DNC registry explained: what it is, how it works, and what it costs to ignore it

The national DNC registry has 249 million registered numbers. Learn how it works, who must scrub, and what violations cost, up to $51,744 per call.

LeadCompliant Team
23 min read
In This Article

Last updated 2026-07-09

Office worker reviewing phone records under warm afternoon light at a desk
Office worker reviewing phone records under warm afternoon light at a desk

TL;DR

The National Do Not Call Registry is a free federal database, run by the FTC and enforced by the FTC and FCC, where consumers register phone numbers to stop most telemarketing calls. Telemarketers must scrub their call lists against it every 31 days. Violations can cost up to $51,744 per call under current FTC penalty adjustments. Registration never expires.

What is the DNC registry and who runs it?

The National Do Not Call Registry is a database of consumer phone numbers that most telemarketers are legally prohibited from calling. It launched in 2003 after Congress passed the Do-Not-Call Implementation Act of 2003 and the FTC and FCC issued coordinating rules. The FTC operates the registry itself at donotcall.gov. The FCC enforces compliance for telephone carriers and most callers under the Telephone Consumer Protection Act (47 U.S.C. § 227). The FTC enforces compliance under the Telemarketing Sales Rule (16 C.F.R. Part 310) [1][2].

As of the FTC's most recent annual report, the registry holds roughly 249 million active registrations [3]. That number has grown every year since launch.

The split jurisdiction confuses people. FTC handles deceptive telemarketers and the database itself. FCC handles robocalls, autodialers, and prerecorded messages. Both agencies can act on DNC violations, sometimes at the same time. The Consumer Financial Protection Bureau can also pursue violations involving financial products. State attorneys general bring their own actions under the federal statute and under separate state laws [4].

Here is the framing that matters: the registry is a floor, not a ceiling. States like Florida, Indiana, and Pennsylvania run their own do not call lists that layer on top of federal requirements. You comply with both, or you are exposed [5].

How does a consumer register a number on the national DNC registry?

Consumers register at donotcall.gov or by calling 1-888-382-1222 from the number they want to register. Online registration handles most cases. The phone option exists because not everyone has internet access [1].

Registration takes about 24 hours to go live online, but the TCPA and TSR give telemarketers a 31-day grace period. So if a consumer registers today, telemarketers have up to 31 days before they are legally required to stop calling that number [2].

Registration never expires. The FTC dropped expiration requirements in 2008. Before that, registrations lapsed after five years. Now a number stays on the registry indefinitely unless the consumer removes it, or the number gets reassigned to a new subscriber who then calls in to register it again [3].

Cell phones can be registered. There is a stubborn myth that cell numbers are automatically protected from telemarketers. They are not. A consumer who wants federal DNC protection on a cell number has to register it, same as a landline. The TCPA also has separate, stricter rules for calls to cell phones using autodialers or prerecorded messages, but that is a distinct layer from the registry itself. For a full breakdown of how mobile numbers interact with the DNC rules, see mobile phone do not call list.

Who is required to check the DNC national registry before calling?

Any person or entity that makes telephone solicitations or telemarketing calls to consumers in the United States has to access and scrub against the national do not call registry. The TSR defines a telemarketing call as an outbound call to induce a purchase of goods or services [2]. That covers B2C outbound sales teams, debt settlement companies, home security sellers, insurance agents, real estate cold callers, and most lead-gen operations that eventually route toward a consumer sale.

B2B calls are not covered by the national registry. The TSR and TCPA DNC rules apply to calls made to residential numbers, including cell phones used for personal purposes. A call to a business landline for a B2B pitch does not trigger registry-scrub requirements. But watch this trap: if your list contains cell numbers and you cannot confirm those numbers are used only for business, treat them as residential.

Exempt categories under the TSR and TCPA break down like this [2][4]:

Caller TypeDNC Registry Required?Notes
Political organizationsNoFirst Amendment protection
Charities (direct solicitation)NoTSR charity exemption
Survey/polling firmsNoNot selling a product
Tax-exempt nonprofitsNoFundraising calls only
Companies with EBRNo (for 18 months)Must still honor individual do-not-call requests
Licensed real estate agentsYesNo specific exemption from DNC
Insurance sellersYesNo specific exemption
Third-party lead buyersYesEBR runs from buyer, not original data source

The existing business relationship (EBR) exception deserves attention. If a consumer has made a purchase, transaction, or inquiry within the past 18 months, you may call them even if they are on the national registry. The clock resets only from the last transaction, not from first contact. And if that same consumer has ever sent you a specific do-not-call request, the EBR is void for that person no matter what the timeline says [2].

National DNC Registry: key numbers Federal figures from the FTC annual Data Book and current penalty schedule 249 Registered numbers (million… 52k Max civil penalty per violation ($) 1,500 TCPA treble damages per willful call ($) 18k Annual cost for all area codes ($) Source: FTC National Do Not Call Registry Data Book; FTC civil penalty inflation adjustments

How do you access and scrub against the DNC call registry?

Telemarketers access the registry through the FTC's Telemarketer Registration system at telemarketing.donotcall.gov. The fee structure is tiered. Access is free for the first five area codes per year. After that, organizations pay an annual fee per area code [9].

As of the FTC's current fee schedule, access to all area codes costs $17,506 per year. One organization can access every U.S. area code for that flat fee. If you only call into two or three states, buying just those area codes is much cheaper [9].

The scrub process is simple in concept. You download the registry data for the area codes you call, compare your call list against those numbers, and remove any matches before dialing. You repeat this at least every 31 days. Calling a number that was on the registry when you last downloaded the data is a violation, even if the consumer registered after your previous scrub. The safe-harbor provision under 16 C.F.R. § 310.4(b)(3)(iv) protects a seller only if they accessed the registry within 31 days and the number was not on it at that time [2].

Most compliance teams do not scrub by hand. They use a DNC compliance vendor or a dialer platform with built-in scrubbing. If you want to understand how to pull the list yourself or evaluate vendors, the walkthrough at how do i get the do not call list covers the mechanics step by step.

LeadCompliant's free DNC checker lets you verify individual numbers against the national registry instantly, which is useful for spot-checking leads before a campaign goes live. That kind of quick check catches obvious problems before they turn into liability.

What are the penalties for violating the DNC registry?

This is where teams who ignored the registry start to sweat. The numbers are big, and the private lawsuits are worse than the fines for most small companies.

The FTC can impose civil penalties of up to $51,744 per violation under the current inflation-adjusted maximum, which the FTC updates every year under the Federal Civil Penalties Inflation Adjustment Act [6]. The FCC has its own penalty authority under the TCPA. Under 47 U.S.C. § 227(c)(5), a consumer can bring a private right of action and recover $500 per violation, or up to $1,500 if the court finds the violation was willful or knowing [4]. Consumers do not need to prove damages. The statutory amount is the floor.

The private right of action is where small businesses get surprised. A single plaintiff in a TCPA suit is not that scary. A class action is another animal. In 2017, satellite provider DISH Network was ordered to pay $280 million in a multi-agency case for DNC violations, one of the largest in FTC history [7]. That case combined FTC, DOJ, and multiple state claims.

The FTC also goes after smaller companies. Enforcement actions against home security sellers, warranty companies, and timeshare resellers show up regularly in the FTC's reporting. The agency logs millions of complaints a year.

Willfulness matters. Under the TCPA's treble damages provision, calling someone who is on the registry and who has also sent you a specific do-not-call request triggers the $1,500 per call figure, not $500 [4]. If your dialer logged an opt-out and your team kept calling anyway, that is the fact pattern courts find willful.

For more on what the complaint and lawsuit process looks like, do not call list report walks through how complaints flow from consumers to the FTC and how enforcement actions get triggered.

Does the DNC registry apply to text messages and SMS?

Short answer: the registry was built for voice, but texts still get you sued. The FCC treats text messages as calls under the TCPA, so a text to a wireless number without consent can trigger liability whether or not the number sits on the registry.

A 2003 FCC declaratory ruling stated that text messages to wireless numbers qualify as calls under 47 U.S.C. § 227, and later FCC orders held that line [8]. So an autodialed text sent to a wireless number without prior express written consent can trigger TCPA liability, registry or not.

The TSR's DNC registry requirements technically apply to telephone solicitations and have historically been read in the context of voice calls. FTC enforcement has focused on voice. But the FCC's TCPA rules use a broader definition of call, and those rules do reach texts sent via autodialer.

For most outbound sales teams doing SMS, the practical compliance layer is consent. Get prior express written consent before texting. That is the standard approach, and it clears both the TCPA autodialer rules and the registry overlap at once. The registry alone never tells you it is safe to text someone.

Do not assume a number missing from the registry is textable. The registry check is one layer. Consent documentation is another.

What is the difference between the national DNC registry and state do not call lists?

The national registry is federal, run by the FTC, and sets a baseline. Many states run their own lists that go further, with tighter timing rules, lower penalty thresholds, or broader definitions of who counts as a telemarketer.

State lists sometimes require scrubbing every 30 days versus the federal 31-day standard. They can extend coverage to categories the federal registry exempts, like certain insurance or real estate calls.

Florida runs the Florida Do Not Call Act alongside the national registry. The florida do not call list covers state-specific requirements including its own seller registration system and its own penalty structure. Indiana and Pennsylvania run similar parallel programs [5].

The practical rule: if you call into a state that has its own list, you scrub against both the national registry and the state list. Federal compliance alone does not immunize you from state enforcement. For specifics on Indiana and Pennsylvania, see indiana do not call list and do not call list pa.

As a rough count, more than 30 states have their own telemarketing statutes, and roughly half of those keep a state-level DNC list on top of the national program [5]. If you run a national outbound campaign and check only the federal registry, you are exposed in a real number of states.

What records must a company keep to prove DNC registry compliance?

The TSR requires sellers and telemarketers to keep specific records to claim the safe harbor in any enforcement action. Under 16 C.F.R. § 310.5, covered entities must maintain [2]:

  • A written copy of their do-not-call policy
  • Training records showing personnel were trained on that policy
  • Records of all do-not-call requests received from consumers (the company-specific list)
  • Documentation that registry access occurred within the 31-day window before each calling campaign
  • Proof of the subscription or registration with the FTC's telemarketer registration system

The retention period is 24 months for most records. That means two full years from the date of the record, not from the last call.

The safe harbor for calling a registered number is narrow. Under the TSR, it requires that the seller accessed the registry within 31 days, that the number was not present at that access, and that calling the number was not intentional. Sloppy record-keeping destroys safe harbor claims in litigation because you cannot prove your scrub timing.

For teams that use a do not call telemarketer list vendor or an integrated dialer, the vendor should hand you downloadable evidence of each scrub run, with timestamps. Ask for that documentation. Store it. If the vendor cannot produce it, that is a red flag.

Can a company still call someone who is on the DNC registry?

Yes, in specific situations. The registry is not an absolute ban on all contact.

The existing business relationship exception is the big one. If the consumer made a purchase or transaction with your company within the last 18 months, or made an inquiry or application within the last three months, you may call them despite their registry listing [2]. The EBR runs from the date of the last transaction, not from the start of the relationship.

Express written consent overrides the registry entirely. If a consumer signed a written agreement (or its digital equivalent) that clearly authorizes your company to call them, that consent holds even if they are on the national registry. The consent has to name the seller specifically. A consent form that names a lead generator but not the end-seller is not enough for the end-seller [4].

Personal relationships are also exempt. A call to a family member, friend, or someone you know personally is not a telemarketing call under the rule.

Here is the catch that trips people up: consent and EBR do not waive company-specific do-not-call obligations. If a consumer called you six months ago and asked to be added to your internal do-not-call list, and they also have an open account with you (EBR), you still cannot call them. The internal request beats the EBR [2].

For a structured breakdown of how to build and manage the internal company-level list alongside the national registry, the overview at do not call list number covers that process.

How does the FTC enforce DNC registry violations and what do recent cases show?

The FTC investigates DNC complaints filed through donotcall.gov and receives millions of complaints per year. Most never turn into individual enforcement actions. The FTC uses the complaint data to spot patterns: which companies, which area codes, which calling behaviors cluster above normal thresholds [3].

When the FTC acts, it usually files in federal district court seeking injunctive relief, civil penalties, and disgorgement of profits. Defendants can settle or litigate. Settlements routinely include compliance monitoring periods, compliance reports filed with the court, and sometimes outside compliance monitors paid for by the defendant.

A few reference points from real enforcement actions:

  • DISH Network (2017): $280 million judgment for over 100 million DNC and robocall violations, a combined FTC/DOJ/state action [7].
  • The FTC's routine docket includes home security sellers, warranty companies, and timeshare resellers, many of them small operators.

The FTC's ftc do not call list enforcement page lists active cases and settled orders, which is the cleanest public record of what conduct triggers enforcement.

For smaller companies, private TCPA litigation is the more immediate risk. Plaintiffs' attorneys watch DNC complaint databases and FCC filings for targets. A single consumer who received five unsolicited calls could file for $7,500 (five calls at $1,500 each) in small claims without an attorney. Multiply that by a class of 10,000 people who received similar calls and you are staring at tens of millions in exposure.

The statute of limitations for TCPA private actions is four years.

What is a do-not-call policy and why does every calling organization need one in writing?

A written do-not-call policy is not optional. The TSR requires it as a condition of the safe harbor from DNC violations [2]. More practically, it is the document that proves you ran a good-faith compliance program if you ever get sued or investigated.

The policy has to cover, at minimum: how consumer do-not-call requests get captured, how they enter the company's internal suppression list, how long the suppression lasts (five years or more under the TSR), how agents are trained on the policy, and how compliance is monitored. The FCC's TCPA rules under 47 C.F.R. § 64.1200(d) spell out specific elements required for a compliant written policy for residential subscribers [8].

Agent training documentation matters almost as much as the policy itself. In litigation, defendants who can show they trained employees on the policy and ran periodic audits get treated better than those who had a policy on paper but no proof anyone read it.

One thing teams get wrong: they build a policy that covers the national registry but ignores the company-specific list. These are two separate obligations. The national registry covers consumers who opted out at the federal level. The company-specific list covers consumers who told you directly to stop calling. Both must be kept, and both must be honored. The internal list is easier to violate in practice, because it lives inside your own CRM and depends entirely on your own data hygiene.

Frequently asked questions

How long does a number stay on the national DNC registry?

Permanently. The FTC eliminated expiration dates in 2008. Once a consumer registers a number, it stays on the national do not call registry indefinitely unless the consumer removes it or the number is reassigned to a new subscriber. Telemarketers must honor registrations for as long as the number appears on the registry, which under current policy means forever unless the number is deregistered.

How often do telemarketers have to scrub against the DNC registry?

At least every 31 days. The TSR requires that sellers access the registry within 31 days before starting a calling campaign and repeat that access on a rolling 31-day cycle. Calling a number that was on the registry at the time of your most recent scrub is a violation, even if the consumer registered after the previous download.

Does the DNC registry cover cell phones?

Yes. Consumers can register any phone number, including cell phones, on the national do not call registry. Cell numbers are not automatically protected. A consumer must register the number. That said, the TCPA has a separate, stricter layer of protection for cell phones that restricts autodialed and prerecorded calls regardless of registry status, requiring prior express written consent.

Is the DNC registry free for consumers to use?

Yes, registration is completely free for consumers at donotcall.gov or by calling 1-888-382-1222. There is no fee, no renewal, and no expiration. Telemarketers, on the other hand, pay to access the database, with fees starting at zero for the first five area codes and rising to $17,506 per year for access to all U.S. area codes.

What is an existing business relationship and how long does it last?

An existing business relationship (EBR) is a prior transaction, purchase, or inquiry between a consumer and a seller. Under the TSR and TCPA, an EBR lets a seller call a consumer on the national DNC registry for 18 months after the last transaction or 3 months after the last inquiry. The EBR is void if the consumer has ever sent a specific do-not-call request to that company.

Can you call a DNC-registered number if the consumer gave consent?

Yes. Prior express written consent specifically authorizing your company to call overrides the national DNC registry. The consent must be in writing (including electronic), must clearly authorize calls from your specific company, and must not be a condition of any purchase. Consent obtained by a third-party lead generator naming a different seller does not transfer to you.

What happens if a company calls a number that just registered on the DNC list?

There is a 31-day grace period. If you accessed the registry, the number was not on it at that time, and you called within 31 days of that access, you are inside the TSR's safe harbor even if the consumer registered the day after you downloaded the data. But you must have documented proof of your scrub date. Without that documentation, the safe harbor is very hard to claim.

Do state do not call lists cover more numbers than the national registry?

Often yes. State lists may include numbers that never registered federally, and state laws can extend protections to categories exempt under federal law. More than 30 states have telemarketing statutes, and many maintain separate state-level lists. Companies calling into Florida, Indiana, Pennsylvania, and several other states must scrub against the state list in addition to the national registry.

How much does it cost to access the national do not call registry as a telemarketer?

Free for the first five area codes per calendar year. After that, the FTC charges per area code. Full national access to all area codes costs $17,506 per year under the current FTC fee schedule. Organizations that only call within a limited geographic area can cut that cost significantly by buying only the area codes their campaigns need.

What records must I keep to prove I complied with the DNC registry?

Under 16 C.F.R. § 310.5, you must keep: a written do-not-call policy, agent training records, logs of consumer do-not-call requests and your internal suppression list, documentation of each registry access with timestamps, and your FTC telemarketer registration. Retention period is 24 months. These records are your defense in an audit or lawsuit.

Can the FTC fine a small business for DNC violations?

Yes. The FTC pursues companies of all sizes. Civil penalties reach $51,744 per violation under the current inflation-adjusted maximum. The FTC also receives consumer complaint data that automatically flags calling patterns, so small-volume violators can surface the same way large ones do. Beyond FTC action, individual consumers can sue under the TCPA without an attorney for $500 to $1,500 per call.

Does the DNC registry apply to B2B calls?

No. The national do not call registry and the TSR's DNC provisions apply to calls made to residential numbers for telemarketing purposes. Calls to business numbers for B2B purposes are not covered. But if your list includes cell phones and you cannot confirm they are used only for business, treating them as residential is the safer approach.

What is a company-specific do not call list and how is it different from the national registry?

The national registry is a federal database of consumers who opted out at the government level. A company-specific list is your internal suppression file of consumers who asked your company directly to stop calling. Both are legally required. A consumer's request to your company must be honored for at least five years under the TSR, regardless of whether they are on the national registry.

How do I report a telemarketer who called me despite being on the DNC registry?

File a complaint at donotcall.gov. You will need the date of the call, the caller's number or name if displayed, and a brief description. The FTC uses complaint data to identify patterns and build enforcement cases. Filing does not guarantee action against one caller, but it feeds the dataset that triggers investigations. You can also report to your state attorney general.

Sources

  1. FTC, National Do Not Call Registry consumer page: Consumers register at donotcall.gov or by calling 1-888-382-1222; the FTC operates the registry
  2. FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: TSR requires 31-day scrub cycle, defines EBR exemptions, requires written do-not-call policy, and specifies record-keeping requirements under 16 C.F.R. § 310.5
  3. FTC, National Do Not Call Registry Data Book (annual report): Registry holds approximately 249 million active registrations as reported in the FTC's annual Data Book
  4. U.S. Code, 47 U.S.C. § 227 (Telephone Consumer Protection Act): Private right of action under 47 U.S.C. § 227(c)(5) allows consumers to recover $500 per violation or $1,500 for willful violations; FCC enforces TCPA DNC rules
  5. National Conference of State Legislatures, Telemarketing and Do Not Call Laws: More than 30 states have telemarketing statutes; many maintain state-level DNC lists supplementing the federal registry
  6. FTC, Legal Library rules and civil penalty inflation adjustments (Federal Civil Penalties Inflation Adjustment Act): Current maximum civil penalty is $51,744 per TSR violation, adjusted annually for inflation
  7. FTC, News and press releases (DISH Network judgment): DISH Network was ordered to pay $280 million in a multi-agency action for over 100 million DNC and robocall violations, one of the largest in FTC history
  8. FTC, Telemarketer Registration System for DNC Registry Access: Telemarketers register and access registry data through telemarketing.donotcall.gov; first five area codes free annually, all area codes $17,506 per year
  9. Do-Not-Call Implementation Act of 2003, Pub. L. 108-10: Congress passed the Do-Not-Call Implementation Act in 2003, authorizing the FTC and FCC to coordinate the national registry

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit