Left arrow iconReturn to All Resources

How to prioritize compliance for SMS marketing

9 Minute Read

SMS speech bubble with checkmarks

CordialMake a connection.

What is SMS compliance? For marketers, SMS compliance involves abiding by laws overseeing consent and privacy in relation to consumers receiving texts, aka Short Message Service (SMS) communication, from a business or organization.

Because SMS marketing involves sending messages directly to an individual’s phone, there are strict rules and regulations about what messages you can send and how you send them — and learning, let alone maintaining, SMS compliance can be challenging for any marketing team.

If you’ve determined SMS is a good fit for your marketing, then you’ll need to familiarize yourself with the basics. From understanding regulations that govern how companies can communicate via SMS messaging to following Federal Communications Commission (FCC) guidelines, we’ll detail the various aspects of SMS compliance so you can send marketing messages worry-free.

(Note: Please consult with your legal counsel to make sure your text marketing is 100% compliant.) 

How to maintain SMS compliance with opt-ins

Opt-ins are the most critical aspect of compliance. If you text people without their explicit permission, it’s considered spam and you risk facing legal repercussions. As a marketer, you must receive express written consent from contacts before you can start sending them SMS marketing messages. That consent needs to be clear and straightforward, not buried. 

Present clear language in your terms and conditions to ensure that consent is concisely stated. In addition to physical written consent, your customers can opt in to your SMS campaigns via a few different methods. The two most common are mobile opt-in and web opt-in. 

1. Text-to-join opt-in

One way to have consumers opt in is to have them use their mobile phone to text a keyword to a short code number. You can promote your keyword and short code on advertisements, emails, or ads to encourage people to subscribe to your list. 

Example of compliant opt-in SMS

2. Web opt-in

Using a form or landing page on your website, during a newsletter sign-up or at check-out, you can ask a customer’s permission to send them text messages. They must receive clear disclosure of the text messages they will receive from you, the program details, and agree to receive those messages via a specific phone number. 

When it comes to receiving consent, you can never be too careful. It’s important to remember that a customer giving you their phone number isn’t the same as permission to text. If you use an opt-in form, you should include the program details and state clearly that they are granting permission for you to text them. 

You should always keep compliance and customer experience top of mind. There are certain best practices you can implement to provide a thoughtful experience for your customers, while also reducing friction in the sign-up process. If a user signs up for SMS while using a desktop, they will use the traditional double opt-in process. However, if the user is on a mobile device, they can use single opt-in, eliminating an additional step from the sign up process (giving you the ability to grow your subscriber list quicker). Make sure your messaging partner offers single opt-in functionality for this reason. 

3. Recommended: Single opt-in

One ideal approach is to allow users to sign up via a single, prepopulated message when using their mobile device. An EasyText feature populates the confirmation message for the user instead of requiring them to type it out, creating a streamlined subscription journey and reducing the likelihood of typos. Single opt-in also eliminates the extra step of replying to the confirmation message in order to subscribe, meaning consumers end up with a better experience and you end up with a larger text messaging audience. See how you 

4. Double opt-in

To be sure that you are in compliance with the law and that your customers want to receive messages from you, we strongly recommend that you implement a double opt-in. 

A double opt-in requires a customer to confirm via text message that they would like to receive your communications. Double opt-ins are not required by the Federal Communication Commission (FCC) or Telephone Consumer Protection Act (TCPA) but they are the closest a marketer can come to following the letter of the law. 

Having a customer confirm that they signed up for your SMS program shows additional intent to receive messages and is a much stronger form of consent should the consumer forget that they opted in. Double opt-ins can be as simple as sending an immediate follow-up message that reads “Reply Y or YES to confirm that you want to receive text messages from [Business Name].” 

How to maintain SMS compliance with auto-responder messages

To comply with all regulations for auto-responder messages, you must make sure that each message includes the following attributes: 

  1. Contains content expressly requested by the consumer 
  2. Has no other marketing or advertising information 
  3. Is a one-time only message 
  4. Is sent in response to the specific consumer request 
  5. Subscribers can stop receiving messages from your company at any time by replying with STOP, OPT-OUT, CANCEL, or UNSUBSCRIBE 

How to maintain SMS compliance with opt-outs

Just as important as the opt-in is the opt-out. Opt-out instructions are absolutely required by the FCC. Always include these instructions in a call to action when you ask someone to join your text program.

Every location where you’re opting customers into the program — whether it’s a text to join, an opt-in form, or a sign-up sheet — must include opt-out instructions. It can be as simple as “Text STOP to opt out.” 

Privacy policies and terms and conditions are key parts of SMS compliance, too

Both your privacy policy and your terms and conditions are extremely important aspects of FCC compliance. These documents must include explicit language about how you plan to use subscriber information and provide details about how to opt out of communications. It’s important to find a partner that will help ensure documentation is compliant but it is also recommended that each business also works with a legal expert to ensure all language is airtight. 

At a minimum, your terms and conditions and privacy policy should contain the following information: 

  • Minimum age requirement 
  • Clause about standard messaging rates 
  • The short code(s) messages will be sent from 
  • The frequency of sent message 
  • How to unsubscribe 
  • How subscriber data will be used, including that it won’t be sold to third parties 
  • Where the service is available
  • Supported message carriers
  • Where to get help and support 
  • Notice that terms may change

One common source of complaints is customers who forgot they’d signed up for text messages in the first place. You can avoid any potential issues by promoting your text marketing terms, conditions, and privacy policy in as many places as possible. 

Below are a few important places you can put links to your terms and conditions and privacy policy: 

  • Your website
  • Inside your physical business or on store signage
  • On landing pages and/or preference panels used to collect opt-ins

If you change your terms and conditions or privacy policy in any way, you will want to inform your subscribers via text, and ask them to reply CONTINUE or YES to confirm their continued consent. Not doing so could land you in legal jeopardy if there is a complaint. 

Don’t send prohibited content

Similar to how advertising platforms restrict certain content themes, mobile carriers will not allow certain categories of messages to be sent. The following message types are currently off-limits and are restricted by mobile carriers:

1. High-risk financial services 

  • Payday loans 
  • Non-direct lenders 
  • Debt collection 

2. Debt forgiveness

  • Debt consolidation 
  • Debt reduction
  • Credit repair programs 

3. Illegal substances

  • Cannabis, including CBD 
  • Illegal prescriptions 

4. Work and investment opportunities

  • Work from home programs 
  • Job alerts from third-party recruiting firms 
  • Risk investment opportunities 

5. Other prohibited content

  • Gambling 
  • Any other illegal content 
  • Lead generations indicate the sharing of collected information with third parties
  • Campaign types not in compliance with the recommendation of or prohibited by the CTIA Short Code Monitoring Handbook, Version 1.8 or later 
  • Campaign types not in compliance with the recommendations of or prohibited by the CTIA Messaging Principles and Best Practices (latest version) 

Helpful resources for SMS compliance


The act forbids businesses to send commercial email messages to a mobile phone. CAN-SPAM defines commercial messages as advertisements or promotions for a product or service. 

2. California Consumer Privacy Act (CCPA)

The CCPA secures privacy rights for California consumers, including the rights to: 

  • Know what info a business collects about them 
  • Delete personal information collected about them 
  • Opt-out of the sale of their personal information
  • Non-discrimination for exercising CCPA rights

And the expansion of CCPA via the California Privacy Rights Act (CPRA), which goes into full effect on Jan. 1, 2023, also includes the rights to:

  • Request a business correct inaccurate personal information
  • Direct a business to limit use and disclosure of personal information (e.g., social security number, financial account information, your geolocation data, or your genetic data)

3. General Data Protection Regulation (GDPR)

For any text messages your business wishes to send globally, you will need to adhere to these critical European Union laws. GDPR is very strict about how consumers give consent and opt out, so be sure to read the fine print. Making it easy to opt out is one of the most important aspects of GDPR compliance. That means including an opt-out clause in every message and on your website. 

4. Federal Communications Commission (FCC)

The U.S. Government body that oversees the regulation of SMS marketing

5. Telephone Consumer Protection Act (TCPA)

The TCPA in the U.S. requires that a consumer must have received “clear and conspicuous disclosure” of the text messages they will receive from the organization, and must agree to receive these messages to their specific phone number. 

Communicate more cordially in your SMS marketing

Brands are embracing mobile marketing to engage customers in increasing numbers and in increasingly personal, relevant ways. SMS sits at the heart of that effort, a new frontier in one-to-one communication. We put together this practical SMS marketing guide to help your brand build an effective SMS marketing strategy and drive higher levels of customer loyalty. Download our SMS marketing ebook to gain valuable insights into how to leverage this channel to its fullest.

Key takeaways:

  • Understand the different types of SMS communication and the importance of real-time data with our guide to SMS marketing
  • Learn the difference between long codes, short codes and vanity codes
  • Discover best practices for opt-ins, compliance, message length and personalization
  • Learn from leading brands like Saatva, Mrs. Fields, and mindbodygreen who get SMS marketing right

Get started: Download our SMS Marketing Guide