The essential SMS compliance guide for business texting in the US

For many businesses, texting is the single most efficient way of communicating with customers today. Yet, despite your team and other well-intentioned companies’ best efforts to respect customers’ inboxes, spam has become an increasingly frustrating issue for many recipients.

As a result, SMS compliance laws exist to keep businesses accountable (and consumers’ inboxes a little clearer). In this guide, we explore everything you need to know about text message compliance guidelines in the United States to ensure you’re respecting customers’ rights — while also avoiding some potential hefty fines.

Who exactly is behind SMS compliance regulations?

In the US, there are four different groups that regulate communication over text:

1. The Federal Communications Commission (FCC)
2. The Federal Trade Commission (FTC)
3. The Cellular Telecommunications Industry Association (CTIA)
4. Mobile network operators (e.g. AT&T, Verizon, etc.) 

Below, we’ll dive into each, covering how they affect business texting and what you need to know about each. 

Federal Communications Commission (FCC)

The Federal Communications Commission (FCC) is an American government agency that oversees media communications and parental guidelines. The FCC has one major act that governs SMS compliance requirements: the Telephone Consumer Protection Act (TCPA).

The TCPA is a federal law that requires companies to gain express written consent from their mobile subscribers before sending them promotional messages via text. The TCPA makes it illegal to send spam text messages — violations can result in fines between $500 and $1,500 per infringement.

Federal Trade Commission (FTC)

Similar to the FCC, the Federal Trade Commission (FTC) is a federal agency that manages complaints of any theft, deception, and violence that occur through media.

The FTC’s Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act is a federal law that regulates the content businesses can send in text messages (and how they can send those messages). Texts found in violation of CAN-SPAM can cost businesses $500 per individual text — which can quickly add up if your SMS campaign goes out to hundreds (or thousands) of customers.

To ensure you comply with the CAN-SPAM Act, you’ll need to keep in mind you need to supply opt-out information and clear identification of your business (keep reading as we share this in our best practices section). 

Cellular Telecommunications Industry Association (CTIA)

The Cellular Telecommunications Industry Association (CTIA), unlike the FCC and the FTC, isn’t a government agency. Instead, it’s a trade association of mobile carriers that have come together to set standards for businesses sending SMS messages.

Since the CTIA isn’t a government agency, you can’t be sued (or fined) for not following CTIA’s messaging principles and best practices. However, if you violate their rules, the CTIA can report you to their network of carriers, who can suspend your access to their customers until you resolve the problem.

Mobile network operators

Mobile network operators — also known as wireless carriers — are the service providers who connect you to their customers (i.e., your subscribers). These operators work with the FCC to try and protect their customers from unwanted spam. 

Operators now require companies to submit their business numbers for 10DLC registration if they plan to use those numbers for business texting. Companies also need to follow their operators’ rules for sending compliant messages, and each operator has different rules in place regarding messaging.

If you use a virtual business number to text customers, your messages need to abide by the rules enforced by your recipients’ carrier. Since these vary by operator, it’s better to be safe than sorry when it comes to sending compliant messages — especially since some carriers (like T-Mobile) can fine you up to $10,000 per violation.

Best practices for sending compliant SMS texts

As you can probably tell by now, there are quite a few moving parts involved in regulating business texting. However, sending compliant messages doesn’t have to mean doing a deep dive into each organization’s rules and regulations. Instead, err on the side of caution and follow these nine SMS compliance best practices.

1. Submit campaign and business information to your provider

If you use a virtual number to text anyone with an American phone number on behalf of your business, you’ll need to complete US carrier registration. The process for doing so varies by provider. 

For OpenPhone users that have local numbers and a paid workspace (not currently on a free, seven-day trial), any owner or admin for your workspace can complete the US carrier registration form using our web or desktop app. If you have a toll-free number, check out our guide to toll-free number verification. 

2. Identify yourself in the first text and include opt-out messaging

Every time you start a new text conversation with a recipient, you need to clearly identify yourself. 

