DNC registry integration: how to scrub your call lists correctly

Learn how to integrate the National DNC Registry, what the FTC charges for access, the 31-day scrub rule, and how to avoid TCPA fines up to $51,744 per call.

LeadCompliant Team
24 min read
In This Article

Last updated 2026-07-09

Person reviewing outbound call lists at a desk for DNC compliance
Person reviewing outbound call lists at a desk for DNC compliance

TL;DR

DNC registry integration means scrubbing your outbound call list against the FTC's National Do Not Call Registry before you dial. Access the registry through the FTC's Telemarketers portal, scrub every number within 31 days of a call, and re-scrub at least monthly if you call continuously. Missing one registered number can cost up to $51,744 per violation under FTC Act enforcement, plus $500 to $1,500 in private TCPA suits.

What is the National DNC Registry and who runs it?

The National Do Not Call Registry is a database of phone numbers the Federal Trade Commission maintains. Consumers add their numbers for free at donotcall.gov. The FCC and FTC jointly enforce the rules that bar telemarketers from calling those numbers.[1]

The registry launched in 2003 under the Do-Not-Call Implementation Act, which told both agencies to coordinate enforcement. The FTC runs the registry itself and brings civil actions. The FCC enforces the TCPA, 47 U.S.C. § 227, which is the underlying statute most plaintiffs use in private lawsuits.[2]

The registry holds roughly 249 million active registrations as of the FTC's most recent Data Book.[3] That number climbs every year. So the odds that any given consumer phone number is registered are meaningfully higher today than they were a decade ago. If you run outbound sales to consumers, assume most of the numbers on your list carry some registration probability.

Here is what people mix up. The FTC runs the registry, but the FCC wrote the rules telemarketers must follow. You need both agencies' rules to stay clean. See the FTC DNC registry for the consumer side and the full government do not call list overview for how the two agencies split the work.

Who is legally required to scrub against the DNC Registry?

Any person or entity making telemarketing calls to residential subscribers is covered by the FTC's Telemarketing Sales Rule (TSR) and must honor registrations.[4] The FCC's TCPA rules extend similar duties to calls made with an autodialer or prerecorded message, including calls to mobile phones.

There are exemptions. Calls under an existing business relationship, calls to businesses (B2B), calls where the consumer gave prior express written consent, and calls by certain nonprofit or political groups fall outside standard DNC requirements. The established business relationship (EBR) exemption under the TSR allows calls to existing customers within 18 months of a transaction. But that exemption does not carry over to TCPA private lawsuits in the same clean way, so do not treat it as a universal shield.

Lead generators, call centers, and companies that buy lists from data vendors are all still responsible for scrubbing. The law does not let you hand the legal obligation to the vendor who sold you the list. That contract might give you a right to sue the vendor if their data is bad. Regulators will still come after you first.

B2B callers do not have to scrub business lines against the National DNC Registry. But if you call mobile numbers that employees use personally, or residential numbers where a business owner works from home, you are in consumer-call territory. The registry rules apply.

How does DNC registry access actually work?

You access the registry through the FTC's Telemarketers portal at telemarketing.donotcall.gov. You register your organization, provide your SIC code and the area codes you want to pull, and pay the annual fee. Once your account is live, you download number files by area code in .txt format.[5]

The files hold the registered numbers for the area codes you paid for. You compare those against your calling list. Any number that shows up in the registry file comes off your outbound list before you dial, unless an established exemption applies.

The FTC updates the registry monthly. You have to download fresh data at least once every 31 days before any call campaign. The 31-day rule is firm. If your scrub data is 32 days old when you dial, you have a compliance gap.

Most teams automate this. The practical workflow: pull fresh DNC files on a set schedule (many teams do it weekly to build in buffer), run an automated match against the CRM or dialer list, suppress matched numbers, and log the scrub date and the file version you used. That log is your evidence when the FTC or a plaintiff's attorney comes asking.

For a step-by-step on getting the actual files, the do not call list download guide covers the portal specifically.

National DNC Registry: key compliance numbers Federal figures every outbound team must know 249 Active DNC registrations (m… 52k Maximum civil penalty per violation ($) 1,500 Private lawsuit award per willful violation ($) 31 Required scrub window (days) Source: FTC civil penalty inflation adjustments & TSR (16 CFR Part 310), FTC DNC Registry Data Book

What does DNC Registry access cost?

The FTC sets fees each year under the Do-Not-Call Implementation Act. Under the FY2024 fee schedule, access costs $79 per area code per year, and the annual cap for all area codes nationwide is $17,506.[6]

There is a real exception. If you only need one area code and you run a small operation, that first area code is free. The FTC built that in so very small telemarketers can check the registry without a fee barrier. Any organization running a real outbound program needs multiple area codes, so budget for the full fee.

These fees move. The FTC adjusts them based on program costs, so check the current schedule at the start of each fiscal year (October 1) before you renew. The $17,506 cap has held steady for several years. Single area code fees have crept up.

Plenty of teams handle access through their dialer vendor or a scrubbing service, which folds the cost into a per-record or monthly SaaS fee. That works, as long as you verify the vendor is actually pulling fresh data on a compliant schedule. Get it in writing. If the vendor falls behind on pulls and you dial a registered number, the liability is yours, not theirs, in the regulator's eyes.

Access typeAnnual cost (FY2024)
Single area codeFree
Each additional area code$79
All area codes (nationwide cap)$17,506[6]

What is the 31-day scrub rule and how do you stay within it?

The FTC's TSR and the FCC's TCPA rules both require you to check a number against the registry no more than 31 days before you call it.[4] People call it the 31-day scrub window. Scrub your list on January 1, then dial a number on February 2, and that number missed the window. You are exposed.

Here is the practical fallout: a one-time scrub at list purchase is almost never enough. Consumer registrations are continuous. New numbers hit the registry every day. A number that was clean when you bought the list might be registered three weeks later, right when you reach it in your dialing sequence.

Most compliance teams run a monthly scrub cycle tied to their dialing calendar. High-volume shops scrub weekly. Shorter cycle, less legal risk, more operational overhead. Weekly is probably the sweet spot for teams dialing more than a few thousand numbers a month.

Keep records of every scrub: the date, the registry file version, and the list it hit. The FTC can audit these records. In enforcement actions, the absence of scrub logs gets treated as evidence of willful non-compliance, which triggers higher penalties.

What are the penalties for calling a DNC-registered number?

The FTC can seek civil penalties up to $51,744 per violation.[7] The FCC can impose its own forfeitures under the TCPA. And private plaintiffs can sue for $500 per violation, or up to $1,500 if the court finds the violation was willful or knowing, under 47 U.S.C. § 227(c)(5).[2]

Those three channels can stack. An FTC civil penalty action, an FCC forfeiture, and a private class action from the same campaign are all possible at once. In practice, regulators prioritize cases with large call volumes, clear evidence of knowing non-compliance, and consumer harm. Plaintiffs' attorneys file individual and class cases regularly, because the per-call statutory damages make even modest campaigns worth litigating.

The $51,744 figure is the current inflation-adjusted maximum. The FTC adjusts civil penalties every year under the Federal Civil Penalties Inflation Adjustment Act.[7] The base amount in the FTC Act is $10,000; the adjusted figure is what actually applies.

Willfulness matters a lot. A company that can show a written scrub policy, regular scrubs, clean logs, and a number that slipped through on a data processing error sits in a very different spot than a company with no scrub process at all. Build the paper trail before you need it.

For more on fines and how enforcement plays out, see the do not call list violations and reporting guide.

How do you handle state DNC lists alongside the federal registry?

More than 15 states run their own do-not-call lists that sit on top of the federal registry.[8] If you call consumers in those states, you scrub against both the federal registry and the state list. The federal registry does not substitute for state compliance.

The states with the most consequential lists, by enforcement activity and size, include Florida, Indiana, and Pennsylvania. Florida's Do Not Call list is maintained by the Florida Department of Agriculture and Consumer Services and has its own registration and fee structure.[9] Indiana's list is run by the Indiana Attorney General's office.[10] Pennsylvania operates a separate list through the Pennsylvania Office of Attorney General.[11]

The overlap creates real operational work. You need a scrub workflow that handles multiple file formats, multiple update schedules (state lists may refresh at different frequencies than the federal registry), and multiple exemption rules (state exemptions do not always match federal ones).

For state-specific detail, we have guides on the Florida do not call list, the Indiana do not call list, and the do not call list in Pennsylvania. If you operate nationally, work through every state with an active registry and build them all into your scrub process before your first call.

Using a scrubbing vendor? Ask flat out whether they include state DNC lists or only the federal registry. Many basic services cover only the federal list. That gap is a real liability.

