DNC scrubbing frequency requirements for outbound sales teams

Federal law requires scrubbing against the National DNC Registry every 31 days. Here's exactly what that means, what states add on top, and what a violation costs.

LeadCompliant Team
23 min read
In This Article

Last updated 2026-07-09

Compliance officer reviewing outbound call logs at a sunlit office desk
Compliance officer reviewing outbound call logs at a sunlit office desk

TL;DR

Federal rules under 47 CFR 64.1200(c) require outbound telemarketers to scrub call lists against the National Do Not Call Registry at least once every 31 days. Most state rules match or tighten that window. A single violation can cost up to $51,744 per call under current FCC penalty schedules, and private TCPA suits carry $500 to $1,500 per call on top of that.

What does federal law actually say about how often you must scrub?

The rule lives in 47 CFR 64.1200(c)(2), which puts the TCPA's do-not-call provisions into practice. A telemarketer has to honor a number's registration on the National Do Not Call Registry and scrub its calling lists against that registry "no more than 31 days prior to the date any call is made." [1] That 31-day figure is the maximum gap allowed, not a suggestion. Pull a fresh registry file on January 1 and start calling from it, and every call made on or before February 1 is covered. A call made on February 2 without a new scrub is a potential violation.

The FTC runs the Registry under the Telemarketing Sales Rule (TSR), and it mirrors the same window in 16 CFR 310.4(b)(3)(iv): a seller or telemarketer must not call a Registry number unless the number was downloaded no more than 31 days before the call. [2] So the FCC (which governs TCPA) and the FTC (which governs the TSR) land on the identical 31-day limit. Two federal agencies watch the same behavior.

Most compliance teams run scrubs weekly or every two weeks. Monthly is the floor. Weekly is cheap insurance given how fast people register new numbers.

How does the 31-day rule work in practice for a sales team?

Think of a scrub as a timestamp on your list. Every phone number in your dialing queue carries an invisible clock that starts the moment you last checked it against the Registry. When that clock hits 31 days, the number is no longer safe to call without a fresh check.

Here is where teams get tripped up. A lead comes in on day 1. You scrub your list on day 1 and the number is clean. Your rep doesn't get around to calling it until day 35. That call runs on stale data. If the person registered on day 15, you just dialed a registered number with a 35-day-old scrub. That's a violation, even though you scrubbed the day the lead arrived.

The fix is one of two things. Run scrubs on a rolling basis tied to each call date rather than each lead intake date. Or re-scrub your entire active queue every 30 days or fewer, no exceptions. The second option is simpler to audit. The first is technically more precise but harder to document.

For cold calling teams that work large lists across multi-week campaigns, the 30-day scrub cycle has to be built into the campaign schedule. It's not a one-time pre-launch checkbox.

What are the penalties for missing a scrub window?

The numbers are not abstract. Under the FCC's current penalty schedule, each unlawful call to a number on the National DNC Registry can draw a civil forfeiture of up to $51,744. [3] The FTC can seek civil penalties in the same range under the TSR. These are per-call figures. A campaign that hits 1,000 registered numbers with a lapsed scrub faces exposure in the tens of millions before a single private lawsuit lands.

Then there's the private right of action under 47 USC 227(c)(5). A person who gets two or more calls within a 12-month period in violation of the DNC rules can sue and recover $500 per call, trebled to $1,500 if the court finds the violation was willful or knowing. [4] The statute itself gives the consumer the choice to "recover for actual monetary loss from such a violation, or to receive up to $500 in damages for each such violation, whichever is greater." Class actions stack those individual claims fast. The Cash App TCPA class action settlement and the Credit One TCPA settlement show how quickly these cases scale.

One nuance most teams miss. Calling a number already on your internal DNC list, separate from the national registry, is its own violation. Your internal suppression list carries obligations under 47 CFR 64.1200(d), and a clean national registry scrub does nothing to cure a call to someone who told you personally to stop.

Key DNC scrubbing numbers every outbound team needs Federal thresholds, penalties, and Registry scale at a glance 31 Max days between scrub and call (federal rule) 30 Days to honor an internal opt-out request 52k Max FCC civil forfeiture per unlawful call ($) 1,500 Private TCPA damages per call, willful violation ($) Source: FTC National DNC Registry; FCC Enforcement Bureau; 47 CFR 64.1200; 47 USC 227(c)(5)

Does the 31-day rule apply to cell phones and text messages too?

Yes, with extra layers stacked on top. The National DNC Registry covers residential telephone numbers, and the FCC has confirmed that wireless numbers registered there get the same protection. [5] So if someone has their cell on the Registry, calling it for telemarketing is covered by the 31-day scrub requirement exactly like a landline.

Texts get more complicated. The TCPA treats an unsolicited commercial text to a cell phone the same as a call for the autodialer provisions under 47 USC 227(b). The DNC provisions under 47 USC 227(c) apply to "telephone solicitations," which the FCC has read to include SMS marketing in many contexts. [6] So if your SMS program sends outbound commercial messages without prior express written consent, you need to scrub against the Registry and keep an internal opt-out list. The mobile phone do not call list question comes up constantly for teams that do both call and text campaigns.

The 31-day scrub rule applies to texts. But consent requirements under 47 USC 227(b) layer on top, and they're often more demanding than the DNC rules alone. A number can be clean on the Registry and still be off-limits for texts if you lack the right consent.

What do state DNC laws add to the federal 31-day requirement?

Several states run their own Do Not Call registries, and some set stricter scrub windows than the federal 31-day rule. Here's a quick look at the major ones.

StateOwn Registry?Scrub WindowNotes
CaliforniaNo separate registryFederal 31-day rule appliesCCPA adds data handling obligations
TexasYes (TX DNC)31 daysMust scrub both TX and federal lists
FloridaYes (FL DNC)31 daysFL SB 1120 (2021) tightened ATDS definition
IndianaYes90 days (older registrations stay)31-day scrub still required for new entries
WyomingYes31 daysSmall list but active enforcement
ColoradoNoFederal rule; state AG active on enforcement

The table is a simplified summary. State laws change, and a handful of states (Indiana historically, Wyoming more recently) have registration and scrub timelines that differ from federal rules. [7] When you're unsure, the shorter window wins. If a state requires a scrub no older than 20 days, use 20 days for calls into that state even though federal law allows 31.

If your team calls into multiple states, the safest move is to apply the most restrictive rule to your entire list and stop trying to juggle per-state thresholds in your dialer. The compliance you gain from the looser standard isn't worth the audit headache.

Are there any exemptions that let you skip the scrub requirement?

Yes, and they're narrower than most sales teams assume.

Established business relationship (EBR) is the exemption people cite most. Under 47 CFR 64.1200(f)(5), an EBR exists if the consumer made a purchase, rental, or financial transaction with the calling entity within the past 18 months, or made an inquiry or application within the past 3 months. [1] A valid EBR lets you call a Registry number. But the EBR does not override a specific do-not-call request made to your company. If someone told your company "never call me again," that instruction holds regardless of any prior relationship.

Express written consent is the other main exemption. If a consumer gave prior express written consent to receive telemarketing calls from your company, the DNC Registry does not block you. The FCC's 2012 order tightened the standard: consent must be in writing (including electronic), signed, and clearly authorize calls from your specific entity. [6] Terms-of-service agreements that bury consent language usually don't meet the bar.

Neither exemption erases the need for an internal DNC list. You still have to honor opt-out requests within 30 days under 47 CFR 64.1200(d)(3), and you have to keep that suppression list company-wide, not per campaign or per rep.

How do you get access to the National DNC Registry to run scrubs?

The FTC runs the National Do Not Call Registry at donotcall.gov. Organizations that want to scrub their calling lists register as a "Seller or Telemarketer" through the Registry's Subscription Management portal. [8] There's a cost. As of 2024, accessing the Registry runs $75 per area code per year, with the first five area codes free. A national subscription covering all area codes runs several thousand dollars a year depending on the exact count.

Once you have an account, you download the data in one of several file formats and compare it against your call list before dialing. The Registry updates daily, which is why a 31-day-old pull is legally enough but a 7-day pull is practically smarter. Numbers appear in the Registry within 31 days of registration, so a number registered today won't necessarily show in the download immediately, but it'll be there inside a month.

