Messaging compliance best practices
The following information is not intended to be used as legal advice or as a substitute for consulting your own legal counsel. Considerations may vary depending on the nature of your business. We encourage those sending messages to consult their legal counsel.
This article focuses on the following five pillars of messaging compliance that can help you increase the deliverability of your messaging traffic while reducing the chance of consent audits and SPAM complaints:
- Collect consent
- Identify message senders
- Fully disclose the messaging frequency
- Clearly state opt-out instructions
- Register your traffic
For more information, see the "Non-Consumer A2P Best Practices" section of the CTIA Messaging Principles and Best Practices.
Collect consent
Message recipients must opt into a specific service from an explicitly identified sender. This opt-in, or consent, can’t be shared, sold/bought, or transferred to additional services or senders. For example, obtaining consumer phone numbers from a voter registration list is not a valid form of consent. Consent is granted by one recipient for one service. Carriers expect 1:1 consent records for all message types and those records can be easily pulled in the case of a blocking event.
Only the recipient has the authority to grant permission to senders. Inexplicit consent doesn’t grant the consent collector the authority to extend consent on the recipient’s behalf.
Note: Messaging phone numbers obtained from a shared, sold/bought, rented, or transferred consent list are not compliant. Senders using indirect consent lists have a very high likelihood of receiving a consent audit from our verification partner and/or carrier(s).
Best practices for gaining consent:
- Entering a phone number through a website
- Clicking a button on a mobile webpage
- Sending a message from the Consumer’s mobile device that contains an advertising keyword
- Initiating the text message exchange in which the Message Sender replies to the Consumer only with responsive information
- Signing up at a point-of-sale (POS) or other Message Sender on-site location, or opting in over the phone using interactive voice response (IVR) technology
Best practices for producing evidence of consent:
- Timestamp of consent acquisition
- Consent acquisition medium (e.g., cell-submit form, physical sign-up form, SMS keyword, etc.)
- Capture of experience (e.g., language and action) used to secure consent
- Specific campaign for which the opt-in was provided
- IP address used to grant consent
- Consumer phone number for which consent to receive messaging was granted
- Identity of the individual who consented (e.g., online user name, session ID, etc.)
When a recipient grants a sender consent to message them on a recurring basis, a confirmation message must follow the opt-in. This message must include the following elements:
- Name of the program and/or a program description
- Customer care contact information (e.g., support number, HELP keyword support, informational website link)
- Instructions for how to opt out
- A disclosure that the messages are recurring and the frequency of the messaging
- Clear explanation of any associated fees or charges, and how they will be billed
Identify message senders
The sender of a messaging campaign must be clearly identified in the following places:
- Within the opt-in disclaimer shown to users detailing the nature of the messaging program.
- In the introduction of the first message sent in an interaction. This is evaluated when sample messages are submitted with a campaign brief.
Example: “Hi VOTER, we are from the CANDIDATE for OFFICE campaign office reaching out to remind everyone to go vote on mm/dd/yyyy”
Fully disclose the messaging frequency
Engagement exhaustion is being reported as the top reason for end-user complaints. Carriers have implemented a requirement to disclose to the end user how often they will be contacted. One reason for this was engagement exhaustion due to receiving too many messages in a short amount of time. Consider how many messages a recipient would like to receive from a candidate and/or cause in a single day. For most people, one a day is enough – and for some, even that may be too much.
Example: “By selecting this checkbox you are agreeing to receive campaign updates and news at a maximum of 5 times a month from [BRAND]”
Clearly state opt-out instructions
Engagement exhaustion can also drive recipients to complain to carriers or report messages as SPAM to get them to stop, so it’s critical to provide the opt-out language conspicuously and frequently. Since recipients have the option to opt out of messages even if they have originally opted in to receive them, message senders must use the following guidelines:
- Ensure that recipients have the ability to opt out of receiving messages at any time.
- Support multiple opt-out methods (e.g., phone call, email, text).
- Acknowledge and honor all opt-out requests by sending one final opt-out confirmation message per campaign to notify the recipient that they have opted out successfully. No further messages should be sent following the confirmation message.
- Clearly state in the message how and what words can be used to opt out. These should include the standard “STOP” command, but similar words and phrases (i.e., stop, end, unsubscribe, cancel, quit, “please opt me out”) should also be honored unless a specific word can result in an unintentional opt-out. The validity of opt-outs shouldn’t be impacted by any capitalization, punctuation, or letter-case sensitivities.
Register your traffic
All messaging traffic must be registered to ensure a smooth delivery. Unregistered traffic is at a high risk of being blocked at the Carrier or Provider level, which could result in Carrier fees or fines being imposed.
If a TN is blocked from sending on an unregistered route, we are unable to remediate the TN, even if it is subsequently added to a campaign after the block originally occurred. These blocks can be in place for up to 30 days.
If you’re using a toll-free number, then toll-free verification is required. If you’re using a 10-Digit Long Code (10DLC), you’ll need to register a 10DLC campaign.
Article is closed for comments.