Do mobile phone numbers appear on the DNC Registry?

Yes. A stubborn myth says the National DNC Registry only covers landlines. It does not. Consumers can register any phone number, mobile included, and the FTC's registry accepts mobile registrations.[12]

The FTC states plainly that cell numbers can be registered. As mobile-only households have grown, so has the share of mobile numbers in the registry. Calling a registered mobile number is the same violation as calling a registered landline.

Mobile numbers carry a second, stricter layer of TCPA protection. Even if a mobile number is not on the DNC Registry, calling it with an autodialer or prerecorded message without prior express written consent is a TCPA violation. The two frameworks run independently. You can trip both at once, or one without the other.

The mobile phone do not call list article covers mobile protections in more detail, including the autodialer consent rules that apply no matter the DNC status.

Treat every mobile number on your list as carrying both risks: DNC registration and TCPA autodialer consent. Scrub against the registry, then confirm your consent documentation before you dial any mobile number with an automated system.

What does a compliant DNC integration workflow look like?

Here is a workable integration process for a small outbound team. This is not legal advice, and your situation may need tweaks, but it covers the core requirements.

Step one: Register with the FTC's Telemarketers portal and buy access to every area code you plan to call. Record the registration date and account credentials in a secure internal file.

Step two: Download registry files before each campaign and on a recurring schedule (monthly at minimum, weekly if your call volume is high). Store each file with the download date in the filename or metadata.

Step three: Run an automated match between your call list and the registry files. Most dialers and CRM systems have this built in or available as an add-on. If yours does not, standalone scrubbing APIs accept a list and return a flagged version within minutes.

Step four: Apply the same process to any state DNC lists for the states you call into.

Step five: Log every scrub run. The log should record the scrub date, the registry file versions used, the name of the list scrubbed, the record count before and after, and who ran it.

Step six: Keep an internal DNC list for opt-outs. When someone asks not to be called, add them right away. The TSR requires you to honor internal opt-out requests within 30 days, and you cannot call that person again regardless of federal registry status.[4]

Step seven: Train anyone who touches outbound dialing on the policy. If an agent bypasses the scrubbed list and manually dials a registered number, you still own the violation.

Want a ready-made structure? LeadCompliant's free compliance kit includes a DNC scrub policy template and a scrub log spreadsheet you can use without any signup. One less thing to build from scratch.

For context on the telemarketer-facing side of the registry, the do not call telemarketer list guide reads well alongside this.

How do dialers and CRM tools handle DNC scrubbing?

Most enterprise dialers (Five9, NICE CXone, Genesys, Twilio Flex) offer built-in DNC scrubbing or integrations with dedicated scrubbing services. Quality varies. Some pull directly from the FTC's data on a set schedule. Others make you manually upload registry files, so the scrub is only as fresh as your last upload.

CRM platforms like Salesforce and HubSpot do not scrub natively, but they connect to third-party scrubbing APIs through their marketplaces. Companies like Gryphon Networks, CompliancePoint, and Contact Center Compliance (formerly DNC.com) run hosted scrubbing services that link to your CRM or dialer via API and scrub records in real time or in batch.

Real-time scrubbing, where a number gets checked against the registry at the moment of dialing rather than in a batch beforehand, is the strongest position from a compliance standpoint. Batch scrubbing opens a window between the scrub and the dial where a consumer could register. Real-time scrubbing closes that window. The trade-off: real-time checks add a small latency to each connect (usually under a second) and cost more per record.

When you evaluate a vendor, ask three questions. How often do you pull updated registry data from the FTC? Do you cover state DNC lists, and which ones? What documentation do you give me that I can use as evidence of compliant scrubbing? If they cannot answer all three clearly, walk.

Nobody has clean public data on market share for scrubbing vendors. The closest published figures are the FTC's own telemarketer registration counts, which show tens of thousands of registered entities, so the market for scrubbing services is large but fragmented.

What records do you need to keep for DNC compliance audits?

The FTC's TSR requires sellers and telemarketers to keep records tied to do-not-call compliance for at least 24 months.[4] The rule calls out the name and address of the entity whose telemarketing was conducted, the name, telephone number, and date of each call made, and evidence of any express agreement that formed the basis for calling a registered number.

Beyond the minimum, smart practice means keeping your registry subscription confirmation and renewal dates, each scrub log with file version and date, the version of your internal DNC list at the time of each campaign, and any written consent records that support exemption claims.

If you get a CID (Civil Investigative Demand) from the FTC or a subpoena in private litigation, these records are what you produce. Missing records do not help you; they create an inference of non-compliance. Good records do not guarantee a win, but they change the settlement math a lot.

Store records in a system that timestamps entries and blocks retroactive editing. A spreadsheet on someone's laptop is not adequate. Cloud-based logging with access controls and an immutable audit trail is the right standard, even for small teams.

Two years is the floor. Given TCPA litigation timelines and state AG investigation timelines, keeping records for four years is prudent in states with longer statutes of limitations.

What exemptions let you call DNC-registered numbers legally?

There are four main exemptions under federal law, and you need to know the limits of each.

First, established business relationship (EBR). The TSR allows calls to consumers who made a purchase, rental, or financial transaction with your company in the past 18 months, or who made an inquiry or application in the past 3 months.[4] This one expires automatically. Once the window closes, the number is off-limits again unless they give express consent.

Second, prior express written consent. If the consumer signed (electronic signature counts) a clear and conspicuous disclosure consenting to calls from your company, you can call even if they are on the registry. This is the most durable exemption, but the consent has to be specific to your company, more than a generic marketing consent.

Third, personal relationship. Calls to someone you have a personal relationship with are exempt. In practice this is narrow and rarely relevant for business outbound.

Fourth, non-commercial and exempt organizations. Political calls, charitable solicitations, and survey calls are generally exempt from the TSR's DNC requirements, though some state rules do cover them.

One point on EBR that trips people up: it is a TSR exemption, and it does not create a blanket TCPA defense. The FCC's TCPA rules for autodialers and prerecorded calls have no identical EBR carve-out. If you use an autodialer to reach a registered number under an EBR claim, you may still face TCPA exposure. Courts have read this differently across circuits, so the legal picture is genuinely unsettled. Get specific legal counsel before you rely on EBR for autodialed calls to registered numbers.

See the full DNC registry overview for more on how exemptions play out in private lawsuits versus FTC enforcement.

Frequently asked questions

How often do I need to scrub my call list against the DNC Registry?

You must scrub each number within 31 days before you dial it. That is the legal minimum under both the FTC's Telemarketing Sales Rule and FCC rules. Most compliance teams scrub monthly at minimum and weekly for high-volume campaigns. The registry updates continuously, so a scrub you ran 32 days ago is non-compliant even if nothing obvious changed on your list.

Can I use a third-party vendor for DNC scrubbing instead of pulling the registry myself?

Yes, and most teams do. You can use a dialer with built-in scrubbing or a dedicated API service. But legal liability stays with you, not the vendor. Confirm in writing that they pull fresh federal and state DNC data on a schedule that keeps you inside the 31-day window, and ask for documentation of each scrub run so you have audit-ready records.

Does the DNC Registry cover text messages and SMS?

The FTC's TSR covers telemarketing calls, and the FCC reads the TCPA to cover certain texts sent with an autodialer as if they were calls. Sending unsolicited marketing texts to a number on the DNC Registry is risky. The safer position is to treat DNC registration as a signal to avoid contact entirely, voice and text, unless you have prior express written consent specific to SMS.

What is the difference between the federal DNC Registry and a state DNC list?

The federal registry is run by the FTC and covers the whole country. State DNC lists are maintained by individual state agencies, usually an attorney general or public utilities commission, and carry their own rules, fees, and exemptions. If you call into Florida, Indiana, Pennsylvania, or other states with active lists, you scrub against both. The federal registry does not preempt or replace state lists.

How much does it cost to access the National DNC Registry?

As of FY2024, access costs $79 per area code per year with a nationwide cap of $17,506 for all area codes. The first area code is free. The FTC adjusts fees annually under the Do-Not-Call Implementation Act, so check the current schedule at telemarketing.donotcall.gov at the start of each fiscal year, which begins October 1.

What happens if someone is on the DNC Registry but gave me their number directly?

If they gave you their number in a transaction or inquiry, you may have an established business relationship exemption under the TSR for up to 18 months (transactions) or 3 months (inquiries). If they signed a clear consent form authorizing calls from your company specifically, that prior express written consent overrides the registration. Neither exemption is unlimited, and neither works cleanly as a TCPA defense for autodialed calls.

Can a consumer who is on the DNC Registry sue me directly?