Third-party scrubbing services pull from the Registry on your behalf and compare your list automatically. They charge per-record or by subscription, and they're worth considering if your list volume makes manual scrubbing impractical. LeadCompliant's free phone checker tools let you verify individual numbers quickly for a spot check before a campaign launch. A full pre-campaign scrub still needs to go through the Registry's official data.

For a walkthrough of getting set up with the Registry, see how do I get the do not call list.

What internal DNC list rules run parallel to the registry scrub requirement?

47 CFR 64.1200(d) requires any entity that makes telemarketing calls to keep a written policy for a company-specific do-not-call list, train its people on the existence and use of that list, and honor opt-out requests within 30 days of receipt. [1] The statute at 47 USC 227(c)(5) gives consumers the private right of action to enforce it.

The internal list obligation is separate from the National Registry scrub. Someone who never registered with the FTC can still tell your rep "take me off your list" during a call, and that request has to be honored company-wide, permanently, within 30 days. Your CRM or dialing platform needs a suppression mechanism that carries across all campaigns, all reps, and all subsidiaries under the same brand.

Companies that run multiple brands or buy another company's calling list miss this all the time. The FCC has taken the position that a do-not-call request made to one entity in a corporate family applies to affiliated entities the consumer can't tell apart. That's a fact-specific question, but it surfaces in litigation. Buy a lead list or acquire a company, and you inherit their internal DNC obligations too.

The 30-day window is the outer limit. Processing opt-outs same-day or next-day is achievable and removes the exposure entirely.

What records do you need to keep to prove you scrubbed on time?

Documentation is where teams lose cases they should have won. You can run every scrub perfectly and still face an ugly discovery process if you can't produce records showing when you scrubbed, which Registry version you used, who ran it, and which call lists it covered.

At minimum, your scrub records should capture the date and time of each Registry download, the area codes or data set pulled, the name or ID of the person or system that ran the comparison, the number of records scrubbed, and the number suppressed. Store these for at least four years. The federal statute of limitations under 28 USC 1658 is four years, and some state claims run on different clocks. [11]

Automatic logging beats manual spreadsheets by a wide margin. If your dialing platform or scrubbing service doesn't produce an audit log you can export, that's a gap worth fixing before a plaintiff's attorney asks for it in discovery.

LeadCompliant's compliance kit includes a scrub log template and a DNC policy document you can adapt, which is genuinely useful if you don't have a compliance operations background and need a starting point.

Some teams keep a screenshot or confirmation receipt from the Registry download portal. Small step, second source of evidence if your internal logs ever get questioned.

If you have valid prior express written consent from a specific consumer to call or text them for telemarketing, you're largely insulated from the DNC Registry prohibition on that number. The consent works as an individual override of the Registry's general prohibition. [6]

But consent is not a permanent free pass, and it doesn't replace your internal DNC list obligations. Consent can be revoked. The FCC has held that consumers can revoke consent through any reasonable means, and once revoked, the caller must stop within a reasonable time. The number then goes on your internal suppression list regardless of its Registry status.

For text message marketing programs, the consent piece is usually more demanding than the Registry scrub. You still scrub, but the primary legal exposure for text campaigns often comes from the autodialer consent rules under 47 USC 227(b) rather than the DNC provisions under 227(c).

One practical note. Consent documentation ages. If your only record is a lead form from two years ago with no clear opt-in language for telemarketing, that consent is probably invalid under current FCC standards. Treat old consent records skeptically, especially for lists you purchased or inherited.

What's the biggest scrubbing mistake sales teams actually make?

The most common and costly mistake is treating the scrub as a one-time event at list upload rather than an ongoing obligation tied to the call date. A list that was clean 45 days ago is not a clean list today.

Close behind that: not scrubbing purchased lists before use at all. Lead vendors sometimes claim their lists are "DNC compliant" or "pre-scrubbed." That claim does not transfer the legal liability. Under both FCC and FTC rules, the seller making the call owns its own compliance. Buying a list a vendor scrubbed 60 days ago does not satisfy your 31-day obligation. [9]

Third common mistake: using a single national scrub for campaigns that call into states with their own registries. Call Texas numbers, and you need to scrub against both the federal Registry and the Texas DNC registry. Missing the state layer is a separate violation under state law, often with its own penalty structure.

