Businesses looking to send SMS messages in the US must adhere to specific regulations and guidelines.

The following explanation is comprehensive, as businesses often approach us wanting to send texts that may not be approved.

Our response to such enquiries has three aspects:

If a case can be made on your behalf to legally send texts, we’ll make it. We’re willing to proceed with edge use cases where we think there’s a reasonable likelihood of success.
We operate within the US regulatory framework and where relevant our Know Your Customer (KYC) checks help us ensure our customers are legitimate. Fines for unlawful SMS in the US can be as high as $2,000 per text message, so we treat this very seriously.
An increasing trend (in 2024) involves algorithms used by aggregators or networks to identify spam, potentially flagging campaigns as suspicious. Their exact criteria are not known but increasingly AI driven. The SMS bounces in this case.

For legitimate intended uses, it's still important to complete the application form fully and accurately with the best intention for it to reflect the spirit of the actual messages expected. Our forms contain examples that should be carefully considered and amended to use.

Examples of problems that cost our customers both time and money in getting campaigns approved or in getting campaign SMS delivered are:

Not having clear, explicit opt-in check boxes that are for SMS separate to email.
Failing to display the required terms and conditions on the Call to Action (CTA) page.
Not making necessary changes to privacy policies.
Applying for a use case or with example messages and then sending different message types – these will almost certainly not get delivered.
Not providing as many different SMS examples as possible if there is a likelihood of sending different use cases.
Using a public URL shortener like bit.ly, or even using an internal or our Dotdigital shortener but then resolving it through a public shortener.
Not testing a campaign before sending to at least each of the main three networks; AT&T, T-Mobile, and Sprint.

SHAFT-C

The Cellular Telecommunications and Internet Association (CTIA) in the US provides guidelines for handling SMS content related to sex, hate, alcohol, firearms, tobacco and cannabis, collectively known as SHAFT-C.

Hate speech is never permitted, however, other SHAFT-C categories may sometimes be acceptable if businesses meet certain conditions and receive network approval.

Cannabis and CBD oil are legal in many states but illegal at a federal level. Since it’s not possible to know the location of a mobile at the moment it receives a message, it’s therefore not possible to send any of these messages by SMS. This includes kratom or drug paraphernalia. It applies to any SMS linked to these sites, including 2FA and pure delivery of parcel SMS.

Tobacco, vape, and e-cigarettes, although legal, are prohibited for all SMS messages, regardless of age restriction.

Other prohibited and disallowed content

In addition to SHAFT restrictions, there is other content disallowed by the carriers, for example:

Spam
Fraudulent or misleading messages
Depictions or endorsements of violence
Inappropriate content
Profanity or hate speech.

Special use cases that are not permitted or that require extra authorisation from T-Mobile or AT&T:

High-risk financial services, such as cryptocurrency, payday loans, or loans from non-direct lenders.
Debt forgiveness programmes, including credit repair, loan, consolidation, or debt relief.
A debt collection business that has direct consent from their end-users is acceptable
Endorsing or linking SMS messages to illegal substances like cannabis or illegal prescriptions.
Work and investment opportunities, including work-from-home programs, pyramid schemes, multi-level marketing, or job alerts provided by third parties.
Lead generation, deceptive marketing, or affiliate marketing that involves sharing collected information with third parties.
SMS for Work from home and make $$$ or investment schemes.
Gambling, including sweepstakes and contests.
Free-to-end-user programmes.
Some limited adult content.
Prescription drugs.
Charitable donations.
Emergency notifications.
M2M messages.
Abandoned cart reminders.

Full list of currently restricted content:

