Last updated 2026-07-09

TL;DR
Federal law requires telemarketers to access the National Do Not Call Registry at least every 31 days and scrub their call lists against it before dialing. The FTC's rules set a 31-day safe harbor window. Each call to a registered number after that window closes can cost up to $51,744 per violation under the Telemarketing Sales Rule.
What does federal law actually say about how often you must check the DNC registry?
Every 31 days, at minimum. That's the whole answer, and the rest is detail.
The FTC's Telemarketing Sales Rule (TSR), codified at 16 CFR Part 310, gives telemarketers a safe harbor as long as they have accessed the National Do Not Call Registry no more than 31 days before any call is placed [1]. The rule does not say "once a month." It says 31 days. That distinction matters because February has 28 days, and a company that checks on February 1 and assumes the next check is March 1 has gone 28 days, which is fine. A company that checks January 31 and waits until March 3 has gone 31 days on the nose, and anything past that is outside the safe harbor.
The TCPA itself (47 U.S.C. § 227) does not spell out the 31-day interval. That detail lives in the FTC's implementing rules, which the FCC mirrors for its own enforcement through 47 CFR Part 64, Subpart L [2]. Both agencies treat the 31-day window as the operative standard for residential and wireless scrubbing.
A lot of teams say "30 days" out loud. Close enough in conversation. But the regulation says 31, so build your calendar around 31 and stop guessing.
Why is the number 31 days and not 30?
The 31-day window comes from the FTC's 2003 rulemaking that created the National Do Not Call Registry [3]. The commission picked 31 days to give registrants real protection soon after adding a number, while giving telemarketers a workable compliance cycle. The registry updates nightly, so a number added today can show up in a downloaded list within 24 hours.
The logic is simple. Consumers who register deserve to stop getting calls quickly. Early rules gave telemarketers a longer runway to honor new registrations, but the FTC tightened that. Today a number on the registry has to be honored, and your scrub has to be current enough that you would have seen it.
Wait 45 days between scrubs and you open a 14-day gap where someone could register with no defense on your side. The 31-day cycle closes that gap for any number sitting in the registry before your last download.
What are the fines for calling someone on the DNC list?
Each call to a registered number that your scrub should have caught counts as a separate violation. That's the part that hurts. The FTC adjusts its civil penalty cap for inflation under the Federal Civil Penalties Inflation Adjustment Act, and as of 2024 the maximum penalty per TSR violation is $51,744 [4]. The FCC runs a separate structure under TCPA Section 227(c): $500 per violation, up to $1,500 for willful ones, and those mostly arrive through private lawsuits rather than agency action.
Those numbers stack. A plaintiff or the government can run up counts fast. If your list held 10,000 numbers that sat on the registry and you called all of them, you are not looking at one fine. You are looking at up to 10,000 separate counts.
Enforcement has produced some staggering outcomes. The FTC obtained a $225 million judgment against a robocall operation in 2021 [5], and while that case involved egregious conduct, it shows how regulators treat every call as its own offense. Smaller shops have faced six-figure settlements over a few hundred bad calls.
For small teams, the TCPA's private right of action is the bigger day-to-day threat. Any consumer whose number sat on the registry can sue without waiting for the FTC or FCC to move first. Class actions bundle those individual claims. One missed scrub can become a class covering everyone in the same spot.
Does the 31-day rule apply to cell phones as well as landlines?
Yes. Wireless numbers have been eligible for the National DNC Registry since 2003, when the FTC clarified that the registry covers wireless numbers used for residential purposes [6]. The FCC confirmed the same in its own rules. Someone who takes calls at home on a cell phone, or uses a cell in place of a landline, can register it and expect the same protection a landline gets.
Mobile numbers carry a second layer. The mobile phone do not call list rules matter because the TCPA restricts autodialed or prerecorded calls to cell phones no matter the DNC status, and those calls need prior express written consent. So scrubbing against the registry is necessary but not enough for wireless. You also have to confirm consent for any automated dialing.
Your 31-day scrub cadence has to cover the entire call list. more than the landline segment.
How do you actually access the National DNC Registry to run a scrub?
The FTC runs the registry at donotcall.gov [9]. To pull numbers for scrubbing, your organization registers as a seller or telemarketer, pays the annual fee (as of 2024, $79 per area code, up to a maximum of $18,044 for all area codes in a year) [7], then downloads the numbers in your target area codes.
You download the file, compare it against your call list, remove the matches, and document when you did it. The documentation is what saves you. If the FTC or a plaintiff's attorney asks, you show the timestamp of your last download and proof you scrubbed against it before the calls went out.
