Last updated 2026-07-09

TL;DR
The TCPA (47 U.S.C. § 227) restricts cold calls, robocalls, and text messages to cell phones without prior express consent. Real estate agents and investors face fines of $500 to $1,500 per illegal contact. This checklist covers consent, DNC scrubbing, calling hours, cell phone identification, and state-level rules you must layer on top of federal law.
What is TCPA in real estate and why does it apply to agents and investors?
The Telephone Consumer Protection Act, codified at 47 U.S.C. § 227, was signed in 1991 to stop unwanted telemarketing calls [1]. It applies to anyone making calls or sending texts for commercial purposes, and that includes real estate. Cold-calling an expired listing, texting a FSBO owner, blasting a ringless voicemail to an absentee landlord list: the TCPA covers all of it.
The law bans using an automatic telephone dialing system (ATDS) or a prerecorded voice to call or text a cell phone without prior express written consent from the recipient [1]. It also bans prerecorded calls to residential landlines without consent. The Federal Communications Commission enforces the law and has issued dozens of declaratory rulings interpreting it over the years [2].
Real estate teams often assume the TCPA does not reach them because they think they are just calling leads. Courts disagree. Settlements involving mortgage lenders, property management companies, and real estate data vendors show the industry is a regular target. The statute gives individuals a private right of action, meaning any recipient can sue you directly without waiting for the FCC or FTC to act [1]. Class actions are common because every person on a bad dial list is a potential plaintiff.
The practical risk is high for small teams. A dialer that auto-sends 500 texts to cell numbers without consent can generate $750,000 in statutory damages before a single phone call from a lawyer. That math is why compliance starts before you hit send, not after.
What counts as an automatic telephone dialing system (ATDS) under TCPA?
An ATDS is equipment with the capacity to store or produce phone numbers using a random or sequential number generator and dial them [1]. That definition is the most litigated phrase in TCPA history. The Supreme Court settled the fight in Facebook v. Duguid (2021), holding that a system qualifies as an ATDS only if it actually uses a random or sequential number generator, not merely because it stores and dials numbers from a list [3].
For real estate outreach that means a CRM that lets you click-to-call from a stored list is probably not an ATDS under the current federal standard. A predictive dialer that pulls numbers from a queue and dials them automatically without a human starting each call is the gray zone, and courts are still working through it. Power dialers that require an agent to click before each call are generally safer. Get legal advice specific to your software if you run high volume.
Do not let this lull you. Even if your system is not an ATDS, you can still violate the TCPA's separate ban on prerecorded messages to cell phones without consent, and you can still violate the Telemarketing Sales Rule enforced by the FTC. Ringless voicemail drops are especially risky: the FCC has signaled it may treat them as calls covered by the TCPA [2].
State laws often define ATDS more broadly than federal law. Texas, Florida, and Washington each have telemarketing statutes with their own equipment definitions. Run your dialer choice through your state's rules as well.
What are the TCPA fines and penalties a real estate team can face?
The statute sets damages at $500 per violation for negligent violations and up to $1,500 per violation if the court finds the violation was willful or knowing [1]. There is no cap per case, only per violation. Each call, each text, and in some interpretations each ignored opt-out is its own violation.
Real settlements give the scale context. UnitedHealthcare paid $2.5 million to resolve alleged TCPA violations involving healthcare marketing calls (see our coverage of the UnitedHealthcare TCPA case). Credit One Bank faced a major class action over autodialed calls (background at Credit One TCPA settlement). Truist Bank settled similar claims (details at Truist Bank TCPA settlement). None of those defendants were real estate companies, but the damages math works identically for any outbound operation.
For a small real estate team the realistic threat is a demand letter or small arbitration, not a nine-figure class action. Even so, a $50,000 settlement plus $30,000 in legal fees ends a solo agent or a five-person wholesaling shop. The plaintiff's bar targets real estate cold outreach because the violation patterns (bulk dialing, no consent, no DNC scrub) are easy to document from a handful of received calls.
State attorneys general can bring separate enforcement actions under state telemarketing laws, and some states (Florida, Oklahoma) stack their own per-violation penalties on top of federal TCPA exposure [4].
TCPA compliance checklist: the full step-by-step for real estate outreach
This is the working checklist. Go through each item before you dial or send a single message in a new campaign.
1. Identify your number types Determine whether each number on your list is a cell phone or a landline. The TCPA's strictest rules (ATDS ban, prerecorded message ban, written consent requirement) apply to cell phones. Use a carrier lookup or phone validation service to append this before dialing. This step alone cuts your legal exposure hard.
2. Obtain the right level of consent before using a dialer or sending texts For autodialed or prerecorded calls and texts to cell phones you need prior express written consent [1]. That means a signed agreement (wet signature or a clear electronic equivalent) where the person agrees to receive autodialed calls or texts from you specifically, understands they are not required to consent as a condition of any purchase, and provides the number they authorize. A business card someone handed you at an open house is not written consent. A lead form that says "I agree to receive marketing calls" checked by the user is closer, but your attorney should review the exact language.
3. Scrub against the National Do Not Call Registry before every campaign The FTC maintains the National DNC Registry [5]. You must access it and scrub your list against it at least every 31 days. The registry costs nothing for companies calling fewer than five scrubbed numbers per day; commercial access fees apply above that threshold. If a number appears on the registry, do not call it unless you have an established business relationship (EBR) or written consent from that person.
4. Maintain your own internal DNC list Anyone who asks you not to call must go on your internal do-not-call list. The FTC's Telemarketing Sales Rule sets the outer limit at 30 days, but honor it immediately in practice [6]. You must suppress that number for at least five years. A spreadsheet works if you are tiny, but a CRM with DNC flagging is safer because it blocks accidental re-import.
5. Verify calling hours Federal law restricts calls to 8 a.m. to 9 p.m. in the recipient's local time zone [6]. Not your time zone. If you are in Phoenix calling someone in New York at 8:00 a.m. Mountain, it is 10:00 a.m. Eastern and you are fine. Flip it and you have a problem. Several states run tighter windows: California enforces its 8 a.m. to 9 p.m. local rule aggressively, and Florida's Mini-TCPA restricts business-to-consumer calls to 8 a.m. to 8 p.m. local [4]. Build time-zone logic into your dialer.
6. Check your spoofing and caller ID The Truth in Caller ID Act (part of the TCPA framework) prohibits displaying false caller ID with intent to defraud or cause harm [7]. Using a local presence number is not inherently illegal, but if the callback number does not actually reach you or your team, you are in trouble. Display a number that can receive calls and is tied to your real business.
7. Have a clear opt-out mechanism for every text campaign For SMS, every message must include a way to opt out, and opt-out requests must be honored immediately [2]. "Reply STOP to unsubscribe" is the standard. Sending another message after a STOP reply is a separate violation. Your platform should automate suppression, but audit it.
8. Get consent documentation you can actually produce If you are sued, you need to prove consent. That means timestamped records, IP addresses for web forms, recordings of verbal consent (where state law permits recording), and signed documents. Store these for at least four years to cover TCPA's four-year statute of limitations.
9. Review your data vendors If you buy lists from a data vendor (skip tracing, probate lists, absentee owner lists), ask them in writing how they got the data, whether it has been DNC-scrubbed, and what their consent representations are. Contractual indemnification helps, but a court can still find you liable if you ignored obvious red flags. TCPA news and regulatory updates covers vendor liability developments worth bookmarking.
10. Layer on state law requirements Federal TCPA is the floor. California, Florida, Texas, Washington, and Oklahoma each add restrictions. A multi-state real estate operation needs a per-state review. Florida's Telephone Solicitation Act (Section 501.059, Florida Statutes) was amended in 2021 to add a private right of action, making it one of the most aggressive state regimes in the country [4].
Do real estate cold calls require written consent or is verbal consent enough?
The answer depends on how you are calling.
If you dial manually, with a human agent pressing a button to start each individual call, and you use no prerecorded message, you do not need prior express written consent under the federal TCPA to call a cell number. You still have to respect the DNC registry and calling hours, but the written consent requirement attaches specifically to autodialed calls and prerecorded messages.
