Share to
Everyone knows that SMS is the most powerful and accessible communication channel for engaging your customers. In fact, people are 35x more likely to read a text message than an email.
But even knowing all that, getting started with SMS can be challenging. SMS compliance rules and regulations, particularly in the U.S., can make your life difficult if you don’t understand them. Whether it’s laws like the Telephone Consumer Protection Act (TCPA) or requirements from industry regulators and wireless carriers, you need to know your stuff. These regulations and guidelines play a big part in protecting customer data and privacy and help create a better customer experience.
Now, we can’t give you legal advice – make sure to talk to your legal team to see how these regulations apply to your specific business. But we can break down the basics and give you an overview of the rules, what they mean, and how to handle them.
First off, in the U.S. there are governmental regulations and policies in place documenting how to send SMS. There are also many different carrier-specific guidelines and, lest we forget, new codes of conduct which aren’t laws exactly, but must be followed. Ignore these codes of conduct at your peril! Your campaigns will either never launch or end up blocked in carrier or aggregator filters. There are the main frameworks you need to know:
If you take away one thing from this blog, remember the three most important aspects of compliant A2P messaging: consent, consent, consent! All these rules exist so that customers only receive the communications they want. To ensure this happens, the CTIA Messaging Guidelines say that all A2P messaging requires customer consent. Here’s a breakdown of the how’s and why’s of consent:
An opt-in is when you ask customers if you can message them, and they say yes. You need to be clear about what they can expect – as in the type of message do you intend to send, and for what purpose.
Note, you can’t repurpose an opt-in for one kind of communication for other kinds of communications. For example, a user who gives you consent to receive a one-time password (OTP) via text message is not consenting to marketing texts.
You want to keep in mind five key questions from the customer’s perspective, and the answers should be clear:
To make sure all these questions are answered, we recommend a strong call to action (CTA) for every campaign. A strong CTA is the springboard to a successful program, describing the program and instructing potential users how to participate. The required components for a successful CTA differ depending on the media it’s published in. However, there are certain aspects that carriers look for in all CTAs:
Note: Although single-message programs aren’t required to display “HELP” and “STOP” keywords, they should still support HELP and STOP commands.
The best practice for confirming opt-ins is to document them all for a minimum of 90 days. It proves that you’ve received consent to message the destination number. Better safe than sorry!
Many companies use double opt-ins: sending a customer a message after the initial opt-in reminding them that they’ve signed up and asking them to respond and confirm their consent with a keyword (e.g., Y, Yes, OK, Begin, etc.). This isn’t an industry rule, but it is a best practice – and you want to be the best, don’t you?
A consumer’s opt-in must be confirmed in the first message sent to the consumer for all recurring programs. Brands must state explicitly to which program the consumer enrolled and provide clear opt-out instructions.
Here’s an example of a confirmation MT for a recurring program:
Even if a customer agrees to let you message them with an opt-in, they can always change their mind – and you need to make it easy for them to do just that.
The most common and minimum required opt-out method is to let consumers respond to an SMS with the text “STOP” – but there are other ways to do it. FCC states that customers must be able to opt out through “any reasonable means.” This could be a phone call, a text message, a web form, etc. – as long as it’s not too complicated for the user.
It needs to be very clear how the customer can opt out.
And you need to make sure you acknowledge that request.
Shortened URLs are a great way to make a message more concise, but there are some important rules and best practices you should follow to ensure successful message delivery and offer a good user experience.
When sending your 10DLC and TFN campaigns, never use shared public URL shorteners (e.g., free TinyUrl or Bitly links).
U.S. carrier policies strongly discourage using them and might filter or block messages containing this type of URLs because they’re often used for illegitimate purposes like spam, fraud, and more.
When sending SMS or MMS messages containing shortened URLs to users in the United States, use your own dedicated, branded domain.
TCPA compliance also requires that you recognize “quiet hours” in the recipients’ time zone. This means you are prohibited from any telephone solicitation anytime before 8 am and after 9 pm (note that certain states have more restrictive rules).
SHAFT is a handy acronym to help you remember types of content which are either forbidden or subject to special rules.
Note: Some of this content (such as “adult” businesses like nightclubs, bars that serve alcohol, and firearms or tobacco sales) may be allowed by certain carriers if a campaign is submitted and approved in advance and a functioning “age-gate” is in place.
This may seem like a lot to digest, but the most important step to SMS compliance is knowing the rules. But to keep it simple, remember these main takeaways:
And make sure to consult your legal team to see how SMS compliance laws and regulations affect your business specifically.
Learn more about the Sinch SMS API, or contact us to schedule a time to talk to a Sinch expert.