10DLC vetting tips and tricks


Katherine Childers


Bandwidth is now having all our new 10DLC campaigns vetted by our aggregator in order to ensure campaigns are compliant with the wireless carriers’ codes of conduct. Over the past few weeks, we’ve seen several trends in rejections that customers are commonly getting. We want to provide more clarity and insight into them so that you’re able to successfully register your campaigns as smoothly as possible.

Most common rejection reasons

  • Call to Action (CTA)
  • Opt-out message
  • SHAFT-C content
  • Privacy Policy
  • Lack of a website or online presence
  • Non-compliance with Know Your Customer (KYC) guidelines
  • Content attributes
  • Sole Proprietor campaign

Call to Action

We often see campaigns rejected for an insufficient Call to Action (CTA) section. This section should contain a clear and concise description of how an end user signs up to receive messages. Opt-in must be 1 to 1, can't be shared with third parties, and can't be implied. It must be clear, conspicuous, and can't be obscured within the terms & conditions and/or other agreement(s).

Examples of how to get users to opt in:

  • Entering a phone number through a website
    • Example: Customers opt-in by visiting www.examplewebsite.com and adding their phone number. They then check a box agreeing to receive text messages from the example brand.
    • Note: If using a website to collect opt-in, our aggregator should be able to find where on your website the customer is opting in. If this is missing, the campaign will be rejected.
  • Clicking a button on a mobile webpage
    • Note: Please ensure that a website is provided somewhere in the campaign registration (in the brand details, campaign description, or the sample messages) if this is where the opt-in is being collected.
  • Sending a message from the consumer’s mobile device that contains an advertising keyword
    • Example: Consumers opt-in by texting START to (111) 222-3333.
    • Important: If consumers can opt in by texting a keyword, the response should include the brand name, confirmation of opt-in enrollment to a recurring message campaign, how to get help, and a clear description of how to opt out. 
  • Signing up at a point of sale (POS) or another message sender on-site location
  • Opting in over the phone using interactive voice response (IVR) technology.
    • Example: "Bandwidth: You’re now opted-in to our platform notifications. For help, reply HELP. To opt out, reply STOP."

Additional notes on Call to Action:

  • All traffic on behalf of a business, entity, or organization is required to have prior opt-in/consent.
  • If a Call to Action mentions the opt-in that's collected on a website, the website must be provided. If it's not provided, the campaign will be declined.
  • Even if the Call to Action mentions opt-in that's collected elsewhere, lead intake forms on the brand's website will be reviewed. If the phone number field is required, the disclaimer about the SMS opt-in must be included. Otherwise, the campaign will be declined.

Opt-out message

Acceptable opt-out language must include at least one of the following words: end, stop, unsubscribe, or arret (French). If you’re using an opt-out phrase, it must be separated by spaces (i.e., STOP2END is not acceptable; it should be STOP 2 END). Please ensure that at least one of your sample messages shows your opt-out.

Example: "[Insert Business Name:] ​You have an appointment for Tuesday at 3:00 PM, reply YES to confirm, NO to reschedule. Reply STOP to unsubscribe."

SHAFT-C content

The following types of content are prohibited on 10DLC: CBD, Cannabis, Sex, Hate, Alcohol*, Firearms, and Tobacco*. It’s also not allowed to be on the customer's website at all. 

*Alcohol and Tobacco can be supported with robust age-gating and proper opt-in.

Example: If a chiropractor's office has CBD oils on its website, the campaign will be denied even if not directly related to CBD marketing.

Privacy Policy

Per CTIA Guidelines, message senders are to maintain a privacy policy that is easily accessible by the consumer. The privacy policy should be referenced in the call-to-action/opt-in when submitting a campaign for vetting.

There may be a denial for privacy policies if there is no policy present, or if the privacy policy is non-compliant. If a privacy policy is non-compliant, it is generally due to the sharing of consumer information with third-parties for marketing purposes.

Best practice for privacy policies would be ensuring a privacy policy is present, and that the consumer information is not being shared with third-parties for marketing purposes.

Lack of a website or online presence

Please make sure to include any website or online presence the customer has. This can include a social media page, as long as our aggregator can access it and verify the business is who they say they are. Even if the customer avoids putting their website, our aggregator will search for the business to see if there’s any associated website. If there’s prohibited content on their website, the campaign will be rejected.

Non-compliance with Know Your Customer guidelines

Make sure you’re following proper Know Your Customer (KYC) guidelines for the campaign. The brand needs to reflect who will be sending the message to the customer, not the software behind the delivery.

Remember that the brand is the message sender. The Employer Identification Number (EIN) and company information should reflect the message sender, not you as the reseller.

Content attributes

Please make sure your content attributes are correct while setting up your campaign.

Note: These fields can’t be changed, so a brand new campaign will have to be submitted if you’re rejected for any of these reasons.

Example: If a customer selects "no" for the embedded link, but the sample content provided clearly shows links, they’ll need to resubmit their campaign with "yes" selected for the embedded link.

Sole Proprietor campaign

Not all carriers are accepting these types of campaigns at this time, so they’ll be automatically rejected. You’ll then be charged the $15 fee and will need to resubmit them at a later date, so please hold off on submitting any new Sole Proprietor campaigns until Bandwidth provides further notice.

To learn more about 10DLC registration best practices and how to overcome campaign vetting rejections, please see 10DLC registration best practices and vetting rejection reasons.

Article is closed for comments.