Last updated 2026-07-09

TL;DR
Once a consumer revokes TCPA consent, you have to stop calling or texting within 10 business days. Ignore that window and every contact after it is a possible $500 to $1,500 statutory violation. The FCC's 2024 order and existing case law let consumers revoke through any reasonable method, including a one-word text reply. Speed matters more than the deadline.
What does TCPA consent revocation actually mean?
Consent under the Telephone Consumer Protection Act is not permanent. A consumer who agreed to get autodialed or prerecorded calls and texts can take that agreement back, any time, for any reason. That right does not live in your fine print, and it is not tied to some specific opt-out button you designed. The statute, 47 U.S.C. § 227, gives consumers the power to stop unwanted contact, and the FCC has spent years spelling out the mechanics. [1]
Revocation happens the moment a consumer says, in any reasonable way, that they no longer want to hear from you. No magic words. No call to your compliance line. A reply of "STOP" to a text, a spoken request on a call, an email to your listed opt-out address, or a mailed letter all count. The FCC's 2024 Report and Order locked in the standard: consumers may revoke consent using any reasonable means. [2]
For teams running multi-touch drip sequences, this is a real operational headache. Consent can die at step three of a seven-step cadence. What matters is what you owe that person the second it happens, and how fast you deliver it.
How long do you have to stop contacting someone after they revoke?
You get 10 business days. That is the maximum processing window the FCC set in its 2024 order, built so larger organizations have time to push an opt-out through their systems before every outbound tool sees the flag. [2] It is a grace period for your plumbing. It is not a license to keep sending for another week and a half.
Most platforms process revocations in real time or within minutes. If yours does, use that speed. The 10-day window is a ceiling, not a target. Courts have not been kind to defendants who burned the full window when they had the technical means to stop sooner.
Miss the window and every contact after the revocation is a standalone violation. At $500 per negligent violation, or $1,500 per willful one, a campaign that sends three more messages to 500 revoked contacts is staring at $750,000 to $2.25 million in potential statutory damages. Those figures come straight from 47 U.S.C. § 227(b)(3), which sets the per-call floor. [1] Courts can certify class actions on these claims too, which is how cases like the Cash App TCPA class action settlement and the Credit One TCPA settlement grew to the size they did.
What counts as a valid revocation method?
Here is where a lot of teams trip. They build a formal opt-out process, a specific keyword or a form page, then assume any request that skips that exact path does not count. Wrong.
The FCC has been consistent: you cannot contractually limit the methods a consumer uses to revoke. A 2015 FCC Declaratory Ruling said it plainly, that consumers can revoke consent through any reasonable means clearly expressing a desire to stop being contacted. [3] Case law since then agrees. Courts have found valid revocations in voicemails, emails, verbal statements on recorded calls, and written letters.
Here is a practical breakdown of revocation methods courts and the FCC have recognized:
| Method | Recognized? | Notes |
|---|---|---|
| Reply "STOP" to SMS | Yes | Standard, well-documented |
| Verbal "take me off your list" on a call | Yes | Requires call recording and logging |
| Email to a listed opt-out address | Yes | Timestamp the receipt |
| Voicemail requesting removal | Yes | Log and process like any other |
| Online opt-out form | Yes | Most auditable trail |
| Letter or written notice | Yes | Rare but legally valid |
| Non-standard keyword via SMS | Probably yes | Depends on clarity of consumer intent |
You can offer preferred methods and route revocations through one channel for efficiency. You cannot tell a consumer their opt-out is invalid because they used the wrong door. [3]
Does consent revocation cover all contact, or just the channel they opted out on?
There is no clean universal answer here, and anyone who tells you otherwise is oversimplifying. The FCC's 2024 order leaned toward a broad reading: revocation should apply across the campaign unless the consumer's request is clearly channel-specific. [2]
If someone texts STOP to your SMS campaign, the safe read is that they want no more SMS from you. Whether that also kills your permission to call depends on how your original consent was built. A single consent form that covered both calls and texts means revocation of one channel should push you to stop both until you clarify. If you had separate, distinct consents for calls versus SMS, you have a stronger argument that a text STOP only touches SMS.
The practical answer for small outbound teams is simpler. Someone opts out, pull them from all active contact for that campaign. Trying to thread the needle and keep them on a separate calling track is the kind of move that reads terribly in discovery. It signals willfulness, which is exactly the mental state that turns a $500 violation into $1,500. [1]
For text message marketing programs, killing all SMS the moment a STOP keyword lands is both legally required and technically trivial with any real SMS platform.
What if the consumer re-consents after revoking?
Revocation is not a lifetime ban on ever contacting someone again. It cancels the prior consent. If the consumer later gives fresh, valid consent, you can restart under that new permission.
