Last updated 2026-07-11

TL;DR
Teams under ten reps need DNC scrubbing that checks numbers against the National Do Not Call Registry, state DNC lists, and internal opt-outs before every dial. The right tools cost $30, $300 per month at small volumes. Skipping scrubs risks $500, $1,500 per call in TCPA statutory damages. This guide covers what to look for, which tools fit small teams, and what to do when budgets are tight.
What is DNC scrubbing and why does a small team need it?
DNC scrubbing is the process of comparing your call list against one or more do-not-call databases before you dial. Match a registered number, remove it from the campaign. The mechanics are simple. The legal stakes are not.
The TCPA (47 U.S.C. § 227) lets consumers sue for $500 per negligent violation and $1,500 per willful violation, with no cap on class size [1]. Picture a small team dialing 200 numbers a day with a 1% scrubbing failure rate. That's two calls a day to protected numbers. Run it for two months and you have 120 potential violations. At $1,500 each, that's $180,000 in exposure before a single attorney fee.
The FTC runs the National Do Not Call Registry, and telemarketers must scrub against it at least every 31 days under 16 C.F.R. § 310.4(b)(3)(iv) [2]. That's the federal floor. Several states, including Florida, Indiana, and Texas, keep separate DNC lists with their own scrubbing rules that can be stricter.
Small teams often assume this is a big-company problem. It isn't. TCPA plaintiffs' attorneys hunt for smaller operations, which are less likely to have legal departments and more likely to settle fast. Class actions like the Cash App TCPA class action settlement and the Credit One TCPA settlement show what happens when scrubbing and consent practices break down, even at well-funded companies.
What lists does a DNC scrubbing tool actually need to check?
Four layers, and a fifth for the paranoid. Before you pay for anything, confirm the tool covers each one below. A federal-only scrubber leaves gaps that a plaintiff's attorney will find.
Federal DNC Registry. The FTC's National Do Not Call Registry currently holds more than 249 million registered phone numbers [3]. Any legitimate scrubbing tool pulls from this. If a vendor can't confirm they access the registry through an FTC-authorized data provider, walk away.
State DNC lists. At least eleven states keep their own lists: California, Colorado, Florida, Indiana, Louisiana, Massachusetts, Missouri, Oklahoma, Oregon, Tennessee, Texas, and Wyoming [4]. Some charge access fees. Some require you to re-scrub more often than the federal 31-day window. A tool that only hits the federal registry leaves you exposed in these states.
Internal DNC / opt-out list. When someone tells you to stop calling, you have to honor that within 30 days under the TSR (16 C.F.R. § 310.4(b)(1)(iii)(A)) [2]. Your scrubbing tool or your CRM has to hold this list and apply it before every campaign.
Wireless / reassigned numbers. The FCC's Reassigned Numbers Database went live in 2021. Call a cell number that used to belong to someone who consented, but got reassigned to a new person who didn't, and you can still be liable [5]. Some scrubbing tools now check this database. Many don't. Ask directly.
Litigator lists. These are informal databases of known TCPA plaintiffs and serial filers. Not legally required, but several vendors offer them as add-ons. Worth it for high-volume teams. Skip it below 500 dials per day.
For teams doing cold calling into consumer markets, running the first four layers is the baseline. B2B callers have more room but aren't fully exempt, especially when dialing mobile numbers.
How much does DNC scrubbing cost for a small team?
Cost tracks volume, not headcount. Most tools price by records scrubbed per month, not by seats. That's good news for a team of eight that dials in bursts.
| Tool / Service Type | Approx. Monthly Cost | Records per Month | State Lists Included? |
|---|---|---|---|
| DIY FTC Subscription (SAN) | $74, $17,082/yr depending on area codes [3] | Unlimited for subscribed area codes | No |
| Entry-level SaaS scrubbers | $30, $75/mo | 5,000 to 25,000 | Some (varies) |
| Mid-range SaaS scrubbers | $100, $300/mo | 50,000 to 200,000 | Usually yes |
| Per-record batch scrubbing | $0.003, $0.01/record | Pay as you go | Depends on vendor |
| Compliance platform (full stack) | $300, $800/mo | High volume | Yes |
Run the math on a real team. Eight reps dialing 100 numbers each per day, 20 working days a month, is about 16,000 dials. That fits comfortably in an entry-to-mid-range SaaS tier.
The FTC charges for direct registry access through Subscription Account Numbers (SANs). One area code costs $74 per year. The full national list costs $17,082 per year [3]. Most small teams find it cheaper to pay a third-party vendor who already bought registry access and passes the cost along at scale.
One honest caveat: vendor pricing pages change often, and some tools bundle scrubbing with dialer or CRM features that pad the sticker price. Ask for scrubbing-only pricing every time. Then compare it against per-record batch options if your volume swings month to month.
Which DNC scrubbing tools are the best fit for teams under ten reps?
There's no single best tool for every small team, and anyone who tells you otherwise is selling something. The right choice depends on how you dial (CRM-integrated, standalone dialer, or manual), how often your lists change, and whether you need state list coverage. What I can do is lay out the categories and what matters in each.
Batch scrubbing services (upload a CSV, get a clean list back). These work well for teams that pull a fresh lead list weekly or monthly. You upload, they scrub against federal and (if you pay for it) state lists, and you download a cleaned file. Vendors like DNC.com, Cell Phone Scrub, and Contact Center Compliance operate here. Pricing is usually per record. This is the lowest-friction option for small teams living in spreadsheets or basic CRMs.
API-based real-time scrubbing. If your dialer or CRM supports API calls, real-time scrubbing checks each number at the moment of dial instead of at list upload. That catches numbers that registered after your last batch scrub. Several compliance SaaS vendors offer it. The catch: setup needs someone technical, which small teams often don't have on hand.
Dialer-integrated scrubbing. Some dialers (including many cloud-based predictive and power dialers) have built-in DNC scrubbing. Convenient, but check what lists they actually scrub against. Some only check the federal registry. Some only scrub on upload, not at dial time. Read the fine print before you trust it.
Free government tools. The FTC runs a free verification page at donotcall.gov where you can manually check individual numbers [3]. Nearly useless for a team dialing at any real volume, but worth knowing for edge cases.
LeadCompliant's free number checker is one option for teams that want to spot-check numbers without committing to a subscription. It won't replace a full scrubbing workflow for high-volume dialing, but it's a fair starting point for very small lists.
The most common mistake I see small teams make: buy a scrubbing tool, run it once on import, and never touch it again. The FTC requires re-scrubbing at least every 31 days [2]. Numbers register on the DNC list every single day. A list that was clean in January may hold dozens of newly registered numbers by February.
What should you look for in a DNC scrubbing tool before you buy?
Seven things actually matter. Most vendor comparison pages skip the ones that count.
1. Which lists does it scrub against? Ask for a written answer: federal DNC, which state lists, internal DNC, wireless numbers, and whether they check the FCC Reassigned Numbers Database [5]. Get it in writing.
2. How fresh is the data? The FTC updates the registry daily. Some vendors sync weekly or monthly. For a small team re-scrubbing every 31 days, weekly vendor sync is probably fine. For high-frequency campaigns, daily sync matters.
3. Can it ingest your internal opt-out list? Non-negotiable. Your internal DNC list has to apply before dialing. Some cheap tools only check external lists.
4. Does it produce an audit trail? If you face a TCPA lawsuit, you need to show you scrubbed before dialing, when you scrubbed, and which version of the list you used. A good tool logs this without you thinking about it.
5. Where does your data live? You're uploading a list of consumer phone numbers. Ask where that data is stored and whether the vendor sells or shares it.
6. Is pricing by record, by seat, or flat monthly? For a small team with irregular volume, per-record pricing is often cheaper. For a team running steady 15,000-dial months, flat monthly usually wins.
7. Does it handle cell numbers differently? Mobile phone do-not-call list coverage matters if you're dialing cell phones, which is almost everyone now. The DNC Registry covers landlines and cell numbers alike, but some older tools were built back when dialing meant landlines.
If a vendor can't answer questions 1, 2, and 4 clearly and in writing, that's your signal to look elsewhere.
How do you actually get access to the National DNC list?
Two legitimate routes: subscribe directly through the FTC, or pay a third-party provider who has licensed registry data. Most small teams should take the second one.
The FTC's Subscription Account Number (SAN) system lets businesses access the registry [3]. You register your organization, name the area codes you need, and pay the annual fee. All area codes nationwide run $17,082 per year as of the most recent FTC fee schedule. Calling into two or three states? You might pay under $300 for just the relevant area codes.
For how to get the do not call list as a small team, the third-party route is usually more practical. You pay a scrubbing vendor a monthly or per-record fee, and they handle the SAN subscription, the data updates, and the delivery of clean lists. That's the model most small teams run.
Whatever route you pick, document it. Courts and regulators want to see you had a process and followed it. A scrubbing confirmation email or a logged audit report from your vendor is evidence. A handshake with a vendor is not.
What are the penalties for skipping DNC scrubbing?
The numbers aren't abstract. They're written into the statute and enforced regularly.
47 U.S.C. § 227(c)(5) gives consumers a private right of action for $500 per violation or actual damages, whichever is greater, and courts may treble that to $1,500 for willful violations. The statute grants relief to "A person who has received more than one telephone call within any 12-month period by or on behalf of the same entity in violation of the regulations prescribed under this subsection" [1].
The FTC can also chase civil penalties for TSR violations. The current maximum is $51,744 per violation under the Federal Civil Penalties Inflation Adjustment Act [6]. FTC enforcement actions against telemarketers have ended in multimillion-dollar judgments.
State attorneys general pile on. Florida's mini-TCPA (Florida Telephone Solicitation Act) added $500 per call damages for calls to Florida residents using auto-dialers or pre-recorded messages without prior express written consent, regardless of DNC registration [7]. Several states have similar statutes on the books.
Small teams tell themselves they're too small to get caught. Wrong. TCPA plaintiffs' attorneys use robocall analytics and litigation support tools to spot violators, small operations included. The do not call telemarketer list exists partly because consumer complaints trigger both private litigation and regulatory investigations. One complaint can surface a pattern.
How often do you need to re-scrub your lists?
Every 31 days. That's the federal answer. 16 C.F.R. § 310.4(b)(3)(iv) of the Telemarketing Sales Rule requires scrubbing within 31 days of calling [2]. The FCC's matching TCPA regulation at 47 C.F.R. § 64.1200(c)(2) sets the same 31-day window [8].
Some states demand more. Check the specific requirements for every state you dial into. Texas and Florida are the two most aggressive on enforcement, so if you dial either, verify their current rules directly.
In practice, most small teams should scrub every list before every campaign launch, then re-scrub any portion that's been sitting more than two to three weeks. If a rep pulls a lead from a CRM that was imported 45 days ago and never re-scrubbed, that's a gap waiting to become a lawsuit.
The best workflow I've seen for small teams builds the re-scrub into the list import process itself. If a number's last scrub date is older than 28 days, the system flags it before anyone dials. Not every CRM does this natively, but you can usually rig it with a date field and a simple filter.
Does DNC scrubbing apply to text messages too?
Yes, with some nuance. The National DNC Registry was built for voice calls, but TCPA protections for text messages run through a different part of the statute (47 U.S.C. § 227(b)) that focuses on consent rather than DNC registration [1].
Still, the FCC has treated texts to DNC-registered numbers as a potential TCPA violation when the texts are telemarketing. The 2015 FCC Omnibus Order confirmed that texts fall under TCPA [9]. If you're sending text message marketing campaigns, scrubbing against the DNC registry is a real layer of protection, even though the primary requirement for SMS is prior express written consent.
Some vendors offer SMS compliance checks that go past DNC to include SHAFT content screening (Sex, Hate, Alcohol, Firearms, Tobacco) and carrier filtering. For small teams running SMS, a vendor that bundles DNC scrubbing with SMS-specific checks is worth paying a little more for.
For the do not call list specifically, the practical advice is short: scrub your SMS list against the DNC registry as a baseline, and separately confirm you have documented prior express written consent for every number you text for marketing.
Can you build a compliant DNC process without buying a paid tool?
Technically yes. Practically, it's hard to pull off at any real volume.
The FTC's SAN system gives you direct registry access for a fee. You can download the data, load it into a spreadsheet or database, and run your own matching logic. If you have someone technical enough to do it reliably, and you're disciplined about running it every 31 days and keeping an audit log, you can be compliant without a SaaS vendor.
The risks with DIY are real. It breaks when the person who built it leaves. It doesn't handle state lists on its own. It can't check the Reassigned Numbers Database. And every bit of maintenance lands on you.
For a budget-constrained team under ten reps, the most realistic compliant minimum has three parts: (a) subscribe to a SAN for your area codes or use a third-party batch scrubbing service, (b) keep an internal opt-out list in your CRM with a mandatory check before dialing, (c) document every scrub with a timestamp. That process runs under $100 per month for most small teams and covers the legal baseline.
LeadCompliant's free compliance kit walks through how to set up and document this process, which helps if you want a checklist your whole team can follow without hiring a lawyer.
If you want the underlying law before buying any tools, the TCPA overview and the cold call rules article on this site cover the regulatory framework in detail.
What do real TCPA cases tell us about DNC scrubbing failures?
The pattern in almost every contested TCPA case involving DNC violations repeats: the defendant either had no scrubbing process, had one but didn't run it consistently, or ran one that didn't cover all the required lists.
The FTC and FCC have both taken enforcement action against companies that claimed to scrub but couldn't produce documentation. FTC telemarketing cases document a recurring failure mode: a company buys scrubbing software, then lets its registry access go stale, leaving it exposed to calls to numbers that registered in the gap [10].
Private TCPA class actions follow the same fact pattern. Plaintiffs' attorneys subpoena scrubbing logs. If you can't produce them, the inference cuts against you. Courts have granted class certification when a defendant's scrubbing failures were systematic rather than random, because that satisfies the commonality requirement for class treatment.
The takeaway for small teams: the tool matters less than the proof you used it. A mid-range SaaS tool with clean audit logs beats an expensive enterprise system you ran once. Build the paper trail into your process from day one.
Frequently asked questions
Do teams under ten reps really need to pay for a DNC scrubbing tool?
Yes, unless you dial fewer than a few hundred numbers per month and are willing to manually use the FTC's SAN subscription. At any meaningful volume, a paid scrubbing tool is cheaper than the liability it prevents. Entry-level batch scrubbing services start around $30 per month. A single TCPA violation costs $500 to $1,500. The math is not close.
How long after someone registers on the DNC list do you have to stop calling them?
You must stop calling within 31 days of the date they registered, under 16 C.F.R. § 310.4(b)(3)(iv). This is why re-scrubbing at least every 31 days is the legal minimum. If a number registers today and you're running a batch you scrubbed 35 days ago, you're already outside the safe window.
Does the National DNC Registry cover cell phones?
Yes. Consumers can register both landline and mobile numbers on the National DNC Registry at donotcall.gov. The registry has covered cell phones since 2003. Any tool that claims cell numbers are exempt is wrong. TCPA liability for calling cell phones can also arise separately under 47 U.S.C. § 227(b) if an autodialer or prerecorded voice is used without consent.
What's the difference between a DNC scrubbing tool and a consent verification tool?
DNC scrubbing checks whether a number is on a do-not-call list. Consent verification checks whether you have documented permission to contact that number, especially for SMS and autodialed calls to cell phones. They solve different problems. Many vendors offer both, but confirm which service you're buying. Full TCPA compliance needs both layers.
Can a third-party vendor's scrubbing failure be used as a defense in a TCPA lawsuit?
Sometimes, but not reliably. The FCC recognizes a limited safe harbor for good-faith reliance on a vendor, but you still need a written agreement, a legitimate data provider, and a process you followed consistently. Blaming a vendor after the fact, with no documentation, rarely works. The safe harbor is narrower than most vendors imply in their sales pitches.
How do I maintain an internal DNC list if my team uses a CRM?
Add a dedicated opt-out field or tag to every contact record. When a contact asks not to be called, mark them immediately and make sure no campaign can dial them regardless of list source. Most CRMs support this natively. The TSR requires you to honor opt-out requests within 30 days and keep records related to compliance under 16 C.F.R. § 310.5.
Are there free DNC scrubbing tools that are actually compliant?
The FTC's donotcall.gov site lets you manually verify individual numbers for free, which works for spot-checking but not for campaign-level scrubbing. The FTC's SAN subscription is the legitimate free-ish route, though area code fees apply. No fully free automated tool covers federal DNC, all state lists, and the Reassigned Numbers Database at once. Free tools cover partial lists at best.
What records do I need to keep to prove I scrubbed my lists?
Keep dated logs of every scrub: which list, against which databases, on what date, and how many numbers came out. The TSR requires records related to telemarketing compliance to be kept for 24 months under 16 C.F.R. § 310.5. Many attorneys recommend keeping scrubbing logs for five years given TCPA statute of limitations questions. Your vendor's export or confirmation email works as a record.
Do DNC scrubbing rules apply to B2B cold calling?
The National DNC Registry applies to calls to consumers, not businesses. Pure B2B cold calling to business landlines is largely outside DNC registry requirements. But if you call an employee's cell phone, or the number is registered as a personal cell, TCPA protections can still apply. Many advisors recommend scrubbing even B2B lists against the registry, since mobile numbers blur the personal-business line.
How do I scrub against state DNC lists specifically?
Each state with its own DNC list has a separate subscription process and fee structure. Florida, Indiana, and Texas are the most commonly required. Most mid-range scrubbing vendors include major state lists in their subscription. If you use a basic federal-only tool, you need to subscribe directly to each relevant state list or upgrade your vendor. Always check current requirements for every state you dial into, since rules change.
Does scrubbing protect me from all TCPA liability?
No. DNC scrubbing addresses one category of TCPA violation: calling numbers on do-not-call lists. Separate provisions cover autodialer use, prerecorded messages, and consent requirements for cell phones under 47 U.S.C. § 227(b). You can scrub perfectly and still violate TCPA if you use an autodialer to call a cell number without prior express consent. Scrubbing is necessary but not sufficient.
What is the FCC Reassigned Numbers Database and do I need to check it?
The FCC's Reassigned Numbers Database, launched in 2021, tracks numbers that have been disconnected and reassigned to new subscribers. If you call a number based on the previous owner's consent, and it was reassigned, you can face TCPA liability for calling the new owner without consent. Not all vendors check this database, so ask explicitly. High-volume teams dialing cell numbers should treat it as a required check.
Can my dialer handle DNC scrubbing so I don't need a separate tool?
Some dialers include DNC scrubbing as a built-in feature, but verify exactly what they check. Many only scrub against the federal registry and only at list import, not at dial time. Few include all relevant state lists or the Reassigned Numbers Database. Using your dialer's scrubbing feature is fine if it meets all your coverage requirements. If it doesn't, a separate scrubbing layer is worth the added cost.
What happens if a contact re-registers on the DNC list after I scrubbed them as clean?
You're only protected for calls made within 31 days of your last scrub. If someone registers between your scrub dates and you call them, you're potentially liable even though they were clean on your last check. This is why re-scrubbing every 31 days is the legal floor and why some teams re-scrub weekly for active campaigns. The 31-day rule exists precisely because the registry updates continuously.
Sources
- U.S. Code, 47 U.S.C. § 227 (Telephone Consumer Protection Act): $500 per violation, up to $1,500 per willful violation; private right of action for DNC and TCPA violations
- FTC, Telemarketing Sales Rule, 16 C.F.R. § 310: Telemarketers must scrub against the National DNC Registry within 31 days of calling; internal DNC list must be honored within 30 days
- FTC, National Do Not Call Registry, donotcall.gov: Registry holds over 249 million registered numbers; SAN subscription fees range from $74 per area code to $17,082 for full national list annually
- FTC, National Do Not Call Registry information for consumers: Multiple states maintain separate DNC lists with their own registration and scrubbing requirements
- FTC, Federal Trade Commission enforcement and civil penalty information: Maximum civil penalty for TSR violations is $51,744 per violation under Federal Civil Penalties Inflation Adjustment Act
- Florida Legislature, Florida Telephone Solicitation Act, Fla. Stat. § 501.059: Florida's mini-TCPA provides $500 per call damages for calls using auto-dialers or pre-recorded messages without prior express written consent
- FCC, 47 C.F.R. § 64.1200, TCPA Implementing Regulations: FCC requires scrubbing against the National DNC Registry at least every 31 days before initiating calls
- FTC, Legal Library of enforcement cases and proceedings: FTC enforcement actions document cases where companies had scrubbing software but failed to maintain current registry access, resulting in violations