Here’s what identifying yourself in a text message looks like:

Hey [Name]. It’s Donna from Acme Care here. We miss you. It’s time for your annual physical. When is a good time to call and schedule an appointment? I can also book a time via text. To opt out of receiving messages, reply STOP.  

The initial text you send to a recipient also needs to include clear instructions on how to opt out of future messages, such as “Reply STOP to unsubscribe.” (You can also use a different opt-out keyword here, such as STOPALL, UNSUBSCRIBE, QUIT, CANCEL, or END.)

Also, keep in mind you don’t have to worry about identifying yourself in any follow-up messages within an ongoing conversation. 

3. Get proper consent for texting

Getting consent from your subscribers means that, before you send a recipient an initial text, they agree to allow you to communicate with them.

With two exceptions, you need to have explicit consent before texting someone. These are the two exceptions:

1. An individual initiates contact with you: If someone texts you first, you’re free to respond to them. Their inbound message counts both as consent and proof of consent. However, their SMS consent only applies to that particular conversation. So, if someone texts you asking for your hours of operation, you can answer that question — but you don’t have additional consent to send them marketing or sales texts.
2. You’re sending informational content to an individual based on a prior relationship:  If you have a pre-existing relationship with someone and they’ve provided you with their phone number, you can send them a text. Just make sure they’ve taken some action to initiate communication with you — such as placing an order, requesting an appointment reminder, receiving a one-time password, or setting up an alert — and that they haven’t asked you not to communicate with them.

Now, outside of those exceptions, how do you get consent?

Gaining consent to text

It needs to be crystal clear to your potential subscribers that they’re signing up to receive recurring, automated texts. This consent information needs to be front and center in any of your signup pages or other marketing materials, positioned close to any call-to-action buttons — not added as a footnote in tiny, illegible font.  

CTIA also advises including terms and conditions and privacy policy links in your opt-in page or email.

For consent to be valid, it needs to meet these requirements:

• If you don’t send an initial message to a recipient within a reasonable time period after receiving consent, you’ll need to reconfirm consent in the first message you send to that recipient.
• You can only send messages within the scope of the specific use case or marketing campaign your recipient consented to. Their consent to a specific campaign doesn’t give you blanket consent to contact them about anything you’d like. For instance, if a customer consents to receive messages about houses hitting the market, you can’t then send them additional messages about house insurance plans you’re selling.
• You need to keep a copy of your recipient’s consent in your records — whether it’s a copy of the document the recipient signed or a timestamp of when a customer completed a sign-up flow. Hold on to your proof of consent even after a contact opts out of receiving messages; you’ll want it in case a dispute arises over TCPA’s opt-in/opt-out guidelines.

CTIA’s messaging principles and best practices also recommend sending subscribers opt-out instructions at least once a month. 

One last (but important) thing to keep in mind with consent: you can’t buy, sell, or exchange consent. For instance, if you buy a phone list from another party, you don’t automatically obtain the express consent of those recipients — you still need to obtain it separately.

4. Make it clear to recipients exactly what they’re signing up for

In both your sign-up materials and your very first text to recipients, clearly identify what subscribers are signing up for — whether that’s text updates or recurring marketing texts. 

In your very first text to a recipient, CTIA guidelines say you should include the following for ongoing text campaigns:

• A description of your text messages (for example, “text updates from OpenPhone”)
• Your expected message frequency
• Customer care contact information (whether that’s a toll-free number, 10-digit telephone number, or HELP command instructions)
• A note that SMS and data rates may apply
• Instructions on how to opt out of messages

In any text messages after that first outreach, the FTC requires that you clearly identify whether your text is an ad (or selling products or services).

5. Provide a second opt-in for marketing texts

Even if your consent information takes center stage in your sign-up materials, it’s recommended that you still get consumers to double opt-in to your text message marketing. 

That means that after a subscriber gives you their phone number to text, you still ask them to confirm their opt-in with your first text. (For example, asking subscribers to text “Yes” to confirm their sign-up.)

Looking for more inspiration for sending compliant texts? Check out our guide spotlighting SMS opt-in examples.

