SMS Campaign Compliance
SMS marketing campaigns are required to follow SMS laws. Sending noncompliant messages may result in having your number blocked, both by individual customers and by phone carriers. You could also face fines and lawsuits.
The laws vary by region
- U.S. campaigns must follow the Telephone Consumer Protection Act of 1991 (TCPA). The Federal Communications Commission (FCC) also has issued SMS regulations.
- Canada’s Anti-Spam Law (CASL).
- U.K.’s General Data Protection Regulation (GDPR) and many more.
The Cellular Telecommunications and Internet Association (CTIA), while not a government agency, conducts regular audits and reports noncompliant businesses to phone carriers, which can block your number if you are not compliant.
What is an SMS Campaign
Any message transmitted via our platforms, regardless of use case or phone number type (e.g., long code, short code, or toll-free) will be considered to be an Application-to-Person (A2P) messaging. For the purpose of this document any A2P message regardless of the amount of outbound phone numbers the message is being sent to, is considered a SMS Campaign.
Your campaigns must follow these guidelines
Note: The following is for informational purposes only, and is focused on U.S. law. Make sure to consult your legal team to ensure that your campaign is compliant with the laws within your jurisdiction. |
Get consent
Here are some common methods:
- Texting keywords. Keyword text sign-ups make it simple to give consent. Just ask customers to text a specific word to a phone number to opt in. Using different keywords for specific kinds of messages lets you target messages more easily, and you can choose keywords that reflect your brand’s personality to increase engagement.
- Sign-up widgets. Many businesses host a sign-up widget on their app or website. Typically, it opens the customer’s mobile inbox, and then they text to give consent.
- Web forms. A signup form on your website provides a checkbox to affirm consent and presents your terms and conditions, as well as the privacy policy. (Bonus: you can capture and request consent for both email and SMS marketing with just one form.)
- Paper forms. This is a less convenient approach, but some businesses use it if they send other paper forms in the mail or gather sign-ups at in-person events.
Once you have consent, honor it strictly. Imagine you invite people to text “PLANTPOWER!” to your pizzeria to get marketing messages about vegan products. If you them send discount codes for pepperoni pies, you’re out of compliance, because the consent only covers messages about vegan products.
Provide the required disclosures during opt-in
Whatever consent method you use, you must share the following with the subscriber:
- Company name - Include your company’s legal name or ABN/DBA.
- Campaign purpose - State what you will be sending: alerts, marketing messages, sweepstakes, etc. An existing consent can’t be for a different type of campaign (Example you have consent to send information can’t be used for marketing).
- Message frequency - Provide the number of messages you plan to send per month.
- Message and data rates - Explain that message and data rates may apply.
- Terms and Conditions & Privacy Policy - You must provide links or instructions where to find them the company Terms and Conditions & Privacy Policy.
Send an appropriate confirmation message
Each new text subscriber should receive a confirmation message.
Example:
John Doe: Thank you for signing up! Be aware Message & Data rates may apply. You may receive up to 10 messages a month. Reply STOP to cancel.
You must include:
- Your company name or ABN/DBA
- Expected message frequency
- Potential for message and data charges
- Simple instructions for opting out
Make opting out easy. If it’s too difficult to ensure you are in compliance with the law, and so people do not report your texts as spam.
Publish your terms and conditions and privacy policy
You have SMS-specific terms and conditions, separate from your standard terms and conditions. You may also need to update your privacy policy also.
Post these documents prominently on your website, marketing materials, and other digital and print documents. You want to make it easy for your customers, CTIA auditors, and phone carriers to see that your business is in compliance.
Don’t send prohibited content
SHAFT Sex, Hate, Alcohol, Firearms, and Tobacco. Texting about these topics could result in an immediate ban, or possible legal action.
You also shouldn’t text about confidential information, cannabis (even if it’s legal in your area), loans or other financial solicitations, and betting or gambling. If you’re marketing for a casino, it’s okay to message about non-gambling services, like an adjoining hotel.
Special rules apply to sweepstakes. In addition to age requirements, which vary from state to state, you must have a separate terms and conditions disclosure on your website for every sweepstakes.
Messaging URL best practices
Oftentimes, bad actors are using common URL shorteners to mask the true nature of their campaigns. As a result, we’re seeing an increasing trend in the messaging industry where messages that use common, publicly available URL shorteners get blocked. Here is the best practices for using URLs to maximize the deliverability of your messages:
Common disallowed URL shorteners
- bc.vc
- bit.ly
- budurl.com
- clicky.me
- goo.gl (Google Drive links are also disallowed)
- Is.gd
- lc.chat
- s2r.co
- soo.gd
- tiny.cc
- tinyurl.com
Note: “Premium” or “paid-for” versions of these URL shorteners are also disallowed.
Ensure every campaign is compliant
Once you have consent, you must honor it to remain in compliance, as well as to maintain good relationships with your customers. In addition avoiding prohibited content, keep these tips in mind as you’re creating campaigns and managing your subscriber lists:
- Ensure your business name is included in every message.
- Make sure every campaign falls within the specific consent provided by the recipients.
- Include opt-out instructions with every text.
- If a customer opts out, do not send another message to the customer of the type you no longer have consent for.