Yes. Under 47 U.S.C. § 227(c)(5), a consumer who gets more than one call in a 12-month period from the same entity in violation of the DNC rules can bring a private lawsuit for $500 per violation, trebled to $1,500 if the court finds the violation was willful. This is one of the more frequently litigated TCPA claims because plaintiffs do not need to show actual damages.

How do I add a number to the DNC Registry on behalf of a consumer?

You cannot register on someone else's behalf. Consumers register their own numbers at donotcall.gov or by calling 1-888-382-1222 from the number they want registered. Registration takes effect within 31 days and stays active indefinitely unless the consumer removes it. Telemarketers have no mechanism to pre-screen or dispute a registration.

Do B2B calls need to be scrubbed against the DNC Registry?

Calls to business lines for business purposes are generally exempt from the National DNC Registry requirements under the TSR. But if you call mobile phones that employees also use personally, or residential numbers where a business owner works from home, the exemption gets murky. When in doubt, scrub anyway. The cost of scrubbing is trivial next to the cost of a misclassified call.

How long do I need to keep DNC scrub records?

The FTC's Telemarketing Sales Rule requires telemarketers to keep records tied to do-not-call compliance for at least 24 months. Since private TCPA litigation can be filed within four years of a violation in some states, keeping records for four years is the more prudent standard. Records should include scrub dates, registry file versions, and the call lists those scrubs were applied to.

What is an internal DNC list and am I required to have one?

An internal DNC list is your company's own list of people who have asked not to be called, separate from the federal registry. The TSR requires you to maintain one and honor opt-out requests within 30 days. You cannot call someone on your internal list even if they are not on the federal registry. Internal DNC records must also be retained for at least 5 years under the TSR.

What is the established business relationship exemption and when does it expire?

Under the FTC's TSR, you may call a registered number if the consumer made a purchase or transaction with your company in the past 18 months, or made an inquiry or application in the past 3 months. Once those windows close, the exemption is gone. The consumer can also revoke it by asking not to be called, at which point you must stop immediately regardless of the EBR window.

Is there a safe harbor if I accidentally call a DNC-registered number?

Yes, a limited one. The TSR and FCC rules provide a safe harbor if you can show you have written procedures that comply with DNC requirements, you train employees on them, you scrub your lists within 31 days before calling, and the specific call was made in error despite following those procedures. The safe harbor is not automatic; you have to prove every condition was met.

Sources

  1. FTC, National Do Not Call Registry (consumer information): The FTC maintains the National Do Not Call Registry; consumers add numbers for free at donotcall.gov.
  2. U.S. Code, 47 U.S.C. § 227 (Telephone Consumer Protection Act): Under 47 U.S.C. § 227(c)(5), private plaintiffs may sue for $500 per violation, trebled to $1,500 for willful violations.
  3. FTC, National Do Not Call Registry Data Book (annual report): The registry holds roughly 249 million active registrations per the FTC's most recent Data Book.
  4. FTC, Telemarketing Sales Rule (16 CFR Part 310): The TSR requires scrubbing within 31 days before a call, maintaining internal DNC lists, honoring opt-outs within 30 days, and retaining records for 24 months.
  5. FTC, Telemarketers access portal for the DNC Registry: Telemarketers access registry data by registering at the FTC's Telemarketers portal and downloading area-code-level number files.
  6. FTC, Telemarketers section (Do Not Call fees): As of FY2024, DNC Registry access costs $79 per area code per year, with a nationwide cap of $17,506; the first area code is free.
  7. FTC, Federal Trade Commission (civil penalty inflation adjustments, published in the Federal Register): The inflation-adjusted maximum civil penalty for FTC Act violations, including DNC violations, is $51,744 per violation as of the current adjustment.
  8. National Conference of State Legislatures, State Do Not Call Laws: More than 15 states maintain their own do-not-call lists separate from the federal registry.
  9. Florida Department of Agriculture and Consumer Services, Florida Do Not Call Program: Florida's Do Not Call list is maintained by the Florida Department of Agriculture and Consumer Services and has its own registration and fee structure.
  10. Indiana Attorney General, Do Not Call program: Indiana's Do Not Call list is run by the Indiana Attorney General's office.
  11. Pennsylvania Office of Attorney General, Do Not Call List: Pennsylvania operates a separate do-not-call list through the Pennsylvania Office of Attorney General.
  12. FTC, National Do Not Call Registry FAQs: The FTC explicitly states that consumers can register mobile phone numbers on the National DNC Registry.

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit