It's no secret that SMS -or text- messaging is one of the most trusted and convenient communication tools in the marketing toolbox. But how do you leverage its popularity correctly? Follow the following principles before sending your next campaign to stay compliant. 

Gathering the right type of consent

Aside from digital etiquette, there are two SMS messaging laws enforced in the US that set the playing field for your business: the Telephone Consumer Protection Act (TCPA) and the CAN-SPAM Act. These rules are upheld by four major regulatory bodies you may have heard of: the CTIA, MMA, FCC and FTC. 

The main part of these laws all revolve around making sure you have your audience's consent to message them. The type of consent you need may vary by depending on the content you're trying to send. Check the table below to find what type of consent you need.

Types of messaging content and associated consent principles





Back and forth conversation that takes place via text

messages regarding existing transactions or relationships, such as delivery notifications.

Messaging when user shares phone number and asks to be contacted in the future

Sales or marketing promotion

Two-way conversation

First message sent by user

One-way conversation. First message sent by business

One/two-way conversation

First message by user or business

One way alert

First message by business

For a particular request

For system updates

Contains information

Promotes a product/service

Implied consent

Implied consent

Express consent

Express written consent

Implied consent refers to an individual providing or disclosing their contact information to a business, thus permitting consent.
Express consent refers to an individual explicitly agreeing to receive electronic communications from a business.
Express written consent doesn't necessarily require a paper signature but rather consent that is documented and saved. 

1.1 Ways you can gather consumer opt-in

If you're trying to launch an SMS campaign, there are a few different opt-in mechanisms you can use. Consumers can demonstrate consent in several ways such as:

  • Entering a phone number through a website

  • Clicking a button on a webpage

  • Sending a message from their mobile devices that contains an advertising keyword

  • Initiating the text message exchange in which the message sender replies to the consumer only with responsive information

  • Signing up at a point-of-sale (POS) or other on-site location

  • Opting-in over the phone using interactive voice response (IVR) technology

If you need express consent, make sure to document your user's consent by retaining relevant opt-in information where applicable such as the timestamp of consent, acquisition medium and the identity of the individual who consented. Be a responsible sender, do not use opt-in lists that have been rented, sold, or shared to send messages. 

1.2 Double opt-in

The best practice is to obtain a secondary opt-in, or “double opt-in”. Particularly in cases where the original consent was collected outside via another channel. For example, if you'd like to send an SMS campaign to someone who has opted in to marketing communication emails. You can confirm the opt-in via the channel you'd like to reach your audience on, in this case via a text message.

Examples of double opt-in:

  • “Reply Yes to confirm that you want to receive text messages from {Business Name}, 
    Reply STOP to unsubscribe”

  • “{Brand Name}: Reply YES to confirm receiving SMS/MMS messages {Link to Terms of Service} 
    Reply “STOP” to unsubscribe”

1.3 Send the correct confirmation for recurring messages

For recurring campaigns, you should provide consumers with a confirmation message, immediately after opt-in, that includes:

  • Your program name or product description

  • Customer support contact information

  • Instructions to opt-out

  • Disclose that the messaging are recurring and how frequent they are

  • Any associated charges and how those are billed

1.4 Consumer opt-out

For any SMS campaign, your audience reserves the right to opt out of receiving your messages. That means you have to provide a way for users to opt-out and you have to observe their opt-out requests: 

  • Acknowledge and honour opt-out requests by sending one final opt-out confirmation message per campaign. No further messages should be sent afterwards

  • Ensure that consumers can opt-out at any time

  • You should support multiple mechanisms of opt-out (user can opt-out via a phone call, email, text etc.)

  • You should state in the message how and what words affect an opt-out e.g. STOP. However, opt-out requests with normal language (i.e., stop, end, unsubscribe, cancel, quit, “please opt me out”) should also be read and acted upon by the sender. Punctuation, capitalization, or some combination thereof must not interfere with opt-out keyword functionality

Message streams that result in excessive complaints or opt-outs typically indicate an unwanted message (or SPAM) campaign and either the phone carrier or messaging platform you're using may discontinue you campaign.