If you use a predictive dialer, a power dialer that queues numbers automatically, ringless voicemail drops, or any prerecorded greeting, the standard shifts to prior express written consent for cell phones [1]. The FCC has been clear that consent must be obtained before the call, not after, and that consent obtained by deception does not count.
For text messages, written consent is required for marketing texts regardless of whether an ATDS is involved, under the FCC's interpretation [2]. If you text a FSBO owner to ask if they want to sell, that is a commercial message requiring consent. There is an argument that a single, manually composed text is not subject to the same rules, but the plaintiff's bar disputes it and courts are split. The conservative approach is to require some form of opt-in before you text anyone.
Verbal consent for a recorded call can satisfy the prior express consent standard in some narrow situations, but it does not satisfy prior express written consent. Keep those two standards separate.
What is the established business relationship (EBR) exception and does it apply in real estate?
An established business relationship is a defense to a DNC registry complaint, not a blanket TCPA exception. Under FTC rules, an EBR exists if the consumer made a purchase, rental, or financial transaction with you within the last 18 months, or inquired about your services within the last three months [6].
In real estate, that means if someone called your office last month to ask about a listing, you have a three-month window to call them back even if they sit on the national DNC registry. If they closed on a home with you two years ago, that EBR has expired. The moment the window closes, DNC status controls again.
The EBR does not override the TCPA's cell phone consent rules. You still cannot use an ATDS or prerecorded message to call a cell number just because an EBR exists. The EBR only shields you from DNC registry liability for manual calls. Agents often misread this and assume an old client relationship lets them autodial former clients with no consent. It does not.
Document every EBR interaction with a date. If you are audited or sued, you need to show exactly when the inquiry or transaction happened.
How do ringless voicemails and text blasts fit under the TCPA for real estate?
Ringless voicemail drops (RVMs) got popular in real estate wholesaling because they feel less intrusive than a ringing phone. The compliance picture is murky. The FCC has received petitions asking it to rule that RVMs are calls under the TCPA, and multiple courts have found they qualify as calls, though no final FCC order has settled the question [2]. The safe operating assumption is that an RVM to a cell phone without prior express written consent is a TCPA violation.
Text blasts are cleaner to analyze. A mass text sent through an SMS platform to a list of cell numbers is virtually certain to involve an ATDS under most courts' current reading, and the FCC requires prior express written consent for marketing texts to cell phones [2]. Marketing is read broadly. A text that says "I saw your house might be for sale, can we talk?" is commercial outreach.
Platforms that advertise TCPA-compliant texting to real estate investors often offer peer-to-peer (P2P) texting where a human sends each message individually. That architecture is more defensible, but the human still has to actually initiate each send. A system where a person clicks a button that then auto-populates and sends 200 messages with no per-message review is functionally an ATDS regardless of marketing language.
For a broader look at what compliant text outreach actually looks like, text message marketing compliance is a useful reference.
What state laws add extra compliance requirements on top of federal TCPA?
Several states run compliance programs meaningfully stricter than federal law, and real estate outreach in those states needs separate attention.
| State | Key extra requirements | Penalties |
|---|---|---|
| Florida | Mini-TCPA (S. 501.059): calls only 8am-8pm local, private right of action, covers calls using ATDS or prerecorded voice regardless of federal ATDS definition | Up to $500/call under state law |
| California | CCPA data rights apply to marketing lists; CPUC has its own telemarketing rules; state AG enforcement aggressive | Variable; CCPA up to $7,500/intentional violation |
| Texas | Business & Commerce Code Ch. 305: state DNC list, opt-out requirements | Up to $5,000/violation |
| Washington | Commercial Phone Solicitation Act: additional disclosure requirements, state DNC | Up to $1,500/violation plus treble damages |
| Oklahoma | Oklahoma No-Call Act: separate state DNC, additional calling hour restrictions | Up to $500/call |
Florida is the most aggressive state for real estate operators right now. The 2021 amendments to Florida's Telephone Solicitation Act created a private right of action, spawning a wave of individual and class lawsuits [4]. If you are buying absentee owner lists in Florida and texting them, you are working in one of the highest-risk legal environments in the country.
