Skip to content

A bridge too far: Why new regulations spell the end for SMS spam

An illustration of a phone with the icon of a bridge on the screen and the words

On a Wednesday morning a few weeks ago, as I prepared for a work meeting, my phone buzzed. I instinctually pulled the phone out of my pocket and read the text message notification.

“I know a good Chinese restaurant. Are you free tomorrow?” it read.

My mouth began to water 🤤. But as much as I love Chinese food and was free to meet up for lunch the next day, I ignored the message.

It was one of many unsolicited text messages I’ve received over the last few years — all from an unknown number acting like we already had an established relationship.

Example spam text message Phishing text example Phishing text example with question to try to get someone to reply
These are just a handful of actual SMS spam messages I received in June and July 2023.

SMS spam used to be more obvious and blatantly nefarious than the ones inviting me to enjoy a good Chinese meal. They made false-but-believable claims, saying I won a new iPhone or there was a mistake with my package delivery. They always encouraged me to click a link, which would take me to a fake website asking me to input sensitive information like my social security and bank account numbers.

If you’re like me, you don’t receive more obvious text message scams anymore. That’s because carriers like Verizon and AT&T began filtering messages that contain links and keywords commonly used by scammers (e.g., no cost, free, CALL NOW!).

And now they’re putting a stop to these seemingly innocent text messages (like my Chinese food 🥢 invitation) from getting through in the United States.

This latest regulation is called A2P 10DLC — a bewildering acronym that we’ll translate in a bit. For now, let’s break down why this is happening and what you need to know about it.

Why are US carriers forcing everyone to comply with these regulations?

Unsolicited text messages from unknown numbers, like the one inviting me to a Chinese restaurant, aren’t obviously a scam from the outset. But friends and colleagues who’ve replied to these messages explain what happens next.

According to everyone I spoke with on social media and OpenPhone’s internal Slack channels, the sender continues to play innocent. They act embarrassed and apologize for having the wrong number.

These “oops! wrong number” messages, however, eventually start prying information from the recipient — their name, place of work, etc — while pretending to establish a relationship.

Inevitably, they quit playing games.

“I have a friend and his younger brother who fell for the same crypto scam,” says an OpenPhone employee who wishes to remain anonymous to avoid attracting scammers. “[They] let someone take over their Instagram accounts, and ultimately had to make new accounts. The crazy part was the younger brother fell for the scam from his older brother’s stolen account well over a week after it happened and I thought we all knew about it.”

This anecdotal story is one of many. Last summer the Federal Communications Commission (FCC) issued a warning, saying complaints about unwanted text messages rose 168% from 2019 to 2021. A few weeks earlier, the Federal Bureau of Investigations (FBI) issued a separate warning that estimated the loss associated with cryptocurrency scams to be $42.7 million.

This is why US carriers are stepping in with a set of new regulations called A2P 10DLC, which we’ll go over in detail next.

Okay, but what the heck is A2P 10DLC?

While it looks like a license plate number or a vehicle identification (VIN) number, A2P 10DLC compliance is a set of carrier regulations.

  • A2P stands for application-to-person and refers to any text message coming from a business.
  • 10DLC refers to 10-digit long codes — aka the 10-digit combination we typically call “a phone number.”

But let’s forget about that technical jargon and use an analogy to explain these new regulations in terms a five-year-old can understand.

Imagine a bridge called the SMS Bridge.

For the longest, all types of traffic — personal, commercial, and even spam — used the SMS Bridge to send messages back and forth.

But eventually, the commercial traffic got heavier and heavier, causing congestion. Worse, spammers were using the SMS Bridge to scam people on either side.

To fix this problem, a new bridge called the A2P Bridge was built. This new bridge was designed to handle the heavy flow of business messages and reduce congestion on the SMS Bridge — which is now for personal traffic only.

To use the A2P Bridge, businesses provide information about the business, industry, and the type of messages it intends to send. This registration process is used to determine how much traffic the business can send across the bridge.

The highly regulated A2P Bridge blocks spammers from using it. And, because the A2P Bridge diverts commercial traffic away from the SMS Bridge, it’s a lot easier to spot spammers trying to send messages across the SMS Bridge.

In short, A2P 10DLC is good for your business and its customers

If my analogy of two bridges — one for personal traffic, one for registered commercial traffic — is clear, you’ll understand how these new regulations are good news for all of us.

On the one hand, SMS spammers will find it harder to invite us to Chinese restaurants and pull their cryptocurrency scams on innocent victims.

On the other, more important one, by registering your business to use A2P 10DLC messaging, all your SMS communications with customers will enjoy improved deliverability, and your customers can rest assured you’re a legitimate, trustworthy business when they receive your messages. 

So that’s why carriers in the United States are imposing these new regulations and providers like OpenPhone are requiring customers to register their businesses.

To learn more about, including detailed instructions on how to register your business to comply with these new regulations, we compiled these helpful resources:

4.8/5 - (10 votes)