1.5 Privacy policy

It's a best practice to maintain and display a privacy policy that is easily accessed and understood by the user, and that clearly describes how your business collects, uses, and shares the information your users provide. Make sure that your privacy policy is consistent with the applicable privacy laws.

Write the right content

2.1 Include a clear and conspicuous call-to-action

A call-to-action (CTA) is an invitation to a consumer to click into a next step (such as 'sign up' or 'buy now'). CTAs shouldn’t contain any misleading or deceptive language. Make sure the CTAs in your messages immediately make clear to your users what it is they're clicking on.

2.2 Prevent unwanted, unlawful or deceptive content

You should always use reasonable efforts to prevent unwanted or unlawful messaging traffic. Take steps to monitor your campaigns for:

  • unlawful, abusive, malicious, misleading, harassing, obscene, or defamatory content

  • content that is deceiving or intending to deceive e.g., phishing messages to access private information

  • content that invades privacy or causes safety concerns

  • content incites harm, discrimination, or violence

  • content that does not meet age-gating requirements

Also make sure that your messaging content isn’t misleading and complies with the FTC Truth-In-Advertising rules. 

2.3 Correctly format your embedded website links

Website links embedded within a message have to indicate the sender’s identity and cannot contain wording in the URL link that intends to harm or deceive. Different from other regions, it's illegal to use public URL shorteners while sending the US. The exception is URL shorteners that are dedicated to the exclusive use of the sender (such as the Burst SMS tracked link option).

Websites where recipients are redirected must have an unambiguous website owner, include contact information with a postal mailing address and have a conspicuously-accessible privacy policy.

2.4 Do not engage in snowshoe messaging

Absolutely do not engage in Snowshoe Messaging, which is a technique used to spread messages across many phone numbers or short codes. Instead, send your messages from a dedicated virtual number unique to your business.

2.5 Check that your campaign content isn't prohibited

You may not use short codes for affiliate lead and/or commission generation. Carriers may block or terminate messaging campaigns determined to be affiliate-related. Furthermore, the following content types are disallowed, unless prior approval is sought from the users you're trying to engage with.

  • Lead generation campaigns that share the collected information with third parties

  • Loan advertisements except messages from direct lenders for loans already secured by the recipient

  • Debt collection

  • Credit repair or debt relief

  • Cannabis or illegal prescriptions

  • Gambling

  • Work from home programs, job alerts from third party recruiters or risk investment opportunities

Send from the right number type

All of your SMS campaigns are delivered from a virtual mobile number. As of June 2021, you will need a dedicated number unique to your business to send your campaigns from. There are a couple of options when it comes to dedicated virtual numbers:

3.1 Dedicated short codes

A dedicated short code (short code) is a five- or six-digit number, unique to a brand, to and from which text messages can be sent from and to your audience. A short code shared by two or more brands is prohibited. Short codes are designed for high throughput and two-way communication. 

3.2 Toll-free numbers

Toll-free numbers (TFN) start with 8xx and allow sending or receiving A2P messages. They have high throughput like short codes.

3.3 10-digit long code (10DLC)

10DLC, or 10-digit long code, is a new industry-led long code for A2P messaging. 10DLC is the recommended solution for marketing. AT&T and T-Mobile assign throughputs per brand based on the risk profile of campaigns.


Toll-free number

Short code


Ten-digit number for A2P use, unique to a brand

A2P SMS via toll-free number (i.e. 8xx) 

Five to six digit number, unique to a brand






Yes; 2-3 weeks


Yes; 2 months





If you need more guidance on SMS campaign compliance and want to ensure you’re abiding by text marketing laws, check out our SMS SPAM Compliance Masterclass or raise a ticket to our support team via the menu at the top of your screen.