Some compliance vendors handle the process for you. They keep a registry subscription, run your list on a schedule you set, and hand back a scrubbed list. If you use one, make the contract spell out how often they pull the registry. A vendor that refreshes its copy every 60 days is not giving you a 31-day-compliant scrub, even if it runs your list daily.
Want the step-by-step on getting access? How do I get the do not call list walks through the FTC's portal in detail.
LeadCompliant's free DNC checker lets you verify individual numbers against the registry as a quick sanity check, though full list scrubbing still needs a direct subscription or a licensed vendor.
What records do you need to keep to prove your scrubs were timely?
The TSR requires telemarketers to keep records showing compliance for 24 months [1]. For DNC scrubbing, that means holding on to:
- The date and time of each registry download
- Which area codes you pulled
- The version or date stamp on the downloaded file
- Evidence that your call list was compared against that file before dialing
- Any exception documentation (established business relationships, written consent, and the like)
A spreadsheet that logs each scrub event with a hash or file size of the downloaded registry file is a reasonable floor. Bigger operations often archive the actual files, because the file itself proves what the registry looked like on that date.
Run in states with their own DNC registries and you need parallel records for those scrubs too. Several states (Florida, Indiana, Pennsylvania, and others) keep separate lists with their own rules. The Florida do not call list, Indiana do not call list, and Pennsylvania do not call list each have their own access and update requirements, some tighter than the federal 31-day standard.
Are there exceptions that let you call someone on the DNC registry without scrubbing?
Three main exceptions exist, and every one of them needs documentation.
Established business relationship (EBR): If someone made a purchase or payment within 18 months before the call, or submitted an inquiry or application within 3 months before, you have an EBR that lets you call even if they sit on the registry [1]. The clock resets with each new transaction or inquiry. Tell you to stop, though, and the EBR dies. You cannot call again.
Written agreement: If the consumer gave you their number and agreed in writing to hear from your organization specifically, you can call even if they are registered. The consent has to be clear, and it has to name your company. Consent to call "our partners" does nothing for you.
Tax-exempt nonprofit: Organizations qualifying as tax-exempt nonprofits under Section 501(c)(3) of the Internal Revenue Code are generally exempt from the TSR's DNC provisions. Careful here: if you are a for-profit calling on behalf of a nonprofit, the exemption may not cover you.
None of these erase the need to know who is on the registry. You still need the access, you still run the scrub, you just log the exception basis alongside the record. And when an exception lapses (an EBR ages out, a consumer revokes consent), that number is DNC-protected again.
What is the difference between the national DNC registry and company-specific do not call lists?
Two completely separate obligations. Confusing them is common and expensive.
The National DNC Registry is the FTC-maintained federal list. Scrubbing it every 31 days handles one set of requirements.
Your internal (company-specific) do not call list is a different animal. Under 47 CFR § 64.1200(d), anyone who asks not to be called by your company must land on your internal DNC list within 30 days of the request, and you must honor that request for 5 years [2]. The internal list is separate from and on top of the national registry. Someone who never registered federally but told your rep to stop is still protected by your internal obligation.
A third category shows up in some states: state-operated DNC registries. They work like the national one but sit with state attorneys general. Call into Florida, Indiana, Pennsylvania, or other states with active lists and you scrub those too. The federal registry does not absorb the state lists.
So a fully compliant operation runs three scrubs. National registry every 31 days. State registries per each state's rules. Internal list before every call, in practice, because new opt-outs can arrive any day.
For a broader look at all these list types, do not call telemarketer list covers how each one works and who enforces it.
How does the 31-day rule interact with the TCPA's established business relationship rules?
The TCPA and TSR use similar but not identical EBR definitions, and that mismatch creates real traps.
Under the FTC's TSR, the EBR for DNC purposes lasts 18 months from a transaction or 3 months from an inquiry. Under the FCC's TCPA rules (47 CFR § 64.1200), the EBR concept for residential calls has historically been similar, but the FCC has made clear that an EBR does not authorize autodialed or prerecorded calls to wireless numbers, whatever the relationship. Those need prior express written consent.
So even if a valid EBR lets you call a cell number under the TSR's DNC rules, you may still need separate TCPA consent if you are using an autodialer or a pre-recorded message. The rules stack. They do not substitute.
Here's the real-world version. Someone bought from you 10 months ago, so you probably have an EBR and can call their landline without breaking the DNC rules. Call their cell with a dialer and you need to check whether you also have TCPA consent on file. Plenty of teams miss this distinction, and that gap is where a lot of TCPA suits start.
Want to report a number still getting calls despite being registered? Do not call list report explains the consumer complaint process and how the FTC uses those reports.
What should your internal DNC compliance calendar actually look like?
Here's a working cadence for a small outbound team.
Every 31 days or sooner: Download updated national registry files for every area code you dial. Log the download date and file metadata. Run your active call list against the registry before the next dialing session.
Before any new list loads: Scrub it against the most recent registry download and your internal do not call list. New lists that skip this step are where violations cluster.
Same day as any opt-out: Add the number to your internal DNC list. Don't wait for the end of the week or the next refresh. The TSR and FCC rules require the opt-out honored at the call level right away, and your list has to reflect it within 30 days at the outside.
Quarterly: Review your state registry subscriptions. Some states charge annual fees and require separate registration. Confirm the subscriptions are live and the downloads are current.
Annually: Audit your EBR and consent records. EBRs age out. Consent documentation degrades. A once-a-year review of which numbers are covered by which legal basis is not optional for a team that takes this seriously.
LeadCompliant's compliance kit includes a pre-built scrub log template and a state-by-state DNC checklist that maps each state's rules against the federal standard. It's free and saves the hour or two you'd spend building it yourself.
A simple internal reference on what the government do not call list covers (and what it doesn't) helps the whole team understand why these calendars exist.
What happens during an FTC or FCC investigation if you cannot prove your scrubs?
The burden of proof is on you. Section 310.4(b)(3) of the TSR says a seller or telemarketer claiming the safe harbor has to demonstrate it accessed the registry within the applicable period and maintained the procedures [1]. No records, no safe harbor.
Without the safe harbor, every call to a registered number becomes a potential per-call violation. Investigators pull call records, line them up against registration dates, and count violations mechanically. A company that made 5,000 calls in a period and can't produce clean scrub logs faces the real chance that a meaningful slice of those calls hit registered numbers.
The FTC doesn't demand perfection. A documented, reasonable process with an isolated error is context that helps in settlement talks. But "we thought our vendor was handling it," with no contract naming the vendor's scrub frequency, is not a defense the FTC has accepted in consent orders.
One practical tip. Keep your scrub logs in a format a non-technical person can read. An attorney or investigator should open your records and see dates, area codes downloaded, and confirmation the list was cleaned. If your records need decoding, they won't help you under pressure.
For how the registry itself is built and what it holds, the do not call list number page explains registration from the consumer side, which helps compliance teams picture what they are scrubbing against.
Frequently asked questions
Do companies legally have to check the DNC registry every 30 days or every 31 days?
The federal regulation (16 CFR § 310.4(b)(1)(iii)) specifies 31 days, not 30. The safe harbor requires that a telemarketer accessed the registry no more than 31 days before placing any call. Most teams say "monthly" as shorthand, but building your calendar around 31-day intervals is the legally correct approach. Never let a gap exceed 31 days between downloads.
What is the maximum fine for calling someone on the do not call list?
The FTC's maximum civil penalty under the Telemarketing Sales Rule is $51,744 per violation as of 2024, adjusted for inflation. Each call to a registered number is a separate violation. The TCPA separately lets private plaintiffs sue for $500 to $1,500 per call. These stack: regulatory fines and private class actions are not mutually exclusive, so one batch of bad calls can trigger both.
Can a company call a cell phone that is on the DNC registry if they have the person's consent?
Yes. Prior express written consent overrides DNC registry protections for your company specifically. The consent must be clear, name your organization, and meet the FCC's requirements under 47 CFR § 64.1200. Without that written consent, a cell phone on the registry cannot be called for telemarketing. The registry applies to wireless numbers, and the TCPA adds autodialer consent requirements on top.
Does the 31-day scrub requirement apply to text messages as well as calls?
Marketing text messages are generally subject to TCPA rules requiring prior express written consent, a stricter standard than the DNC scrub. If texts are part of a telemarketing campaign, FTC guidance suggests TSR obligations can apply. In practice, most compliance attorneys advise scrubbing SMS lists against the DNC registry and separately confirming written consent for any automated text campaign.
What is an established business relationship and how long does it last for DNC purposes?
Under the FTC's TSR, an established business relationship (EBR) exists for 18 months after a purchase or payment, or 3 months after an inquiry or application. During that window, you can call the number even if it's on the DNC registry. The EBR is extinguished the moment the consumer tells you to stop calling. After that, no EBR applies and the DNC protection is fully restored.
If we use a third-party dialer or list vendor, are we still responsible for the scrub?
Yes. The FTC holds both the seller and the telemarketer liable. If a vendor provides a list or makes calls on your behalf without proper scrubbing, you can be named in an enforcement action even if you never dialed. Your vendor contract should specify their scrub frequency and your right to audit their compliance. "We relied on the vendor" is not a safe harbor under the TSR.
How do state DNC registries interact with the federal registry?
They are separate obligations. Scrubbing the federal National DNC Registry does not satisfy state-level requirements. States like Florida, Indiana, Texas, and Pennsylvania keep their own registries. Some require separate registration and fees, and some use update intervals different from the federal 31-day standard. If you call numbers in those states, you must subscribe to and scrub against both the federal registry and any applicable state registry.
How long must companies keep records of their DNC registry scrubs?
The TSR requires records kept for 24 months (16 CFR § 310.5). For DNC scrubs, that means 24 months of documentation showing when you downloaded the registry, which area codes you pulled, and evidence that your call list was cleaned before dialing. If a complaint or lawsuit hits, those records are what you produce. Missing records mean the safe harbor presumption works against you.
Does the do not call registry cover B2B calls?
No. The National DNC Registry protects residential telephone subscribers, including consumers using wireless phones for residential purposes. Calls to business numbers for legitimate business-to-business purposes are generally not covered. But B2B calls can still violate the TCPA if they use an autodialer to reach a wireless number, whatever the DNC status. Always confirm a number is truly a business line before assuming the B2B exemption applies.
Can a consumer sue me directly for calling their DNC-registered number?
Yes. Section 227(c) of the TCPA provides a private right of action for residential subscribers who receive more than one telemarketing call within a 12-month period from the same entity after their number has been on the registry for at least 31 days. The consumer can sue in small claims or federal court for $500 per violation, trebled to $1,500 for willful ones. Class actions aggregate those claims and have produced settlements in the tens of millions.
How quickly after a consumer registers their number must a company stop calling?
Consumers must be on the DNC registry for at least 31 days before the protections take effect for most telemarketers. After that period, any telemarketer who scrubs the registry within the required 31-day window must not call that number. If you scrub on a given date and a consumer registered 35 days ago, their number will be in your download and must be removed before you dial.
What does it cost to access the National DNC Registry for scrubbing purposes?
As of 2024, the FTC charges $79 per area code annually, with a maximum fee of $18,044 for access to all area codes nationwide. Organizations calling into five or fewer area codes pay $395 per year or less. Small teams calling a targeted geography often find the direct subscription affordable. The fee covers unlimited downloads throughout the year for the purchased area codes.
Is there a free way to check individual numbers against the DNC registry?
Individual lookups can be done through the FTC's donotcall.gov portal to verify a single number's registration status, useful for one-off checks or auditing complaints. Bulk list scrubbing requires a paid subscription. Some compliance platforms offer free single-number checks as a feature. Those individual lookups are for verification, not a substitute for the required pre-call list scrub.
Sources
- FTC, Telemarketing Sales Rule, 16 CFR Part 310: Telemarketers must access the National DNC Registry no more than 31 days before placing calls and must retain compliance records for 24 months.
- FTC, National Do Not Call Registry: 2003 Final Rule, 68 FR 44144: The FTC established the 31-day scrub window in its 2003 rulemaking creating the National Do Not Call Registry.
- FTC, Federal Trade Commission legal library and enforcement, 2024 civil penalty adjustments: The maximum civil penalty per TSR violation as of 2024 is $51,744, adjusted for inflation under the Federal Civil Penalties Inflation Adjustment Act.
- FTC, News and Events press releases, 2021 robocall judgment: The FTC obtained a $225 million judgment against a robocall operation, illustrating per-call enforcement at scale.
- FTC, Q&A for Telemarketers and Sellers About the DNC Provisions, business guidance: Wireless numbers used for residential purposes have been eligible for registration on the National DNC Registry since 2003.
- FTC, National Do Not Call Registry, fees and reports: The annual fee for DNC Registry access is $79 per area code, capped at $18,044 for all area codes as of 2024.
- U.S. Code, 47 U.S.C. § 227, Telephone Consumer Protection Act: Section 227(c) of the TCPA provides a private right of action allowing consumers to sue for $500 to $1,500 per violation for calls to DNC-registered numbers.
- FTC, National Do Not Call Registry, donotcall.gov: Organizations must register and pay applicable fees at donotcall.gov to access registry data for scrubbing purposes.