10DLC Messaging Compliance

Email-Texting Messaging Platform

In their commitment to protect their mobile customers from unwanted messages, the major mobile carriers collectively created The Campaign Registry (TCR) and established campaign requirements for business messaging. Every business who messages their customers from a local number using a messaging platform must now have an approved TCR campaign. The industry calls this A2P 10DLC Messaging.

A2P = Application to Person: sending messages from an application to a person’s mobile phone.

10DLC = 10-digit long code: a 10-digit local number like (202) 444-1234

Once you have an approved campaign, it will be assigned to your messaging phone number. Then when you send an outbound message, the mobile carriers recognize that your number is associated with an approved campaign and your message is delivered.  Mobile carriers will not deliver any A2P business messages from a local phone number that does not have an assigned campaign.

Toll Free Messaging has a different compliance mechanism. To learn more, visit our article Toll Free Verification.

During your email-texting onboarding, you will be sent the campaign form with instructions.  We will submit your completed form to The Campaign Registry on your behalf.  Your campaign will then undergo a review.  Here are a few tips to help you get a quick approval.

Website Pre-Requisites

We know it is no small request to make changes to your website.  When your campaign is submitted to the TCR, the messaging aggregator reviews your campaign information as well as your website to make sure everything is in compliance with industry standards. Anything found out of order will result in a rejection. These are standard expectations and you must complete these steps before you submit your campaign.

1. Privacy Policy Requirements

A privacy policy is a statement that describes how a website collects, uses, and manages the personal data of consumers. Your privacy policy will be specific to your business industry and include important details regarding your data collection process.  You may call this statement on your website a Privacy Policy, Terms of Use, or Terms of Service.  Regardless what you name your policy, make sure the following requirements apply.

Easy -To-Find: TCR requires that your website have an easy-to-find Privacy Policy.  It is commonly placed in the website’s footer so that the link is displayed at the bottom of every page.

Mobile Data Statement:  Your policy must explain how you protect the mobile information that you collect.  You must also state that you will not share the consent that you obtain.  Message frequency, data rates and a way to opt-out must be stated.  Please add the following statement to your Privacy Policy.

By providing your wireless phone number to [insert your company name], you agree and acknowledge that [insert your company name] may send text messages to your wireless phone number. Message and data rates may apply. Message frequency may vary. You may opt-out at any time by replying “Stop”. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. Notwithstanding any other statement within this privacy policy, originator opt-in data and consent will never be shared with any third parties.

2. Webforms

If you collect a phone number on a contact form, quote request, point of sale, etc., your form must contain consent language.  Here is an example of a webform consent statement with a checkbox:

I consent to receive text messages and voice calls. Frequency may vary. Mobile message and data rates from your cell phone carrier may apply. I understand I can opt-out at any time by texting Stop.

We recommend that you obtain express consent on your webforms.  To do this, you would disable the submit button on the form. When the consent checkbox has been checked, the button would become enabled.  This ensures that you always know the individual who contacted you has consented to messaging.

You should always track the consent you are granted in their customer, employee or prospect CRM record.

Brand and Campaign Submission

Creating a campaign is a two-step process. First, your brand is created at TCR.  When your brand passes verification, we can then proceed to create your campaign.  For simplification, we combine both steps onto our campaign form.  Please note the following recommendations as you fill out your campaign form:

Verifying your Legal Name and Federal EIN

Your legal company name on file with the IRS must match your EIN. When you registered your company with the Department of Treasury (or IRS), upon approval you were issued a Federal Employee ID Number on the CP575 document that was mailed to your company.  While there is a place on the campaign form for your business DBA, there is a field for your legal company name.  You must enter this exactly as printed on your CP575. The TCR will check your legal name and EIN against the IRS database and will reject the brand if it does not match. We can edit and resubmit your brand, however there is a TCR vetting fee each time we resubmit.  We pass these fees onto you.  Please refer to your CP575 to make sure your legal name and EIN are entered correctly.  TCR requires accurate spelling, punctuation and capitalization.

Brand Vetting:  If you know your legal name and EIN are correct and yet the submission fails, TCR offers a more thorough brand vetting for a $40 fee.  We will submit your brand for vetting upon request.

Aegis Vetting:  If your business will need to qualify for high volume campaigns, you will need to submit your brand for an outside vetting score.  Higher scores qualify for higher messaging throughputs by the mobile carriers.  Entering your DUNS, GIIN or LEI number will help you achieve a higher score.

Campaign Description

Describe how messaging is beneficial to your company, your messaging goals, the type of messaging you will be doing, and with whom.

Call To Action / Message Flow

Here is where you get specific about how your recipients have opted-in to consent to receive messages.  Is messaging defined and consented to in their intake paperwork? Will you collect consent from a website Contact Us page?  Do you record verbal consent either in person or over the phone?  Where is this consent recorded?  Do you employ the Double-OptIn wherein you are granted consent via some means, yet also send a confirmation text asking for a Yes reply to consent again to messaging? Identify and explain the various methods by which your organization obtains consent.

No Website?

If your business operates without a website, you must still have an online presence for your business.  TCR requires that you provide a URL to a platform where you have a business profile.  For example, you might have a business profile on a social media platform like LinkedIn, Instagram, YouTube, Facebook, etc.  On that platform, you must implement all their website requirements.

  1. Your profile must demonstrate to TCR the legitimacy of your business. It must clearly explain the products and services you provide.
  2. You must have a Privacy Policy either in a post you pin to the top, or in your profile’s About section. It must contain the two paragraphs of legal language provided above.
  3. You must have consent language in place anywhere you collect a mobile number.

Prohibited Content

The following types of content are prohibited for business messaging:  Sex, Hate, Alcohol, Firearms, Tobacco, and Cannabis –otherwise knows as SHAFT-C.  Not only is this content prohibited from the messages that you send, this content is also prohibited on your website.  During campaign review, if any content is found in these categories, the campaign will be rejected.  One of our carriers describes it this way:  If a chiropractor’s office has CBD oils on its website, the campaign will be denied even if not directly related to CBD marketing.  SHAFT-C is not allowed to be on the business website at all.  However, Alcohol and Tobacco can be supported if there is robust age-gating and proper opt-in.

Email-Texting Support

Please contact our team if you have any questions at support@email-texting.com or 866-923-5290.  We know this is a lot to digest and we are here to help!

Messaging Industry Resources

If you would like to learn more about the messaging industry’s expectations for business messaging, The Campaign Registry, or best practices for your business to adopt, please refer to the following resources:

The Campaign Registry
https:/www.campaignregistry.com/

CTIA Messaging Principles and Best Practices
https://api.ctia.org/docs/default-source/default-document-library/170119-ctia-messaging-principles-and-best-practices.pdf

MMA Best Practices
https://www.mmaglobal.com/files/bestpractices.pdf

M3AAWG Best Practices
https://www.m3aawg.org/sites/default/files/m3aawg-mobile-messaging-best-practices-service-providers-2015-08_0.pdf

Telephone Consumer Protection Act (TCPA) Omnibus Declaratory Ruling (FCC 15-72)
https://apps.fcc.gov/edocs_public/attachmatch/FCC-15-72A1.pdf

FTC Truth in Advertising
https://www.ftc.gov/news-events/media-resources/truth-advertising