For a do not call telemarketer list overview of how these lists interact at the federal and state level, that's a useful reference when you map your compliance architecture. And for a general grounding in how the do not call list system works from the consumer side, that context helps when you explain the rules to reps who don't understand why a fresh lead might still be off-limits.

How should a small outbound team build a compliant scrubbing process?

For a team making fewer than a few thousand calls a month, the practical setup is simple. You need a Registry subscription sized for your calling geography, a scrub run at least every 30 days on your entire active queue, an internal suppression list in your CRM that auto-populates when a rep gets an opt-out, and a log of every scrub event with date, list size, and suppression count.

At higher volume, a third-party scrubbing service that runs automated daily or weekly comparisons and feeds clean lists straight into your dialer makes more sense. The cost is usually a fraction of the exposure from one missed scrub on a large list.

A cold call workflow that stores scrub status as a field on each CRM record, with an automatic lock-out past 30 days, is clean and audit-ready. The rep can't dial a number whose last scrub timestamp is over 30 days old. That removes the human error entirely.

One thing most small teams skip and shouldn't: a written DNC policy. The FTC and FCC both expect one to exist. In front of a regulator or a plaintiff's attorney, a written policy (even a two-page one) shows compliance was intentional, not an afterthought. That distinction feeds the "willful or knowing" analysis that decides whether per-call damages triple.

Review your process quarterly. The FCC has updated DNC-related rules multiple times in the last five years, and state rules shift too. A process that was fully compliant in 2022 may have gaps today.

Frequently asked questions

How often do you have to scrub against the National Do Not Call Registry?

Federal law under 47 CFR 64.1200(c)(2) requires you to scrub your calling lists no more than 31 days before each call. That's the legal maximum gap. Most compliance teams run scrubs weekly or every two weeks because the cost of a missed window, up to $51,744 per call in FCC civil penalties plus private TCPA suits, far exceeds the cost of pulling fresh data more often.

Does the 31-day scrub rule apply to text messages?

Yes, in most commercial texting contexts. The FCC has read the TCPA's telephone solicitation rules to cover SMS marketing. If your texts are outbound commercial messages without prior express written consent, you need to scrub against the DNC Registry on the same 31-day cycle that applies to calls. Consent-based text programs carry separate requirements under 47 USC 227(b) that may be more demanding.

What happens if you call someone on the Do Not Call Registry?

The FCC can levy civil forfeitures up to $51,744 per call. The FTC can seek similar penalties under the Telemarketing Sales Rule. The consumer also has a private right of action under 47 USC 227(c)(5) to sue for $500 per violation, or $1,500 if the court finds the violation was willful or knowing. Class actions aggregate those individual claims into very large settlements quickly.

Can you rely on a lead vendor's DNC scrub instead of doing your own?

No. Under both FCC and FTC rules, the entity making the call owns its own compliance. A vendor can claim their list was scrubbed, but if that scrub is more than 31 days old by the time you call, you own the violation. Always re-scrub purchased lists before use, and document that you did it.

Does an established business relationship (EBR) let you skip the DNC scrub?

An EBR (a purchase within 18 months or an inquiry within 3 months under 47 CFR 64.1200(f)(5)) lets you call a registered number without violating the National Registry prohibition. But it doesn't override a specific opt-out request made directly to your company. If someone asked you to stop calling, that internal DNC request holds regardless of the EBR.

How long do you need to keep DNC scrub records?

Keep records for at least four years. The federal statute of limitations under 28 USC 1658 is four years, and some state TCPA-style claims run on different clocks. Records should include the date of each scrub, the data set pulled, who ran it, how many records were checked, and how many were suppressed. Automated logging from your scrubbing platform is far more reliable than manual tracking.

Do state Do Not Call registries have different scrub frequency rules?

Most state registries that exist (Texas, Florida, Indiana, Wyoming, and others) apply a 31-day scrub window matching the federal rule. When a state rule is stricter, you must use the shorter window for calls into that state. The safest approach for multi-state teams is to apply the most restrictive standard across your entire list rather than managing per-state thresholds in your dialer.

Under the FCC's 2012 declaratory ruling, valid consent must be in writing (including electronic), signed by the consumer, and specifically authorize telemarketing calls or texts from your company. General terms-of-service consent, consent given to a different entity, and consent buried in fine print a reasonable person wouldn't notice have all been challenged successfully in litigation.

How do I honor an internal do-not-call request, and how fast?

Under 47 CFR 64.1200(d)(3), you must honor a consumer's request to be placed on your company-specific do-not-call list within 30 days of the request. The suppression has to apply company-wide, more than to the rep or campaign that took the request. Processing opt-outs same-day or next-day removes the exposure window entirely and is achievable with any modern CRM.

Does calling a cell phone have any extra DNC requirements compared to calling a landline?

The DNC Registry scrub requirement is the same for registered cell phones as for landlines. But calling a cell for commercial purposes without prior express consent also triggers the separate autodialer and prerecorded message rules under 47 USC 227(b), which carry their own $500 to $1,500 per-call private damages and don't require the number to be on any registry to apply.

What should a written DNC policy include?

At minimum: a statement that the company honors both the National Registry and internal opt-out requests, the process for adding numbers to the internal suppression list, a training requirement for everyone who makes or supervises telemarketing calls, the scrub frequency the company follows, and who owns compliance. Two pages is enough. The FCC and FTC expect a policy to exist and look for it when investigating complaints.

How much does it cost to access the National Do Not Call Registry?

The FTC charges $75 per area code per year for Registry access, with the first five area codes free. A full national subscription covering all area codes costs several thousand dollars annually depending on the total count. Third-party scrubbing services typically charge a per-record or subscription fee on top of their Registry access, but they automate the comparison, which cuts operational burden.

Can a class action lawsuit come from a missed DNC scrub?

Yes, and they do. Under 47 USC 227(c)(5), any person who gets two or more DNC-violating calls within a 12-month period can sue. Plaintiff's attorneys aggregate those individual $500 to $1,500 claims into class actions covering thousands of numbers. Settlements in TCPA class actions routinely run into the millions even for mid-sized calling programs.

Is the 31-day rule a safe harbor, or is it an absolute deadline?

It's an absolute deadline for the data you call from. A scrub older than 31 days gives you no safe harbor. The rule also doesn't protect you if a number was registered after your scrub date and before your call date. Numbers appear in the Registry within 31 days of registration, so a call on day 30 of your scrub cycle might still hit a number that registered on day 2.

Sources

  1. FCC, Code of Federal Regulations 47 CFR 64.1200: 47 CFR 64.1200(c)(2) requires telemarketers to scrub call lists against the National DNC Registry no more than 31 days before any call is made; 64.1200(d)(3) requires honoring internal do-not-call requests within 30 days; 64.1200(f)(5) defines the established business relationship.
  2. FTC, Code of Federal Regulations 16 CFR 310.4 (Telemarketing Sales Rule): 16 CFR 310.4(b)(3)(iv) prohibits sellers and telemarketers from calling a number on the Registry using a download more than 31 days old; the calling entity, not the list vendor, bears the compliance responsibility.
  3. Legal Information Institute, Cornell Law, 47 USC 227: 47 USC 227(c)(5) grants consumers a private right of action for DNC violations: $500 per call, trebled to $1,500 for willful or knowing violations; two or more calls within 12 months in violation of DNC rules triggers the right. The statute lets a consumer recover actual monetary loss or up to $500 per violation, whichever is greater.
  4. FTC, National Do Not Call Registry (business and consumer information): The National DNC Registry covers residential telephone numbers including wireless numbers, and consumers can register both landlines and cell phones.
  5. National Conference of State Legislatures, State Do Not Call Laws: Multiple states including Texas, Florida, Indiana, and Wyoming maintain their own Do Not Call registries with scrub and registration requirements; some state rules impose obligations beyond the federal 31-day standard.
  6. FTC, National Do Not Call Registry: Business Information: Sellers and telemarketers must register through the FTC's Subscription Management portal to access Registry data; cost is $75 per area code per year with the first five area codes free; the Registry updates daily.
  7. FTC, Business Guidance: Complying with the Telemarketing Sales Rule: The FTC's TSR guidance states that sellers and telemarketers are independently responsible for scrubbing their calling lists and that a vendor's prior scrub does not satisfy the calling entity's own compliance obligation.
  8. Cornell Law School LII, 28 USC 1658 (Statute of Limitations): The general federal statute of limitations under 28 USC 1658 is four years, which governs TCPA claims brought in federal court; records should be retained for at least this period.

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit