TCPA opt in and opt out requirements for SMS messaging: What you need to know

Looking to ensure your business is TCPA compliant with text messaging?

This guide covers everything you need to know about TCPA guidelines for opt-ins and opt-outs.

Here are the details at a glance:

• You must obtain express consent from recipients before sending messages
• You must provide recipients with a way to opt out of your messages
• You must only message recipients between 8 AM and 9 PM (their time)
• You must include your business name in all text messages
• You must honor opt-outs and remove people from your list if requested

We dive into each of these points in more detail below.

We also share eight TCPA-compliant text message examples you can use to get started at the bottom of our guide.

The TCPA’s requirements for SMS explained

Before diving into the TCPA details, let’s start by defining our terms.

The TCPA stands for the Telephone Consumer Protection Act, a law passed in the United States to protect consumers from unethical telemarketing calls. But now that 47% of all businesses use SMS to communicate with customers, it also applies to business text messaging as well.

What happens if you don’t follow TCPA guidelines? Potentially class action lawsuits or hefty fines. Depending on the severity of your TCPA violations, you may have to pay hundreds or more in penalties. We cover this in more detail later on.

So what rules do you need to follow for TCPA-compliant text messages? And how can you help customers opt in and out effectively? 

You must:

• Communicate during business hours
• Include your business name in messages
• Get consent and keep records

Let’s break it down.

Only communicate during business hours

The TCPA states it’s illegal to communicate with customers outside of business hours, which by their definition is between 8 AM and 9 PM. This means you can’t send text messages before 8 AM or after 9 PM — or risk suffering the consequences of a TCPA violation.

Include your business name in initial messages

The first message you send to recipients should include your business name (and your personal name if applicable) so customers can immediately tell who’s on the other end.

Here’s an example of this in action:

Hey [name], this is [your name] from [business]. We’re looking forward to seeing you on [date/time] for your appointment. To stop receiving messages from us, type ENDALL.

Keep in mind you don’t need to reintroduce yourself if you’re sending a follow-up message in the same conversation. If it’s been a few weeks or you’re switching conversations, you need to re-disclose your name to stay compliant.

Acquiring consent

The TCPA says you need ‘prior express written consent’ before sending texts to recipients. This means you need to store solid records of SMS consent in case a dispute arises. You may also want to create a system for double opt-ins (which we cover in the section below).

Keep in mind you can’t buy, sell, or trade recipient consent. It’s illegal to purchase phone numbers from a third-party provider. Plus, your recipients need to know exactly what they’re consenting to. This means they have the ability to read your terms and conditions (as well as your privacy policy) before consenting to messages.

You can get clear written consent from customers through methods like:

• Asking them to opt in digitally, such as filling out a web form on your site. Or, if you have access to shortcodes, you can get them to opt in by texting a keyword like YES.
• Asking them to opt in through a paper form, such as a sign-up sheet passed out during an event. You need to store these papers in a secure location for future reference (especially in case legal disputes come up).

And don’t forget: recipients must always have a way to opt out of your messages if they no longer want your texts.

CTIA recommends double opt-in for recurring texts

Getting consent for business text messaging is a serious matter of consumer privacy. That’s why the Cellular Telecommunications Industry Association (CTIA), a trade association associated with the large US cell carriers, require double opt-in to err on the side of caution.

Although the CTA isn’t a legal entity controlled by the Federal Communications Commission (FCC), they still have some legal sway. If they catch you violating their guidelines, they can report you to their member carriers, who can then suspend your access to their networks (and by extension their customers).

The TCPA doesn’t require double opt-in for recurring texts, but the CTIA does. For this reason, we recommend you cover your bases with a double opt-in confirmation text for any marketing-related texts.

Double opt-in means exactly what you think it does: getting consent from customers twice in a row. This means even if recipients offer consent by submitting their phone number, you still need to ask them for consent again and reconfirm their preferences in the first text message you send.

This confirmation text must include:

• A way for recipients to imply consent (like ‘text YES to opt into messages’)
• A description of the messages you’re going to send so recipients know what they’re opting into (like text marketing campaigns or messages for informational purposes)
• How often you expect to message the recipient (like once per month or twice per week)
• The phone number or shortcode customers can use to get help (like ‘reply HELP for more information’)
• Clear opt-out instructions when recipients no longer want to receive messages (something like ‘to stop receiving messages, reply STOP’)

We provide a few examples of CTIA-compliant texts later on in this guide.

Implied consent explained for conversational text messages

In most cases, recipients need to provide you with express written consent before you send any text messages. However, if you’re a small business sending conversational texts, this may not be necessary for TCPA compliance.

Let’s break it down:

• Conversational text messages: Two-way text conversations where the customer is the first person to initiate contact. For example, if you lease apartments and text back and forth with your tenants, you’re engaging in conversational text messaging.
• Implied consent: Your customer messaged you first, which means they want to receive a text back from you. This means you have implied consent and can reply to their message with relevant information.

You also have implied consent if there’s a preexisting relationship between your business and a recipient. If a customer purchased something from you before, for example, you have a preexisting relationship and thereby implied consent — so long as they haven’t asked you to stop communicating with them.

To summarize: if a recipient texts your business first requesting information, you have enough implied consent to respond without additional verbal or written permission.

Just keep in mind your responses must be relevant to the conversation. You can’t start upselling your products if the customer only wants to know about your business hours, for example.

TCPA exceptions

Opt-in consent and implied consent are normally the only two methods of sending TCPA-compliant texts. However, there are a few exceptions depending on your industry.

Businesses in these industries can send the following messages without express recipient consent:

• Financial organizations can send account or security updates to members
• Healthcare companies can send instructions for post-operative care or lab results
• Pharmacies can send notifications regarding subscription fulfillment and availability
• Utility companies and send updates regarding outages, upgrades, or maintenance services
• Educational institutions can send information about closures, absences, and health risks

As you can see, texts sent for emergency purposes don’t always follow the TCPA’s guidelines for consent. However, the CTIA still recommends gaining consent (and honoring opt-outs) for informational texts like appointment confirmations.

8 examples of TCPA-compliant opt-in scripts

What’s the best way to encourage customers to sign up for your text messages? Using a compliant opt-in script to help recipients make an informed decision.

Below are some TCPA-compliant SMS opt-in examples you can adopt for your own company.

1. Hi [name], thanks for visiting our store and signing up for messages. If you would like to receive coupons and promotional texts, reply YES. Replying STOP opts out of all messages.
2. [Business name]: Thanks for being a loyal customer. Reply YES to receive monthly coupons, four messages per month. Send HELP for help. Send STOP to opt out.
3. Thanks for contacting [business name]! Reply YES if you consent to receiving text messages from us. You can opt out of all text messages by submitting STOP MSG.
4. You indicated you would like to receive appointment reminders and informational texts from [business name]. To opt in, reply YES. To opt out, reply END.
5. Thanks for signing up for [business name] messages. By texting YES, you agree to receive four messages per month with exclusive discounts. Find our terms and privacy policy at [link]. Unsubscribe with STOP.
6. Reply YES to receive updates and messages from [business name]. Reply STOP to cancel, and HELP for help.
7. By submitting YES, you are consenting to receive marketing messages from [business name]. Reply STOP to unsubscribe and HELP for more information.
8. Nice to meet you, [name]! By replying YES, you’re indicating you want to receive two-way text messages from our team. You can opt out at any time by sending STOP.

Remember: the first message you send to a customer must contain opt-out information. And don’t forget to send along disclaimers about the type of messages you plan to send (and how often you plan to send them).

How to let customers opt out

Customers should be able to withdraw their consent for text messages by opting out at any time. You can do this in several ways. The easiest and most popular is by letting customers text STOP, QUIT, UNSUBSCRIBE, CANCEL, or something similar to end messaging immediately.

Based on guidelines from the TCPA and CTIA, you also need to:

• Send opt-out instructions at least once per month
• Let recipients request more information about your campaign or business by texting HELP or something similar

You also should avoid generic link shorteners to send opt-out info or any other details and instead use branded links using tool like Rebrandly so carriers don’t accidentally filter your messages.

Once a customer decides to opt-out of your messages, you should send one final text to confirm you received their request. Just keep in mind this is the only additional message you can send — it can’t include any marketing or promotional information either.

Here are some scripts you can use to send compliant opt-out information:

• Don’t want to receive these messages from us? Reply STOP to end messages.
• To no longer receive communications from us, reply UNSUBSCRIBE.
• You may opt out of our message campaign anytime by replying END.

We’ve also collected some follow-up scripts you can use to let customers know you got their opt-out request:

• NAME, you’ve opted out of messages from COMPANY. To receive messages again in the future, reply START.
• Sorry to see you go, NAME! Thanks for being a valuable customer. You may resubscribe at any time by replying BEGIN.
• We have received your opt-out request. You will no longer receive messages from COMPANY. Send SUBSCRIBE to opt back into messages.

More on why businesses must follow TCPA’s opt-in/opt-out requirements

Although established in 1991 to combat telemarketing calls, the TCPA now extends to other forms of technology to protect customers and recipients from unwanted contact. This means TCPA texting guidelines aren’t just business texting etiquette — they’re a cornerstone of texting compliance that comes with serious consequences.

As you’ve read, one-to-one conversations are much easier to manage and rarely run the risk of violations. But for organizations sending SMS marketing campaigns, the consequences can be much harder to avoid. Some organizations have paid $1,500 for every text that violates guidelines and suffered additional penalties such as losing access to mobile networks (which means losing thousands of customers). 

This doesn’t include all the negative press you may get from violating the TCPA’s guidelines. You may also develop a negative brand image by sending unwanted messages, making it much harder to grow your business in the future and stay ahead of compliant competitors.

To summarize: if you don’t focus on double opt-ins or honor your recipient’s opt-out requests, you may be risking multi-year lawsuits and fines costing millions of dollars.

Managing TCPA opt-in/opt-out consent at scale

It can be difficult to balance these rules and regulations as your business scales, especially if you’re operating in multiple states or cities with different phone numbers. 

This is where OpenPhone’s platform really shines. Rated as the #1 business phone system for growing teams and enterprises, we’re on a mission to help you build better customer relationships and easily manage TCPA compliance for business calls and texts.

We can help with:

• Adding opt-in and opt-out disclosures to conversational text messages. You can store your favorite message templates as snippets to send compliant messages at a glance.
• Helping customers opt in or out of messages directly on their phones. We automatically share a message anytime a contact opts out or resubscribes on your behalf. 
• Automating TCPA-compliant messages even when you’re not on the clock. You can easily manage compliance across specific touchpoints like delivery or appointment confirmations, or manage one-to-one messages with implied consent using built-in auto-replies.
• Scheduling texts during business hours so you can comply with specific TCPA requirements. With OpenPhone, you can queue messages to go out between 8 AM and 9 PM without having to stay up late or send the messages yourself.
• Completing US carrier registration to lower the risk of mobile companies filtering your messages on their network, including major carriers like AT&T. 

If you’re curious to see why thousands of businesses use OpenPhone, you can sign up for a seven-day free trial to test the platform for yourself. Then, you can port in your existing number(s) to keep every customer touchpoint both legal and compliant.