Skip to main content
Latest Articles
Release Notes
Case Studies

SMS Marketing Compliance: 6 Steps to Protect Your Business

Jess Cvija on Aug 9, 2022

The immediacy of SMS marketing creates a unique sense of urgency that can make for a very effective campaign. But SMS compliance mistakes can cost your business a bundle, so it pays to be cautious when crafting your SMS strategy. 

Note: This article is for educational purposes only, and it focuses on U.S. law. Make sure to consult your legal team about specific considerations for your jurisdiction. 

SMS laws vary regionally, from Canada’s Anti-Spam Law (CASL) to the U.K.’s General Data Protection Regulation (GDPR) and many more. In the U.S., marketers must follow the Telephone Consumer Protection Act of 1991 (TCPA). The Federal Communications Commission (FCC) also issues SMS regulations.

The Cellular Telecommunications and Internet Association (CTIA), while not a government agency, conducts regular audits and reports noncompliant businesses to phone carriers, which can block your number if you break the rules. 

SMS compliance and your bottom line

Sending noncompliant messages is a sure-fire way to get your number blocked, both by individual customers and by phone carriers. You lose the ability to reach all your customers, as well as the revenue campaigns could have generated.

Being out of compliance can also lead to hefty fines. Domino’s Pizza racked up almost $10M in fines for sending unsolicited messages. Papa John’s was sued for $250M; they settled for $16.5M. Dish Network paid over $300M for violations.

These cases aren’t uncommon. Businesses can be fined $500-$1,500 for each noncompliant message. Imagine if you sent a noncompliant campaign to even 1,000 recipients; the penalties would add up fast.

6 key steps to compliance

Fortunately, compliance is straightforward when you know the rules. With a little care, you can design a compliant campaign and send SMS messages with confidence. 

Here are four common methods:

  • Texting keywords. Keyword text sign-ups make it simple to give consent. Just ask customers to text a specific word to a phone number to opt in. Using different keywords for specific kinds of messages lets you target messages more easily, and you can choose keywords that reflect your brand’s personality to increase engagement.
  • Sign-up widgets. Many businesses host a sign-up widget on their app or website. Typically, it opens the customer’s mobile inbox, and then they text to give consent.
  • Web forms. A signup form on your website provides a checkbox to affirm consent and presents your terms and conditions, as well as the privacy policy. (Bonus: you can capture and request consent for both email and SMS marketing with just one form.)
  • Paper forms. This is a less convenient approach, but some businesses use it if they send other paper forms in the mail or gather sign-ups at in-person events.

Once you have consent, honor it strictly. Imagine you invite people to text “PLANTPOWER!” to your pizzeria to get marketing messages about vegan products. If you them send discount codes for pepperoni pies, you’re out of compliance, because the consent only covers messages about vegan products. 

2. Provide required disclosures at opt-in

Whatever consent method you use, you must share the following with the subscriber:

  • Company name. Include your company’s legal name or ABN/DBA.
  • Campaign purpose. Say what you will be sending: alerts, marketing messages, sweepstakes, etc. You cannot use consent for one type of campaign for another (like informational versus marketing), so be specific!
  • Message frequency. Give the number of messages you plan to send per month.
  • Message and data rates. Some people must pay to receive messages,and if they click your links, they might use data. Explain that message and data rates may apply.
  • Terms and conditions, as well as privacy policy. You don’t have to include the full text of these documents, but you must tell the subscriber where to find them. 

3. Send an appropriate confirmation message

Each new text subscriber should receive a confirmation message, like this example:

AstraBelle: Thank you for signing up! Use code SMSAstra for 10% off your next order. Msg&Data rates may apply, up to 4 msgs/month. Reply HELP for help and STOP to cancel.

You must include:

  • Your company name or ABN/DBA
  • Expected message frequency
  • Potential for message and data charges
  • Simple instructions for opting out

Make opting out easy. If it’s too difficult, you’re not only violating the law, you’re encouraging people to report your texts as spam, which can lead to phone carriers blocking your number.

4. Publish terms and conditions and privacy policy

You need SMS-specific terms and conditions, separate from your standard terms and conditions. If you don’t have these already, take a look at the example at the end of this post for a template. You’ll likely need to update your privacy policy as well. For example, sharing information like mobile numbers with third parties or affiliates is prohibited.

Post these documents prominently on your website, marketing materials, and other digital and print documents. You want to make it easy for your customers, CTIA auditors, and phone carriers to see that your business is in compliance. 

5. Never send prohibited content

SHAFT stands for the top five prohibited SMS topics: sex, hate (including threats of violence, hate speech, or graphic violence), alcohol, firearms, and tobacco. Texting about these topics could result in an immediate ban, if not legal action, from phone carriers. There are some exceptions for alcohol and tobacco if you do appropriate age verification and tracking. 

You also shouldn’t text about confidential information, cannabis (even if it’s legal in your area), loans or other financial solicitations, and betting or gambling. If you’re marketing for a casino, it’s okay to message about non-gambling services, like an adjoining hotel.

Special rules apply to sweepstakes. In addition to age requirements, which vary from state to state, you must have a separate terms and conditions disclosure on your website for every sweepstakes.

6. Keep every campaign compliant

Once you have consent, you must honor it to remain in compliance, as well as to maintain good relationships with your customers. In addition avoiding prohibited content, keep these tips in mind as you’re creating campaigns and managing your subscriber lists:

  • Include your business name in every message.
  • Make sure every campaign falls within the specific consent provided by the recipients. If you’ve gathered consent for different kinds of messages, be sure your segmentation is targeting the right audience.
  • Include opt-out instructions with every text as a best practice. It’s far better to have customers opt out than to report your messages as spam because they can’t figure out how to unsubscribe.
  • If a customer opts out, they should never receive another message (other than a confirmation that they have been unsubscribed). Be sure your automated messaging platform instantly unsubscribes people who request it. 

Staying in compliance: it’s just good business

SMS marketing compliance is a vital business practice for avoiding fines and lawsuits. But it supports customer engagement and retention too. Every customer wants to receive messages that appeal to them, to be treated fairly, and to keep their private information safe. When you build compliance into your sending practices, you’ll reap the benefits of better relationships without the risk of legal problems.

Compliance is the starting point for SMS marketing. Take engagement to the next level with our best practices for SMS content, coming soon!

Back to Customer.io Blog