Texas runs its own DNC list that you must scrub separately from the national registry [8]. Several California-based wholesalers have caught both TCPA suits and CCPA complaints out of the same list purchases.
The rule of thumb: identify every state where a recipient lives or where the number has a local area code, then read that state's telemarketing statute before the campaign runs.
How should real estate teams document and store consent records?
Documentation is the difference between winning and losing a TCPA suit. If you have written consent with a timestamp, IP address, and the exact language the person agreed to, most plaintiffs' attorneys move on. If you cannot produce consent records, the lawsuit stops being about liability and becomes a fight over how much you pay.
Here is what a solid consent record looks like for a web-form lead. It should include the date and time of submission (to the second), the IP address of the submitting device, the exact text of the consent disclosure the person saw, the specific phone number they entered, and the name and URL of the page where the form appeared. Some teams also save a screenshot of the form as it looked at submission in case the site later changes.
For purchased lists, consent records are harder because the vendor collected consent, not you. Ask vendors for their consent methodology in writing before you buy. Get a representation and warranty clause in your data purchase agreement. None of this is bulletproof, but it shows a court you did not ignore red flags.
The TCPA carries a four-year statute of limitations under 28 U.S.C. § 1658 [9]. Keep records for at least five years to give yourself margin. Cloud storage is fine as long as records stay searchable and tamper-evident. A flat pile of CSV exports is not good enough for litigation; you want a system that preserves the original record with its metadata.
LeadCompliant's free compliance kit includes a consent record template and a DNC suppression log format you can adapt to your CRM, if you want a starting point without building from scratch.
What technology and process checks catch problems before a campaign goes live?
A compliance process is only as good as the checkpoints that run before a dial session starts. Here is a practical pre-campaign gate.
First, every list should go through a phone validation step that flags cell numbers, identifies disconnected numbers, and removes obvious duplicates. Several vendors offer this as a batch API. Disconnected numbers generate carrier complaints and waste dials; cells without consent generate TCPA exposure.
Second, the list should hit your internal DNC file before it touches the national registry scrub. Internal opt-outs take priority because failing to honor your own DNC list is a separate violation and looks especially bad to juries.
Third, run the remaining numbers through a national DNC scrub. Refresh your registry access at least every 31 days, the statutory maximum [6]. Screenshot the scrub confirmation from the registry portal and save it with the campaign record.
Fourth, if you are texting, confirm your SMS platform suppresses STOP replies automatically and that the suppression syncs back to your CRM. Test it with an internal number before live deployment.
Fifth, review your dialer settings for time-zone compliance. Most predictive dialers have a built-in time-zone filter; verify it is on and set to the recipient's time zone, not the caller's. Audit this after any platform update, because vendor updates have reset these configurations before.
If your team shares a CRM, name one person as the list owner who runs these checks and signs off in writing. A checklist with initials creates an audit trail that helps both internally and in litigation.
What are the most common TCPA mistakes real estate cold outreach teams make?
The mistakes that generate lawsuits are mundane, not exotic.
The single most common one is buying a skip-trace list and dialing it immediately with no DNC scrub. The list provider often claims the data is DNC-clean as a selling point, but that claim usually refers to a stale scrub done at compilation, not a scrub done today. You are responsible for your own current scrub before dialing, regardless of what the vendor says.
Second most common: running a power dialer in drop mode (where the system auto-dials the next number when an agent hangs up) without confirming the list holds only numbers with appropriate consent. If any cell numbers sit in that list without written consent, every contact is a violation.
Third: continuing to send texts after a STOP reply. Sounds obvious. It fails in practice when a team uses multiple sending platforms that do not share suppression lists. A recipient stops one number, the team switches to a different number or platform, and the same person gets another text. Courts treat this pattern harshly.
Fourth: assuming that because an agent knows someone personally, no TCPA rules apply. The TCPA has no friends-and-family exception for commercial outreach. If the purpose of the call is to buy their house, it is commercial, and the statute applies.
Fifth: ignoring state law entirely. Most compliance guides fixate on federal TCPA, and teams assume that passing the federal test finishes the job. Florida's Mini-TCPA and California's CCPA have tripped up teams that cleared every federal checkpoint.
Where can you find free tools and official guidance to stay current on TCPA changes?
The FCC publishes its TCPA orders and declaratory rulings on its website [2]. Bookmark it and check it quarterly, because the FCC issues updates that change the compliance landscape without media coverage proportional to the legal impact. The FCC's 2023 ruling on one-to-one consent, which tightened the prior express written consent standard so a lead gen form cannot grant consent to multiple sellers at once, hit real estate outreach hard [10].
The FTC publishes its version of Do Not Call rules under the Telemarketing Sales Rule, which governs some outbound calls the TCPA does not directly reach and vice versa [6]. The FTC also publishes small-business compliance guides plain enough to actually use [11].
The National Do Not Call Registry portal (donotcall.gov) is where you register your organization and run scrubs [5]. There is no excuse for not being registered.
For real estate-specific developments, watching TCPA news alongside FCC announcements covers most of what you need to catch before it becomes a problem.
LeadCompliant also offers a free number checker and a one-time compliance kit with a consent form template, a DNC log format, and a pre-campaign checklist you can hand to any VA or ISA running your outreach.
Frequently asked questions
What is TCPA in real estate?
The TCPA (Telephone Consumer Protection Act, 47 U.S.C. § 227) is a federal law that restricts automated calls, prerecorded messages, and marketing texts to cell phones without prior express written consent. Real estate agents, investors, and wholesalers fall under the TCPA any time they make commercial calls or send texts, including cold outreach to FSBOs, expired listings, or absentee owners. Violations carry $500 to $1,500 per contact in statutory damages.
Can real estate agents cold call cell phones without consent?
Yes, with a manually dialed call and no prerecorded message, you can cold call a cell phone without prior express written consent under the TCPA. You still must honor the national DNC registry and your internal DNC list, and you must stay within calling hours (8 a.m. to 9 p.m. local). The moment you use an auto-dialer or a prerecorded greeting, written consent is required before you call.
Does the TCPA apply to real estate wholesalers?
Yes. Wholesalers typically use high-volume outreach to absentee owners, probate leads, and distressed sellers, often via predictive dialers and text blasts. That outreach pattern carries some of the highest TCPA risk in the real estate industry. Bulk texting without consent and dialing without DNC scrubs are the two patterns that generate the most complaints and lawsuits against wholesalers specifically.
How often do you need to scrub your list against the national DNC registry?
Federal rules require you to scrub your calling list against the National Do Not Call Registry at least once every 31 days. You cannot scrub once and consider the list permanently clean. New numbers are added to the registry continuously, so a list that was compliant last month may contain registered numbers today. Registry access is free for organizations calling fewer than five numbers per day.
What is the statute of limitations for a TCPA lawsuit?
The TCPA's statute of limitations is four years under 28 U.S.C. § 1658, which governs federal civil claims with no other specified limitations period. That means a plaintiff can sue you over a call or text made up to four years ago. You should keep consent records, DNC scrub confirmations, and call logs for at least five years to give yourself a margin of safety in any dispute.
Are ringless voicemails legal under TCPA for real estate outreach?
The legal status of ringless voicemails (RVMs) is unsettled at the federal level. Multiple courts have found that RVMs qualify as calls under the TCPA, which would require prior express written consent to deliver them to cell phones. No FCC final order has resolved the question definitively. Most compliance attorneys advise treating RVMs exactly like prerecorded calls and obtaining written consent before using them on a cell number.
What counts as prior express written consent under TCPA?
Prior express written consent requires a signed agreement (physical or clear electronic equivalent) where the person agrees to receive autodialed or prerecorded calls or texts from a specific company, acknowledges the number they are providing, and is told they are not required to consent as a condition of any purchase. A pre-checked checkbox, a verbal agreement, or a business card does not meet this standard.
Does TCPA apply to texts sent to real estate leads?
Yes. Marketing texts to cell phones are covered by the TCPA regardless of whether an ATDS is used, under the FCC's current interpretation. If the purpose of the text is to buy their property or offer your services, it is a commercial message. You need prior express written consent before sending marketing texts, and every message must include a clear opt-out mechanism.
What is the difference between the national DNC list and an internal DNC list?
The national DNC registry, maintained by the FTC, lists consumers who opted out of telemarketing calls from any company. Your internal DNC list contains people who specifically asked your company not to call them. Both must be honored. Internal opt-outs take effect immediately and must be suppressed for at least five years. A contact on your internal DNC list stays off your dial list even if they do not appear on the national registry.
How does Florida's Mini-TCPA affect real estate cold outreach?
Florida's Telephone Solicitation Act (S. 501.059), amended in 2021, is stricter than federal TCPA in several ways. It restricts calls to 8 a.m. to 8 p.m. local time, has its own definition of covered technology that is broader than the federal ATDS definition, and created a private right of action allowing individual Floridians to sue callers directly. Penalties reach $500 per call under state law, piling on top of any federal TCPA exposure.
Can a real estate data vendor's consent representation protect you from TCPA liability?
Partially, but not completely. If a vendor provides false consent representations and you relied on them in good faith, that may reduce your damages or support an indemnification claim against the vendor. However, courts have found callers liable even when they relied on vendor representations, particularly if they ignored red flags about data quality. Always conduct your own DNC scrub and ask vendors for their consent methodology in writing before purchasing any list.
What calling hours are allowed under federal TCPA rules?
Federal rules, enforced by the FTC under the Telemarketing Sales Rule and mirrored in FCC TCPA guidance, restrict telemarketing calls to 8 a.m. to 9 p.m. in the recipient's local time zone. The recipient's time zone controls, not the caller's. Some states run tighter windows: Florida caps calls at 8 p.m. local, for example. Build time-zone logic into your dialer and verify it is functioning before each campaign.
Do peer-to-peer (P2P) text platforms make real estate texting TCPA-compliant?
P2P platforms reduce ATDS risk because a human agent initiates each message individually. That is a real compliance advantage for the autodialer definition. However, P2P architecture does not override the consent requirement for marketing texts, the opt-out requirement, or state law restrictions. You still need the recipient's prior express written consent to send a marketing text on a P2P platform, and you must honor opt-out requests immediately.
What should a real estate team do if they receive a TCPA demand letter?
Do not ignore it and do not respond without legal counsel. Immediately preserve all call records, consent documentation, DNC scrub confirmations, and dialer configurations related to the named plaintiff. Suspend outreach to the plaintiff's number. The demand letter almost always precedes a settlement negotiation, and your documentation position at the time of the letter largely determines your outcome. TCPA plaintiff attorneys often have dozens of demand letters in flight simultaneously.
Sources
- Cornell Law School LII, 47 U.S.C. § 227 (TCPA full statute text): The TCPA prohibits using an ATDS or prerecorded voice to call cell phones without prior express consent and sets damages at $500-$1,500 per violation
- U.S. Supreme Court, Facebook Inc. v. Duguid, 592 U.S. 395 (2021): The Supreme Court held that an ATDS must use a random or sequential number generator to store or produce numbers, narrowing the federal ATDS definition
- Florida Legislature, Section 501.059, Florida Statutes (Telephone Solicitation): Florida's 2021 amendments to S. 501.059 added a private right of action, restricted calls to 8am-8pm local, and established penalties up to $500 per call under state law
- FTC, National Do Not Call Registry (donotcall.gov): The FTC maintains the National DNC Registry; telemarketers must scrub against it at least every 31 days
- FTC, Telemarketing Sales Rule (16 C.F.R. Part 310): TSR requires calling hours of 8am-9pm local, internal DNC lists honored within 30 days, and defines established business relationship as 18 months for transactions and 3 months for inquiries
- Texas Office of the Attorney General, consumer protection (Business & Commerce Code Ch. 304-305): Texas maintains its own No-Call List that telemarketers must scrub separately from the national DNC registry, with penalties up to $5,000 per violation
- Cornell Law School LII, 28 U.S.C. § 1658 (Limitations on actions): Federal civil claims with no specified limitations period, including TCPA private actions, carry a four-year statute of limitations under 28 U.S.C. § 1658
- FTC, business guidance resources: FTC guidance requires telemarketers to access the DNC registry at least every 31 days and maintain internal DNC records for at least five years