The tricky part is what counts as fresh. It has to be affirmative and knowing. Sending someone a message that says "Reply YES to stay on our list" after they already texted STOP is legally dangerous. You just sent an unsolicited message to ask if they want unsolicited messages. That contact itself could be a violation, because you sent it after the revocation but before any new consent existed.
The clean way to rebuild consent is inbound: a web form the consumer fills out on their own, a phone call they place to you, an in-person interaction. Document it carefully. The 2024 FCC order's one-to-one consent requirement, before it was challenged in court, meant the new consent had to name your company specifically, not a category of sellers. [2]
For most campaigns, re-consent after revocation is rare enough that you should treat a STOP as final and move on.
How should you handle revocations in a purchased or shared lead list?
Multi-vendor lead generation gets genuinely messy here. You buy a list. Someone on it already revoked consent with the original data collector, but that opt-out never reached the file you received. You call them. You are liable.
The FCC's 2024 one-to-one consent rule was supposed to help by requiring that written consent for autodialed or prerecorded contact name the specific seller, not a broad "marketing partners" category. [2] In theory, that closed the loophole where a consumer consents to a lead aggregator's entire network. In practice, the rule got vacated on appeal in January 2025, so it is not your shield right now. Check current FCC guidance before relying on any single order.
What you actually control is your own scrubbing process. Before any outbound campaign, check your list against:
- The National Do Not Call Registry (scrub required every 31 days under 47 C.F.R. § 64.1200) [4]
- Your internal revocation and opt-out database
- Any company-specific do-not-call lists built from prior campaigns
See our overview of the do not call list and how to access the do not call telemarketer list for the mechanics of that scrub. For cells specifically, the mobile phone do not call list guidance matters, because TCPA protections apply to calls and texts to mobile numbers regardless of registration status.
If you buy leads from a third party, your contract should require the seller to warrant the records were scrubbed for opt-outs within the last 30 days and to indemnify you for violations from their data. That clause will not fully protect you in a TCPA suit, since you are the caller, but it gives you contractual recourse.
What does a TCPA violation from missed revocation actually cost?
Statutory damages under 47 U.S.C. § 227(b)(3) run $500 per violation for negligent conduct and up to $1,500 per willful or knowing violation. [1] Each call or text is a separate violation. There is no cap per consumer, per campaign, or per company. Courts can raise damages for willful conduct but cannot go below $500.
Class actions multiply these numbers fast. A 500-person campaign that fired two follow-up texts after opt-outs came in has potential exposure of $1,000 per person at the negligent rate. That is $1.5 million before any legal fees. Add attorney fees in fee-shifting situations and the math of settling early starts to make sense, which is why so many TCPA cases resolve before trial.
Actual settlement amounts show what real exposure looks like. See what happened in the Cash App TCPA class action settlement for a recent example of how these cases resolve at scale.
Beyond statutory damages, the FTC and FCC can impose their own civil penalties for DNC violations. FTC civil penalties for Do Not Call violations run up to $51,744 per violation as of 2024. [5] That layer sits on top of private TCPA suits, not instead of them.
How should you set up your systems to catch revocations in real time?
The 10-business-day window means nothing if your systems cannot push opt-outs to every active campaign. That is the real problem most small teams have. One opt-out database sits somewhere, and three or four campaign tools that never talk to each other run beside it.
The minimum setup has three parts. First, a single source of truth for opt-outs. Every revocation, from every channel, lands in one database right away. SMS STOP replies, verbal requests logged by reps, email unsubscribes, all of it. Second, automated suppression. Before any outbound dial or send, the system checks that database. Not once a week. Every time. Third, a documented audit trail. You need to show, in discovery if it comes to that, the exact timestamp of the revocation and the exact timestamp of your last contact.
For teams running cold calling and SMS together, the suppression list has to bridge both channels. A cell number that texted STOP should be flagged in your dialer, not only your SMS platform.
LeadCompliant's free compliance kit includes a revocation log template and a pre-campaign checklist that covers these suppression steps. It will not replace real legal counsel, but it gives you a documented starting point that matters in a he-said-she-said fight.
For teams starting on how to get the do not call list, that federal scrub is table stakes. Your internal revocation database is the layer on top that protects you from people who opted in and then changed their minds.
What does the FCC's 2024 consent order change about revocations?
The FCC's January 2024 Report and Order made three changes that touch revocation. [2] First, it wrote the "any reasonable means" standard for revocation into the rules themselves, above and beyond declaratory rulings. Second, it set the 10-business-day processing window explicitly in the text of the rule. Third, and the one that mattered most to lead generators, it tightened the one-to-one consent requirement: prior express written consent for autodialed marketing calls and texts had to go to a single, named seller, not a category of marketers.
That third change mattered for revocation because it narrowed what counted as valid consent in the first place. If the original consent was not TCPA-compliant because it covered too many sellers, you never had valid consent to revoke. You were calling without proper authorization from the start.
The one-to-one rule then hit the courts. In January 2025, the Eleventh Circuit vacated the one-to-one consent portions of the order in Insurance Marketing Coalition v. FCC, finding the FCC exceeded its authority. [6] The revocation timing standard and the "any reasonable means" language were not the parts struck down. Check the current FCC site for live implementation status before you build a compliance program around any single order.
Are there state laws that go further than the TCPA on revocation?
Yes. Several states passed their own telemarketing and robocall statutes that go past federal TCPA minimums. Florida updated its Telephone Solicitation Act in 2021 (Florida Statute § 501.059) to require 24-hour opt-out processing for commercial texts, far stricter than the federal 10-business-day window. [7] Florida also created a private right of action with damages up to $500 per text, on top of any federal claim.
Washington, Oklahoma, and Maryland have their own laws with similar opt-out and revocation mechanics. California's CPUC has rules covering certain solicitation calls. Texas has provisions in its Business and Commerce Code on telemarketing.
The practical implication is straightforward. Your nationwide campaign has to honor the strictest applicable state rule for consumers in that state. A Florida consumer who opts out gets 24-hour processing, not 10 business days. You cannot run one federal standard across all 50 states without checking state law for each consumer's area code.
This is why a TCPA compliance framework that accounts for state variations matters, well beyond federal minimums.
What should you do right now if you have an active campaign and no revocation system?
Stop the campaign, or at minimum pause outbound on any record where you do not have a clear, documented, timestamped consent record and a confirmed absence of any prior opt-out.
That sounds aggressive. It is. But the alternative is dialing into uncertainty while the 10-business-day clock on any revocation you missed keeps ticking. Every outbound touch on a revoked record is a separate violation.
The steps in rough priority order:
1. Pull every opt-out or complaint you have received across all channels in the last 90 days and suppress those records today. 2. Scrub your active list against the National DNC Registry. This is a legal requirement every 31 days for lists you are actively calling. [4] 3. Build or designate a single opt-out log. A spreadsheet with timestamps works. A proper CRM field works better. 4. Add a STOP processing step to your SMS platform if it is not already automatic. Every reputable SMS gateway handles this natively. 5. Brief your reps on verbal opt-outs. They have to log them at the time of the call, not at end of day.
LeadCompliant has a free set of tools and a one-time compliance kit built for exactly this situation: small outbound teams with real campaigns who need a documented process now, not after a demand letter arrives.
For a wider look at your cold call compliance posture beyond revocation, the linked guide covers the full stack of federal and state rules that apply before you dial.
Frequently asked questions
Can a consumer revoke TCPA consent verbally on a call?
Yes. A spoken statement like "take me off your list" or "stop calling me" on a recorded or logged call is a recognized revocation under FCC guidance and federal case law. Document the timestamp, the rep who handled the call, and the action taken. The revocation is valid whether or not the rep confirms it, though confirmation is good practice.
How quickly do I actually have to stop after receiving a revocation?
The FCC's 2024 order set a 10-business-day maximum processing window. [2] That is the legal ceiling. If your platform processes opt-outs in real time, which most SMS gateways and modern CRMs do, use that speed. Courts have found willfulness when defendants took the full window despite having the technical ability to suppress immediately. Treat the 10-day window as a backstop, not a target.
Does a STOP text opt someone out of calls to the same number?
Not automatically under current law, but the safe approach is to suppress all contact for that campaign when a STOP arrives. If your original consent covered both calls and SMS, a STOP reply suggests the consumer wants out entirely. Keeping someone on a call track after they texted STOP looks bad in discovery and raises your willfulness exposure. Remove them from everything for that campaign.
What if I have a no-revocation clause in my terms and conditions?
It is unenforceable for TCPA purposes. The FCC and courts have held consistently that consumers cannot contractually waive their right to revoke consent. You can name preferred revocation methods in your terms, and that may help you run an organized opt-out process, but you cannot use a contract to block a consumer's right to stop contact under 47 U.S.C. § 227. [1][3]
If someone revokes, can I email them instead?
Possibly, depending on what consent you hold for email. The TCPA governs calls and texts to telephone numbers. Email falls under the CAN-SPAM Act, which has its own opt-out rules and a different framework. If you have a separate, valid email consent that has not been revoked, email contact may be fine. But switching channels right after a phone opt-out can look like evasion. Tread carefully and document your reasoning.
What is the difference between a TCPA revocation and a Do Not Call registry complaint?
A TCPA consent revocation is a consumer telling you specifically to stop contacting them. A DNC registry registration is a public record blocking unsolicited telemarketing to that number from all sellers. Both protect consumers, but they work differently. You could have valid consent to call a DNC-registered number, for instance, if the consumer gave written permission. Revocation cancels your consent; DNC registration sets a baseline prohibition.
Can a consumer revoke consent for one product but keep consent for another from the same company?
Yes, if the consent was structured separately by product or campaign and the revocation is clearly scoped. In practice, most revocations are broad, and consumers do not parse product lines when they text STOP. If you want to hold separate consent by product, your original opt-in language needs to make those distinctions explicit, and your revocation handling has to respect them. This is a complex setup that demands careful documentation.
Who is liable when a third-party calling vendor misses a revocation?
You are, primarily. The FCC applies vicarious liability principles to TCPA violations. If you authorized a vendor to call on your behalf, you can be held responsible for their non-compliance. Your vendor contract should include opt-out compliance warranties and indemnification clauses, but those are your remedies against the vendor, not a shield against the consumer's claim against you. Audit your vendors' revocation processes before campaigns go live.
Does the 10-business-day window reset if a consumer revokes a second time?
There is no specific FCC ruling on repeat revocations. The practical answer is yes, treat each revocation as starting a fresh 10-business-day clock, and you should be honoring the first one anyway, so a second usually means something fell through. If someone revokes twice, that is a flag that your suppression system has a gap. Fix the system, more than the individual record.
What records should I keep to defend against a TCPA revocation claim?
Keep the original consent record with its timestamp, source URL or call recording, and the specific language the consumer agreed to. Keep every opt-out log entry with the timestamp, channel, and the operator who processed it. Keep confirmation of suppression in your dialer or SMS platform. Hold these records for at least four years, the standard TCPA statute of limitations. Courts have dismissed claims where defendants produced clean, timestamped documentation.
What happens if I contact someone after revocation by accident, not willfully?
Negligent violations still carry $500 per contact in statutory damages under 47 U.S.C. § 227(b)(3). [1] You may dodge the treble damages that come with willful violations, but the base exposure is real. In a class action, "accidental" contacts caused by a systemic gap in your suppression process look more like willfulness than a single errant call does. Process failures are harder to defend than isolated human errors.
Do the same revocation rules apply to B2B calls?
Mostly yes for the channel rules, but the consent framework differs. TCPA's prior express consent requirements apply to calls to cellular numbers regardless of the business versus consumer status of the recipient. If you call a businessperson's cell with an autodialer, TCPA applies. For calls to business landlines using prerecorded messages, TCPA also applies. Revocation rights flow from the call type and number type, not from whether the recipient is a business.
Can I re-consent someone who revoked by adding them to a new campaign opt-in page?
Not by sending them to that page. You cannot text or call a link soliciting new consent, because that contact after revocation is itself a potential violation. Re-consent has to come inbound. The consumer visits your site on their own, fills out a form, or calls you. Any outbound attempt to solicit new consent from a revoked contact should go through legal counsel before you send it.
Sources
- U.S. Code, 47 U.S.C. § 227, Telephone Consumer Protection Act: Statutory damages of $500 per negligent violation, $1,500 per willful violation; private right of action; consent framework for autodialed and prerecorded calls
- FCC, Report and Order FCC 24-17 (January 2024), In the Matter of Rules and Regulations Implementing the Telephone Consumer Protection Act: FCC codified 10-business-day revocation processing window and 'any reasonable means' standard for consent revocation; one-to-one consent requirement
- FCC, Declaratory Ruling FCC 15-72 (July 2015), In the Matter of Rules and Regulations Implementing the Telephone Consumer Protection Act: Consumers can revoke consent through any reasonable means; callers cannot contractually restrict revocation methods
- FCC, Code of Federal Regulations, 47 C.F.R. § 64.1200, Delivery restrictions: DNC registry scrubbing required every 31 days for actively called lists; prior express written consent requirements for autodialed calls
- FTC, National Do Not Call Registry, Do Not Call enforcement and penalties: FTC civil penalties for Do Not Call violations can reach $51,744 per violation as adjusted for inflation
- Eleventh Circuit Court of Appeals, Insurance Marketing Coalition Ltd. v. FCC, No. 24-10277 (January 2025): Eleventh Circuit vacated the one-to-one consent portions of FCC 24-17, finding the FCC exceeded its statutory authority
- Florida Legislature, Florida Statute § 501.059, Telephone solicitation: Florida's Telephone Solicitation Act requires opt-out processing within 24 hours for commercial texts, stricter than federal 10-business-day window
- FTC, National Do Not Call Registry, Business Information: Telemarketers must scrub lists against the National DNC Registry; registration and access requirements for businesses
- Federal Communications Commission, agency homepage and consumer guidance: FCC guidance confirming right to revoke consent to robocalls and robotexts at any time
- U.S. Code, 47 U.S.C. § 227(b)(3), private right of action and enforcement: Statutory enforcement authority over TCPA violations including revocation failures and autodialer misuse