SMS Compliance Guide

Stay compliant. Stay connected. Stay trusted.

Overview

SMS marketing is powerful—but it comes with serious legal and ethical responsibilities. This guide will help you navigate the complex world of SMS compliance so your messages stay legal, respectful, and effective.

You'll learn:

• What SMS compliance means
• The laws that govern SMS
• How to get proper consent
• Required message content
• How to manage opt-outs
• Record-keeping best practices
• Common mistakes to avoid

1. What Is SMS Compliance?

SMS compliance means following laws, carrier rules, and best practices to ensure your messages are wanted, legal, and appropriate.

Compliance ensures you:

• Have permission to message
• Send accurate and respectful content
• Allow recipients to opt out
• Protect consumer data

Non-compliance risks include:

• Blocked messages
• Fines ($500–$1,500 per violation)
• Lawsuits
• Brand damage

2. Who Regulates SMS in the U.S.?

3. Key Laws & Standards

✅ TCPA (Telephone Consumer Protection Act)

• Requires prior express written consent for marketing texts
• Covers use of automated messaging systems
• Fines up to $1,500 per violation

✅ CAN-SPAM Act

• Governs truth in marketing
• Applies to SMS when promoting products/services
• Requires identification and opt-out instructions

✅ CTIA Messaging Principles

• Not law, but enforced by carriers
• Covers opt-ins, message content, sender identity, and frequency

4. Getting Consent (Opt-In)

Acceptable Opt-In Methods

• Web forms with unchecked checkboxes
• Text-to-join keywords (e.g. Text JOIN to 55555)
• Paper forms with clear SMS consent language

What Consent Must Include

• Voluntary agreement to receive texts
• Brand identity
• Frequency disclosure
• “Message & data rates may apply” notice
• Link to your Privacy Policy and Terms of Use

Example Opt-In Disclosure:

By signing up, you agree to receive recurring marketing messages from EchoTexting. Msg & data rates may apply. Reply STOP to cancel. Terms & Privacy: echotexting.com

5. Message Content Requirements

Each marketing message must include:

Initial Compliance Message Example:

You’re subscribed to EchoTexting alerts. Msg freq varies. Msg & data rates may apply. Reply STOP to opt-out.

6. Handling Opt-Outs

You must honor opt-outs immediately and automatically.

Valid opt-out keywords:

• STOP
• END
• CANCEL
• UNSUBSCRIBE
• QUIT

Required Response Example:

You’ve been unsubscribed from EchoTexting. No further messages will be sent.

Do not send confirmation messages after this unless explicitly allowed.

7. Managing Data & Privacy

• Keep opt-in records secure and accessible
• Don't share/sell contact lists
• Honor deletion and data access requests (e.g. CCPA, GDPR)
• Use secure authentication (e.g. magic links) when managing user data

8. Recordkeeping Best Practices

Retain:

• Opt-in timestamps and methods
• Consent disclosures
• All messages sent
• Opt-out logs

Retention recommendation: at least 4 years.

9. Common Mistakes to Avoid

• ❌ Texting without explicit written consent
• ❌ Forgetting to include opt-out instructions
• ❌ Buying or renting contact lists
• ❌ Messaging outside of reasonable hours (avoid 8pm–8am)
• ❌ Sending deceptive or vague messages

10. Additional Compliance Tips

• ✅ Use a registered 10DLC or shortcode
• ✅ Separate transactional vs marketing content
• ✅ Get legal review for opt-in flows
• ✅ Limit frequency to 1–4 messages per week
• ✅ Test STOP and HELP flows regularly

Summary Checklist

Need Help?

If you’re unsure whether your messaging is compliant, consult a lawyer or reach out to our support team.

SMS compliance isn’t just about avoiding fines—it’s about respecting your audience.