Carrier	Prohibited content
All Tier 1 carriers	SHAFT Sex, hate, alcohol, firearms or tobacco. SPAM, phishing, fraudulent or misleading messages. Gambling. Promotion of anything which is not federally legal. Shared short codes or long codes. Competing products and services to the carriers. Affiliate marketing programmes or content providers. Sharing subscriber information with third parties. Lead gen programmes or content providers. Marketing products or services that the content provider does not offer themselves or sell directly.
AT&T	Credit repair. Deceptive marketing. Work from home, secret shopper programmes. Distribution of malware or app downloads from non-secure locations. Loan, debt consolidation, debt relief, and student loan from indirect lenders, including loan advertisements. Abusive messaging. Messaging content that deceives or threatens consumers.
Verizon	Collections or past due messages. Programmes that group the subscriber’s opt-in consent with another action or form of consent. For example, `By completing this purchase you agree to receive SMS messages`.
T-Mobile	High-risk financial services Payday loans. Short term-high interest loans. Auto loans by a third party. Mortgage loans by a third party. Student loans. Debt collection. Debt forgiveness Debt consolidation. Debt reduction. Credit repair programmes. Illegal substances Cannabis Illegal prescriptions Work and investment opportunities Work from home programmes. Job alerts from third party recruiting firms. Risk investment opportunities. Other Gambling. Any other illegal content. Lead generation, including the sharing of collected information with third parties. Campaign types that are not in compliance with the recommendations of, or are prohibited by, the CTIA Short Code Monitoring Handbook, v1.7 or later. Campaign types that are not in compliance with the recommendations of, or are prohibited by, the CTIA Messaging Principles and Best Practices, 2019 version.

Recommendations related to prohibited content

Apply for a dedicated short code or 10DLC:
We have more guidance and experience with finding a way to get approval for edge cases and SHAFT-related content than on toll-free.
Required consent and disclosure practice that is even more relevant in these cases:
- Obtain express written consent from recipients before sending SMS messages.
- Provide clear and conspicuous disclosure of the consent agreement.
- Offer a regular opt-out mechanism for recipients.
Implement age gating.

Age gating

For industries involving age-sensitive content, registration for SMS campaigns must be placed behind an age gate that requires users to enter their full date of birth.

Examples that Dotdigital have assisted with include alcohol and firearms accessories (never firearms themselves).

To comply:

Verify the recipient's age before providing access to age-sensitive content or promotional materials. Recipients must actually enter their date of birth, not just select Yes to confirm.
Verification using ID such as a passport is not required.
Maintain a database of verified recipients.
Avoid using sensitive keywords in initial messages: don’t include words related to your business vertical in the initial SMS campaigns until the age gate has been entered and the legal age has been confirmed.

Abandoned cart reminders (ACN)

Abandoned cart reminders are highly attractive messages with the potential to recover revenue. There are some restrictions to be aware of to ensure you are compliant when sending these messages:

The call-to-action must clearly state the campaign includes an abandoned cart reminder.
The recipient must double opt-in to receive these - first on the website and then through a reply to an SMS they receive.
The application form we ask you to complete details the requirements for this.
Each opt-in must clearly state that the program includes abandoned cart reminders.
No more than one reminder text can be sent for each abandoned cart, and this must be sent within 48 hours of the abandonment.
The SMS must not result in the ecommerce site accepting approval for payment, through a keyword or otherwise, or completing the sale or collecting payment. Consumers must complete the transaction by processing payment themselves through a direct URL.

These requirements apply for short code, 10DLC and toll-free SMS.

The sections below cover specific requirements to include in your ACN application and to follow in your campaigns.

Abandoned cart reminders - Terms of service

In addition to the standard terms, when there is an ACN the terms must include these statements, preferably as bullet points:

Opted in customers will receive SMS/MMS messages for alerts, events, promotions and abandoned cart reminders.
Abandoned cart reminders will be sent within 48 hours and be limited to one SMS per unique abandoned cart.
Your consent to receive marketing messages and abandoned cart reminders is not required as a condition of purchasing goods or services.

Abandoned cart reminders (ACN) - Privacy policy

If an SMS program includes abandoned cart reminders, the privacy policy should clearly explain how the ecommerce website identifies and tracks abandoned carts to trigger such reminders.

For example:

COMPANY NAME automatically collects information when visiting our website, which may include cookies, third-party tracking technologies, and server logs. A cookie is a string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the website each time the visitor returns. COMPANY NAME uses cookies to determine when a visitor's cart has been abandoned and to keep track of the items placed in the cart, as well as to perform other crucial ecommerce capabilities.

This example is provided for reference only. You must seek your own legal or regulatory advice when creating or updating your privacy policy.

Sweepstakes and contests

A sweepstake is a legal game that includes a prize, and a game of chance. No consideration is allowed.

The definition of a sweepstake includes anything with a prize component regardless of the method of prize delivery.

A contest is a promotional mechanism that includes a prize, and a game of skill. Consideration is allowed, but there cannot be any element of chance.

Some details to note:

For sweepstakes, you must provide a copy of all official rules and guidelines and the in market call to action that is used.
Services viewed as sweepstakes or contests include:
- any service where points or prizes are awarded
- reverse auction
- skills games (Sprint network)
- IVR voting (Sprint network)
Sweepstakes and contest rules must be present on the website and must include, but are not limited to:
- Rules must be prominently located on the website associated with the sweepstakes.
- Rules cannot be generic – that is, covering multiple sweepstakes of a type that may run in connection with a program – but must relate to an actual sweepstakes.
- Name and contact information for sponsor.
- Any eligibility restrictions applicable to participants or winners, such as state of residence.
- Description of means of entry.
- Date(s) the prizes will be awarded.
- Description of prize(s).
- Method of awarding prize(s).
- Description of how the winner(s) will be contacted and method for obtaining a list of winners.
- Who is eligible for sweepstakes and how the winner is selected?
- Age restrictions.
- Free method of entry.

Donations

Donations require a call-to-action (CTA) and opt-in policy that is clear and applied consistently.

The following must also be provided:

A valid CTA and clear product description within the SMS terms of service which clearly discloses that donations will be solicited.
Example outbound SMS of donation messaging, including the URL.
There must be additional transparency on the organisation donated to:
- organisation name
- organisation website.
End user information must not be shared with third parties or like-minded organisations. This should be confirmed in the privacy policy page. It is suggested to add the approved carrier language to the privacy policy page: The above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Political SMS programs

Political campaigns require a CTA and opt-in policy that is clear and applied consistently.

If the political campaign also supports donations, the following must be provided as well:

A valid call-to-action and clear product description within the SMS terms of service which clearly discloses that donations will be solicited.
Example outbound SMS of donation messaging, including the the URL.
There must be additional transparency on the political entity:
- Politician or organisation name
- Politician or organisation website
- FEC ID – required if the candidate or organisation is involved in a federal-level election and donations will be solicited.
- State Committee ID - required if the candidate or organisation is involved in a state-level election and donations will be solicited. In lieu of the State Committee ID, official documentation from a state institution can also be provided as proof that the candidate or organisation is engaged in a state-level election.
End user information must not be shared with third parties or like-minded organisations. This should be confirmed in the privacy policy page. It is suggested to add the approved carrier language to the privacy policy page: The above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Non-content restrictions

Shortened URLs

A brands shortened URL or the Dotdigital URL (dd2.io) are always accepted, but anonymous shortened URLs like bit.ly are highly likely to cause message failures. Public shorteners certainly fail on toll-free and we strongly recommend not using them with 10DLC or short codes either.

Unsupported URLs

This list may not be exhaustive.

bc.vc	is.gd	t.co
bit.do	lc.chat	t.ly
bit.ly	lc.cx	tiny.cc
bitly.com	ow.ly	tiny.url
bitly.ws	rb.gy	tinyurl.com
budurl.com	s2r.co	v.gd
clicky.me	shrtco.de	vurl.com
cutt.ly	slkt.io
goo.gl	soo.gd

Quiet hours

The quiet hours for SMS marketing are between 9pm and 8am.

The USA has up to 3 hours time zone difference within it, so if you do not know the location of your customers, marketing should be complete by 6pm EST and not start before 11am EST.

Push notification compliance

This is distinct from SMS compliance. Push messages are not regulated by the CTIA and TCPA in the way that SMS is.

App owners are responsible for the compliance of their apps, which follow regulations from the FCC in the USA. In Canada, they're regulated by CASL or Canada’s Anti-Spam Legislation.

Learn more in Send SMS in the US 3: Industry bodies.

Compliance in Canada

The SMS industry in Canada is subject to very similar restrictions on the type of programmes as in the USA.

If there are potential borderline use case campaigns you would like to launch in Canada but not the USA, contact us to find out more.

Canadian short codes are ordered through https://www.txt.ca/en/ but we normally take care of this for you.

Canadian (Wireless) Telecommunications Association

The CTA (previously CWTA) is the governing body for all text messaging programmes to protect consumers from unwanted messages. They lay out several specific different requirements for Canada short codes.

All age gated content into Canada must be blocked unless, even with proper age-gating, a special carrier exemption is obtained.

Allowed age gated content in Canada includes:

pocket knives
lighters
non-alcoholic beverages.