6. Let recipients know how to get in touch with you

To comply with FTC guidelines, make sure your text includes a return phone number that subscribers can reach out to. This is particularly relevant if you are texting from a shortcode. 

The CTIA also requires that you give recipients the ability to request help by responding “help” to any of your texts. This should give subscribers information on your program name and details on how to get further help.

7. Schedule texts during business hours

Under TCPA compliance guidelines, it’s illegal for companies to send promotional texts (or call individuals) outside of 8:00 AM to 9:00 PM. These times are based on your recipient’s time zone.  

8. Avoid generic link shorteners

Link shorteners take a long URL and turn it into a more compact version. While these can be handy for sending messages, carriers filter out messages containing free, public link-shortening services like bit.ly or tiny.url. This is because spammers and scammers often use this type of free shortened link.

If you want to include a shortened URL in your message, use a dedicated short domain that belongs to your business through a service like Rebrandly. Here’s an example of a text (from reservations platform OpenTable) that includes a branded URL that meets operator expectations:

You’ve been added to the waitlist by Pai Northern Thai Kitchen for 2. Reply 9 to cancel, STOP to end msg. See more: https://n.opn.tl/HZKnRhDh.

9. Steer clear of certain forbidden topics

Avoid any content related to sex, hate speech, alcohol, firearms, or tobacco in your text messages. (These topics are known by the acronym of SHAFT, and they’re regulated by the CTIA.)

On top of the topics regulated by the CTIA, providers each have a list of forbidden categories that are against their terms of service. Scroll down to “Forbidden categories” below to see a few categories commonly blacklisted in the United States.

Key phrases you need to know for SMS compliance

If you’re not already familiar with some key terms in SMS compliance, the whole ordeal can quickly become confusing. Here are some key phrases you should know when navigating SMS compliance.

Forbidden categories

“Forbidden categories” are message content categories expressly communicated by your provider as being against their terms of service. 

In the United States, these categories usually include:

• High-risk financial services, such as payday loans, student loans, or cryptocurrency
• Debt collection or forgiveness
• Third-party lead generation services
• Illegal substances, such as cannabis or fireworks
• Gambling
• Get-rich-quick schemes, such as pyramid schemes
• Prescription drugs
• SHAFT categories (i.e., anything involving sex, hate, alcohol, firearms, or tobacco)

If you’re an OpenPhone customer, check out our guide to forbidden categories on our platform. 

Opt in

The term “opt in” refers to a type of consent given by individuals. In this case, the individual is authorizing a third party to contact them.

Opt out

The term “opt out” refers to the revocation of previously given consent to be contacted. In this case, the individual is withdrawing their consent to be contacted.

Promotional texts

Promotional text messages are sent by a company to advertise a product, service, event, or offer to their customers. They’re often sent in bulk to a pre-existing list of recipients.

SHAFT regulations

An acronym for topics the CTIA prohibits companies from sending content about. These topics include sex, hate, alcohol, firearms, and tobacco.

One exception to SHAFT: tobacco and alcohol content is allowed on local numbers (not toll-free numbers), as long as the company has used age-gating to ensure underage consumers can’t access the content.

Transactional texts

Transactional texts are SMS messages that contain information your customers need in order to use your product or service. Keep in mind, this doesn’t mean simply helpful information — it means necessary information.

What qualifies as a transactional message? A few examples include:

• Order confirmations that include tracking numbers
• Two-factor authentication messages
• Password resets
• Reservation confirmations that require a response to confirm

Written consent

Written consent is a type of permission you receive from contacts, which shares their consent to be contacted by you. In written consent, contacts confirm that they want to receive messages from you and they’re giving their consent willingly.

Start sending compliant business texts with OpenPhone

SMS compliance guidelines exist for a good reason: they keep individuals protected in the ever-growing fight against spam. To learn more about staying compliant when calling others, check out our explainer on the FCC’s STIR/SHAKEN protocol.

If you’re ready to start sending compliant texts, learn how you can use OpenPhone to message clients seamlessly as a team — complete with auto-replies, scheduled messages, and saved message templates.