In this article, we'll discuss SMS compliance and TCPA, as well as best practices and guidelines for text message marketing.
⚠️ The information below should not be relied upon as legal advice. Consult legal counsel to ensure your marketing activities align with the law.
Before You Begin
What is "explicit consent" for SMS marketing?
Your customer actively agrees – by checking an unchecked box or submitting a form – to receive marketing text messages. Verbal agreements, pre-checked boxes, and implied consent don't qualify under TCPA.
Why compliance matters:
Non-compliant SMS can result in $500–$1,500 fines per message, carrier blocking, and loss of your SMS program. A single campaign sent to 1,000 contacts without proper consent = $500,000+ in penalties.
Key resources:
SMS Compliance Checklist: 8 Rules to Follow
Sending non-compliant SMS will get your sender number blocked by customers and carriers, losing you revenue and deliverability.
Follow these 8 rules:
Acquire explicit consent. Customers must opt in to SMS separately from email. Providing a phone number alone is not enough.
💬 Find out more in the SMS opt-in collection guide.
Explain what messages they'll receive. If they opt in for Order Confirmation, don't send promotions. Clearly state "weekly updates," "promotional texts," or "cart reminders."
Provide automated opt-out. Customers must be able to reply STOP to unsubscribe.
💬 Learn how customers unsubscribe from SMSSend engaging content. Include incentives, discounts, or sale notifications – not just announcements.
Avoid SHAFT content. Do not include illegal actions, drugs, abuse, adult content (nudity, profanity), hate speech, or gambling-related materials.
💬 How to make sure your SMS messages get deliveredRespect time zones. Send messages between 9 AM and 9 PM in the recipient's local time.
Don't overwhelm customers. Limit campaign frequency and adjust Automation Workflow settings to avoid message fatigue.
If sending to the EU: Follow GDPR requirements.
💬 GDPR Compliance Guide
TCPA Compliance
The Telephone Consumer Protection Act (TCPA) is a 1991 U.S. federal law that restricts telemarketing communications, including SMS, voice calls, and faxes.
Penalties:
$500 fine per non-compliant message
Up to $1,500 per message if the court finds intentional violations
Example: A single campaign sent to 1,000 contacts without proper consent = $500,000 in fines
What TCPA requires:
Express written consent before sending marketing SMS
Clear disclosure of message frequency, purpose, and opt-out instructions
Automated STOP keyword processing
💬 Read the full guide: Meet TCPA Requirements for SMS Marketing in US/CA
CTIA Regulations
The Cellular Telecommunications and Internet Association (CTIA) represents U.S. wireless carriers like AT&T, T-Mobile, and Verizon.
Unlike TCPA, CTIA isn't federal law – you can't be sued for violations. However, violating CTIA guidelines can result in your SMS program being shut down by carriers without notice.
Key CTIA requirements:
Respond to STOP, HELP, and resubscribe keywords automatically
Use approved content formatting
Avoid spam-like behavior (sudden volume spikes, irrelevant messages)
⚠️ Important: Not all customers will reply STOP when they want to opt out. No matter what channel they use to contact you (email, phone, chat), process their opt-out request immediately.
Privacy Policy Requirements
You need separate SMS terms and conditions – distinct from your general website terms.
Your SMS privacy policy must include:
What type of messages customers will receive (promotional, transactional, reminders)
How you'll use phone numbers (marketing, order updates, support)
Who you share phone numbers with (third parties, affiliates, or no one)
How to opt out (reply STOP, unsubscribe link)
Where to display it:
Link prominently on signup forms (next to SMS opt-in checkbox or within Legal Consent block)
Host on your website (Omnisend doesn't store privacy policies)
Include in marketing materials, digital or printed
💬 Find more info about Privacy settings in the SMS opt-in collection guide.
Example placement:
⚠️ Troubleshooting Verification Rejections
If your toll-free verification is rejected for "TCPA/SHAFT reasons," check:
Consent language must explicitly state "marketing" or "promotional" SMS messages
Opt-in checkbox must be unchecked by default
Include required disclosures: "Consent not required for purchase," msg/data rates may apply, frequency, and STOP instructions
Business contact email must match your website domain (no Gmail/Yahoo addresses)
Screenshot must show the consent form clearly on your live website
For SHAFT rejections (sweepstakes, gambling, etc.) or unclear reasons, contact Support with your Brand ID for manual review.
Summing Up
Compliance with SMS marketing regulations protects you from legal action, financial penalties, and carrier blocking. Being compliant also builds trust – customers expect personalized communications, transparency, and secure data handling.
Following compliance best practices allows you to strengthen customer relationships without exposing yourself to legal risk. Always remember: for SMS marketing to work, it must first be compliant.
FAQ
What is TCPA express written consent?
TCPA express written consent is documented permission where a customer actively agrees – by checking an unchecked box or submitting a form – to receive automated marketing text messages. The consent must clearly explain what messages they'll receive (e.g., "promotional texts," "cart reminders"), include required disclosures (consent not required for purchase, msg/data rates, frequency, STOP instructions), and be stored on record. Omnisend collects this through signup forms with the TCPA Legal Consent block.
Can I use one checkbox for both email and SMS opt-in?
No. SMS requires a separate, explicit opt-in with TCPA-specific disclosure language. A combined checkbox that says "I agree to receive marketing via email and SMS" does not meet TCPA requirements because it doesn't clearly state that the customer is agreeing to receive automated marketing text messages.
Best practice: Use one checkbox for email consent and a second checkbox (or Legal Consent block) specifically for SMS that includes required TCPA language.
Does my business phone number need to be on my website?
You must provide your business contact phone number during toll-free verification. While TCPA doesn't explicitly require it to be publicly visible, some carriers may reject verification if it's not easily accessible.
Best practice: Add your business phone number to your Contact page or website footer. If verification is rejected, this is often the missing element.
Is SMS double opt-in required by law?
No. TCPA requires express written consent (single opt-in with proper disclosure language), not double opt-in. Some states like Texas have additional SMS regulations, but Texas Senate Bill 140 does not mandate SMS double opt-in – it requires express consent, clear disclosures, and opt-out compliance.
Omnisend does not currently offer automated SMS double opt-in, but you can implement it manually by sending a confirmation message after signup and asking the customer to reply "YES."
What happens when a customer replies STOP?
Omnisend automatically processes STOP replies and unsubscribes the contact from all future SMS campaigns and automations. Recognized keywords include STOP, UNSUBSCRIBE, CANCEL, QUIT, END, OPT OUT, OPTOUT, OPT-OUT, and STOPALL.
An automatic confirmation message is sent to the customer, and their SMS status changes to "Unsubscribed" immediately. You don't need to take any manual action.
For any additional help, please reach out to our Support Team using the in-app chat or by sending an email to [email protected].