documentation for at least four years after the last contact – the TCPA statute of limitations. Industry best practice is five years or longer.
Ensure documentation survives platform migrations, vendor changes, and system updates. When you switch SMS platforms or CRM systems, consent records must transfer completely.
Consent Verification Services
TrustedForm generates certificates documenting the consumer’s session on lead capture forms. The certificate includes a visual recording of what the consumer saw and did, providing third-party evidence of consent.
Jornaya LeadiD/TCPA Guardian provides similar consent documentation with additional behavioral intelligence about consumer shopping patterns.
Both services have been accepted by courts as evidence of consent in TCPA litigation. The key is claiming certificates at the time of lead acquisition (not later) and reviewing them before contact.
A critical distinction applies to these services. The certificates document what happened – they do not ensure compliance. If your consent language was deficient, the certificate documents your problem rather than solving it. Review certificates to verify compliance, not just to check that a certificate exists.
SMS Platform Compliance Features
Essential Platform Capabilities
Your SMS platform must support specific compliance functions across several categories.
Time Zone Management
The platform must provide automatic determination of recipient time zone and hard blocking of messages outside permitted hours. State-specific hour rules (Florida’s 8 p.m. cutoff, Connecticut’s 9 a.m. start) require configurable logic, and holiday calendar integration prevents messages on restricted days.
Opt-Out Processing
Opt-out processing requires real-time keyword detection for STOP, QUIT, CANCEL, and similar terms. The platform must implement immediate suppression upon opt-out with cross-system synchronization across all your marketing tools. Confirmation message automation handles required responses, and an audit trail of opt-out requests and processing provides litigation documentation.
Suppression Integration
Suppression integration must include National DNC Registry connection, state DNC list support, and internal DNC list management. Litigator list integration adds an additional protection layer. Most critically, the platform must perform real-time suppression checks before each message – not batch checks that might miss recent opt-outs.
Consent Verification
Consent verification capabilities should include TrustedForm and Jornaya certificate retrieval, consent status tracking per number, consent expiration and refresh handling, and documentation storage and retrieval. These features ensure you can prove consent for every message sent.
Compliance Reporting
Compliance reporting should provide opt-out rates by campaign, delivery rates and carrier feedback, time-of-day distribution analysis, and state-by-state volume tracking. These reports identify potential compliance issues before they become litigation.
Platform Evaluation Criteria
When selecting or evaluating SMS platforms for lead generation:
| Feature | Why It Matters |
|---|---|
| 10DLC registration support | Required for reliable delivery |
| Real-time opt-out processing | Compliance with 10-day rule |
| Time zone-aware scheduling | Prevents off-hours violations |
| DNC integration | Automated suppression checking |
| API/webhook capabilities | Integration with lead systems |
| Consent documentation | Litigation defense support |
| State-specific rules | Multi-state compliance |
| Audit logging | Evidence for compliance verification |
Frequently Asked Questions
1. Does the TCPA apply to text messages?
Yes. Courts have consistently held that text messages constitute “calls” under the Telephone Consumer Protection Act. The same requirements that apply to automated phone calls – prior express written consent for marketing, calling hour restrictions, opt-out processing, and Do Not Call compliance – apply to SMS marketing. Statutory damages of $500 to $1,500 per message apply to non-compliant texts.
2. What consent do I need to send marketing text messages?
Marketing text messages sent using automated technology require prior express written consent. This consent must be in writing (electronic signatures are acceptable), signed by the consumer, include clear authorization for text messages, identify the specific phone number, not be a condition of purchase, and include clear and conspicuous disclosure of what the consumer is authorizing.
3. What are the permitted hours for sending marketing text messages?
Federal law permits marketing texts between 8:00 a.m. and 9:00 p.m. in the recipient’s local time zone. Several states impose narrower windows: Florida and Maryland use 8:00 a.m. to 8:00 p.m., Connecticut uses 9:00 a.m. to 8:00 p.m., and Texas has Sunday-specific restrictions. Apply state rules based on recipient location, not sender location.
4. How do I handle opt-out requests for SMS?
Under April 2025 FCC rules, you must honor revocation requests within 10 business days through any reasonable method. Keywords including STOP, QUIT, REVOKE, OPT OUT, CANCEL, UNSUBSCRIBE, and END trigger immediate revocation. You may send one confirmation message within five minutes of the opt-out, but it cannot contain marketing content.
5. Can I send text messages to numbers on the Do Not Call Registry?
Marketing text messages to numbers on the National Do Not Call Registry are prohibited unless the consumer has provided prior express written consent or has an established business relationship with your company. You must suppress against the national registry and any applicable state registries before sending marketing texts.
6. What are state mini-TCPA laws and how do they affect SMS?
State mini-TCPA laws are state-level telemarketing statutes that impose requirements beyond federal standards. Florida’s FTSA and Maryland’s law restrict texting hours to 8 a.m.-8 p.m. Oklahoma limits texts to three per 24 hours to the same number. Texas requires registration and has Sunday restrictions. These state laws create additional liability independent of federal TCPA claims.
7. How long should I keep SMS consent records?
Retain consent documentation for at least four years after the last message sent – matching the TCPA statute of limitations. Industry best practice is five years or longer. Documentation must include timestamp, IP address, exact consent language displayed, evidence of affirmative action, and the phone number consented.
8. What is 10DLC and do I need it for SMS marketing?
10DLC (10-Digit Long Code) is a carrier registration system for business SMS messaging. As of 2023, major carriers require 10DLC registration for application-to-person messaging. Unregistered campaigns face filtering, reduced deliverability, and potential number suspension. For commercial SMS marketing, 10DLC registration is effectively mandatory.
9. Can I text leads purchased from a third party?
Yes, but only if the consent obtained by the lead generator covered your company’s communications. Before texting purchased leads, verify that the consent language identified your company or your category as authorized to send messages, that text messages were specifically authorized, and that the consent meets all PEWC requirements. Retrieve and review TrustedForm or Jornaya certificates.
10. What happens if I accidentally text someone who opted out?
A single text message following an opt-out request creates $500 to $1,500 in potential statutory damages under the TCPA – plus additional damages under applicable state laws. The damages are strict liability; intent does not matter. Implement real-time opt-out processing and audit suppression systems regularly to prevent post-opt-out messages.
Key Takeaways
-
Text messages are “calls” under the TCPA. Every compliance requirement for automated phone calls applies to SMS marketing – prior express written consent, calling hour restrictions, opt-out processing, and DNC suppression. Statutory damages of $500-$1,500 per message apply.
-
Prior express written consent requires six specific elements. Written agreement, consumer signature, clear SMS authorization, specific phone number identification, not a condition of purchase, and clear/conspicuous disclosure. Missing any element creates liability.
-
Federal calling hours are 8 a.m. to 9 p.m. recipient time. State laws narrow this further: Florida and Maryland use 8 a.m.-8 p.m., Connecticut uses 9 a.m.-8 p.m. Apply the most restrictive applicable window based on recipient location, not sender location.
-
The April 2025 FCC revocation rules require 10-day opt-out processing. Standard keywords (STOP, QUIT, CANCEL, etc.) trigger immediate revocation. Confirmation messages cannot contain marketing content and must be sent within five minutes.
-
State mini-TCPA laws create stacked liability. A single non-compliant text to a Florida consumer can trigger both federal TCPA and Florida FTSA claims, doubling exposure to $1,000-$3,000 per message. Map your SMS footprint to state-specific requirements.
-
10DLC registration is required for reliable delivery. Major carriers require campaign registration for business SMS. Unregistered campaigns face filtering, reduced deliverability, and number suspension.
-
Document everything at the time of consent. Consent verification through TrustedForm or Jornaya provides litigation defense, but certificates must be claimed, retrieved, and validated – not assumed compliant.
-
Purchased leads require consent verification before texting. The consent captured by the lead generator must have identified your company and authorized text messages. Review certificates before contact, not after litigation arrives.
-
The cost of compliance is a fraction of one lawsuit. Consent verification costs pennies per lead. A single TCPA class action averages $6.6 million in settlement. The math strongly favors building compliance infrastructure before you need it.
Building SMS Compliance from Day One
The economics of SMS marketing make it an extraordinarily valuable channel for lead generation. The 98% open rate, 45% response rate, and sub-minute read times create engagement that email cannot match. For speed-to-lead strategies where every minute matters, SMS is often the difference between conversion and loss.
But those same economics make compliance essential. The $500-$1,500 per-message statutory damages, the 80% class action filing rate, and the $6.6 million average settlement create exposure that can exceed a company’s total value from a single campaign.
Those who succeed with SMS marketing treat compliance as infrastructure, not afterthought. They capture documented consent at the point of lead acquisition. They implement real-time opt-out processing. They maintain timezone-aware scheduling. They verify consent before every message. They retain documentation for the full statute of limitations.
This infrastructure costs money. TrustedForm certificates, SMS platforms with compliance features, DNC suppression services, legal review of consent language – these investments reduce marketing budget available for message volume.
But the alternative – cutting compliance corners to maximize message volume – is not actually an alternative. It is a countdown to litigation that makes the compliance investment look like rounding error.
The math is unforgiving. Build compliance first.
This article provides general information about TCPA compliance for text message marketing. It is not legal advice. TCPA requirements change through FCC rulings, court decisions, and state legislation. State law requirements vary significantly and evolve regularly. Consult qualified TCPA counsel for guidance on your specific situation and current requirements.
Statistics and regulatory information current as of late 2025. Sources include FCC regulatory filings, WebRecon LLC litigation data, and industry compliance resources.
Word count: approximately 5,200 words