Do not call list and telemarketing: what every outbound team must know

The National DNC Registry blocks calls to 249M+ numbers. Learn who must scrub, how often, and what a violation costs before your next campaign. Full guide.

LeadCompliant Team
24 min read
In This Article

Last updated 2026-07-10

Woman holding phone away from ear at kitchen table, natural light, telemarketing concern
Woman holding phone away from ear at kitchen table, natural light, telemarketing concern

TL;DR

The National Do Not Call Registry, run by the FTC, holds more than 249 million phone numbers. Telemarketers must scrub against it every 31 days, honor new registrations within 31 days of signup, and face fines up to $51,744 per violation. Exemptions exist for political calls, charities, and companies with an established business relationship. Those exemptions are narrower than most teams assume.

What is the Do Not Call Registry and who runs it?

The National Do Not Call Registry (DNC Registry) is a free database of phone numbers the Federal Trade Commission maintains. Consumers add their numbers to opt out of most commercial telemarketing calls. The FTC opened the registry in 2003 under the Do-Not-Call Implementation Act of 2003 and the Telemarketing Sales Rule (TSR, 16 CFR Part 310) [1]. The FCC adopted parallel rules under the Telephone Consumer Protection Act, 47 U.S.C. § 227, that reach the same numbers through a separate track [2].

The registry held more than 249 million active registrations at the close of fiscal 2023 [3]. That number has climbed every year since launch. The pool of freely dialable consumer numbers keeps shrinking, and if you run an outbound team without a real scrubbing process, the math is against you.

The FTC enforces the TSR side. The FCC enforces the TCPA side. State attorneys general can enforce both. That three-layer structure is why a DNC violation carries real risk. You are not dealing with one agency.

For a plain-language primer on the registry itself, see our do not call list overview.

Which telemarketers are legally required to scrub the DNC list?

Any person or entity making telephone solicitations to U.S. consumers for commercial purposes must scrub against the National DNC Registry before calling [4]. The TSR defines a "telephone solicitation" broadly. It covers calls that introduce, offer, or advertise goods or services, and calls that solicit charitable contributions on behalf of a for-profit company.

The rule applies whether you use live agents, automated dialers, or prerecorded messages. It applies to in-house sales teams and to third-party call centers acting for you. If your vendor makes the calls, you are still on the hook when those calls land on registered numbers. The FTC holds the company that benefits from the call responsible.

Business-to-business calls sit outside the registry's scope, but that exemption is not absolute. Plenty of people use a personal cell for work, and if that cell is on the registry, calling it is a violation no matter your intent [5].

Organizations that must scrub include:

CategoryMust Scrub Registry?Key Caveat
Commercial telemarketer (inbound leads, outbound sales)YesNo exceptions
Third-party lead generator calling on behalf of a sellerYesSeller is jointly liable
Charity soliciting via for-profit telemarketerYesDirect charity calls exempt
Political campaignsNoStill subject to TCPA autodialer rules
Purely B2B outboundNo (generally)Personal cell risk is real
Company with EBR (established business relationship)Limited exemption applies18-month window only

How often do you have to scrub against the registry?

The TSR requires covered telemarketers to access an updated version of the registry no more than 31 days before any call [4]. That is a hard ceiling, not a suggestion. If your last scrub was 32 days ago, every call you make today is potentially a violation.

Most compliance teams scrub weekly, or every two weeks at the latest. Monthly scrubs are legal inside the 31-day window, but they leave you exposed to numbers that registered late in that cycle. A consumer who registers today is protected within 31 days of the registration date. A monthly schedule can mean you are calling people who are already legally protected, sometimes for weeks, before you catch them.

The right cadence depends on list volume and how hard you recycle leads. Work the same 50,000 numbers continuously? Weekly scrubs make sense. Buy fresh lists per campaign? Scrub the list the day you receive it, then again before any call batch running more than two weeks out.

Some vendors advertise "real-time" DNC scrubbing. The FTC does not require it. The 31-day rule governs. Real-time is safer anyway, and the cost difference is usually small. Learn how to actually get scrub-ready data in our how do I get the do not call list guide.

National DNC Registry: area code access cost tiers Annual FTC fee per number of area codes accessed (as of FY 2024) 1-5 area codes $0 10 area codes $375 25 area codes $1,500 50 area codes $3,375 100 area codes $7,125 All area codes (national) $19k Source: FTC, National Do Not Call Registry Data Book FY 2023 and FTC fee schedule

What are the fines for calling someone on the Do Not Call list?

The civil penalty ceiling under the TSR is $51,744 per violation [6]. Under the TCPA, statutory damages run $500 per call for an unintentional violation and $1,500 for a willful or knowing one [2]. Both tracks can run at once. The FTC or FCC can seek civil penalties while a consumer pursues a private lawsuit in federal court.

The TCPA's private right of action drives most litigation. A single bad campaign can generate thousands of individual claims. Courts have certified class actions where combined statutory damages ran into the tens of millions of dollars, even with no individual plaintiff showing measurable financial harm. The TCPA is one of the most litigated consumer protection statutes in the country by annual federal case count [7].

Real enforcement numbers give you a sense of the risk:

  • The FTC obtained a $225 million judgment against a robocall operation in 2021, though collection in fraud cases rarely matches the judgment [8].
  • The FCC issued a $5.1 million forfeiture against a health insurance telemarketer for DNC violations in 2023 [9].
  • Private class actions routinely settle in the $1 million to $25 million range for campaigns that hit tens of thousands of registered numbers.

Do the arithmetic. Three hundred calls to registered numbers at $1,500 each is $450,000 in TCPA exposure. That is why compliance is cheaper than enforcement.

For what courts actually award, our penalties and lawsuits content covers recent case outcomes in detail.

What exemptions exist for telemarketers calling DNC-registered numbers?

There are real exemptions, and there are exemptions teams assume exist but do not. Knowing the difference keeps you out of court.

Established Business Relationship (EBR). You may call a person who made a purchase, payment, or other transaction within the preceding 18 months, or who made an inquiry or submitted an application within the preceding 3 months [4]. The EBR is per company. If you buy leads from a partner, their EBR does not transfer to you. The consumer must have a relationship with your company specifically.

Prior express written consent. If a consumer gave clear written consent to receive calls from your company, you may call even if their number is on the registry. The consent has to be specific to your company, describe the type of calls, and stay out of the fine print [2]. This is the exemption most digital lead-gen operations lean on. It is also the one plaintiffs challenge most, because the consent records are usually thin.

Existing business relationship. Distinct from EBR, some courts and agencies weigh whether an ongoing non-transactional relationship exists. That is murky ground. Do not lean on it without legal review.

Exemptions that do NOT apply to commercial telemarketers:

  • Political organizations (exempt from DNC, but still bound by TCPA autodialer and prerecorded message rules)
  • Charities calling directly without a for-profit intermediary
  • Surveys (non-commercial only; a survey that turns into a sales pitch loses the exemption on the spot)
  • Tax-exempt nonprofits calling on their own behalf

If you rely on EBR, document the transaction date for every number you call. Courts have ruled that a vague EBR claim with no records is no defense.

Does the Do Not Call Registry apply to cell phones?

Yes. The National DNC Registry covers mobile numbers. The myth that it only covers landlines has been wrong since 2003. Consumers can register any phone number, cell phones included, and telemarketers must honor those registrations exactly as they do for landlines [3].

Cell phones carry a second layer of protection under the TCPA on top of the DNC rules. The TCPA separately bars using an automatic telephone dialing system (ATDS) or a prerecorded voice to call any mobile number without prior express consent, whether or not that number sits on the DNC list [2]. So for mobile numbers you face two distinct requirements: the DNC scrub and the ATDS/consent rule. Miss either one and it is a separate violation.

The FCC's 2015 Declaratory Ruling and Order (FCC 15-72) held that the ATDS definition is broad and that reassigned numbers are a live risk. A consumer gives you consent, gives up the number, the carrier reassigns it, and the new owner's first complaint may be your first notice of the problem [10].

For more on how the registry treats mobile numbers, see mobile phone do not call list.

Some states add a third layer. Tennessee, for one, runs its own do not call list (do not call list TN) through the Tennessee Department of Commerce and Insurance. Tennessee telemarketers must scrub both the federal registry and the state list. Florida and Indiana keep similar parallel state lists [11].

How do state Do Not Call laws add to the federal rules?

The federal registry is a floor, not a ceiling. Roughly half the states keep their own DNC registries, their own registration portals, and their own enforcement arms. Target consumers across several states and you may need to scrub several registries, not only the federal one.

Some state rules run stricter than federal in specific ways:

  • Calling hours. Federal rules permit calls between 8 a.m. and 9 p.m. in the consumer's local time. Some states use narrower windows, and enforcement interpretations vary.
  • Registration coverage. The federal EBR window is 18 months. Some states use shorter windows or drop the EBR exemption entirely.
  • Per-call penalties. State penalties often top the TCPA's $500 floor. Florida's Telephone Solicitation Act allows $500 per call plus attorneys' fees, so a small state-level class action can hurt as much as a federal one [12].
  • Separate registration. Some states require telemarketers to register with the state AG or a licensing authority before calling, on top of the DNC scrub.

Targeting Florida, Indiana, Pennsylvania, or Tennessee heavily? Read the state rules before your next campaign. Our Florida do not call list, Indiana do not call list, and do not call list PA articles break down each state's exact requirements.

A multistate campaign without state-level scrubbing is a common, expensive mistake.

How do you register to access the National DNC Registry for scrubbing?

To scrub legally, register with the FTC at donotcall.gov and pay an annual fee based on how many area codes you want to download [1]. The first five area codes are free. Each additional area code costs $75 per year, capped at $18,936 per year for all area codes nationally [3].

The practical process:

1. Go to the Telemarketer Registration portal at donotcall.gov. 2. Create an organization account and pay the access fee. 3. Download the registry data for your target area codes. The data comes as a text file of phone numbers. 4. Load that file into your dialer or CRM and suppress any matches before calling. 5. Repeat the download at least every 31 days.

You have to keep records of when you accessed the registry, which version you downloaded, and how you applied it to your lists. The FTC expects those records if it investigates a complaint.

Third-party scrubbing vendors can handle steps 2 through 4, and many dialer platforms (Five9, NICE CXone, and others) build DNC scrubbing in. Outsourcing the technical scrub is fine. The legal obligation stays with your company. If your vendor makes a mistake, you get the complaint.

LeadCompliant has a free DNC number checker if you want to verify individual numbers fast. For the full registration walk-through, our do not call telemarketer list article covers it step by step.

The chart below breaks down registry access costs by tier.

What records do telemarketers need to keep to prove compliance?

The TSR requires covered sellers and telemarketers to keep specific records for 24 months from the date each record was created [4]. Bad recordkeeping is itself a violation, and it wrecks your ability to defend a complaint.

Records you must keep:

  • Advertising and promotional materials for any goods or services promoted in telemarketing.
  • Written consent records for calls made under a prior express written consent exemption. The record must show the consumer's signature (electronic counts), the date, and the exact scope of consent given.
  • EBR documentation: transaction dates, inquiry dates, and the name of the company the relationship was with.
  • DNC access logs: dates you downloaded the registry, which area codes, and which version.
  • Calling scripts and recordings if you use prerecorded messages.
  • Do-not-call requests from individual consumers, with the date of the request and confirmation the number was added to your internal DNC list within 30 days.

The internal DNC list requirement is separate from the federal registry. Even if a number is not on the national list, once a consumer asks you directly to stop calling, you must honor that request indefinitely and document it. Ignore an individual do-not-call request and every later call is a $500 to $1,500 violation under the TCPA.

The LeadCompliant compliance kit includes customizable recordkeeping templates if you want a starting point rather than building from scratch.

For reporting the violations you receive, and understanding how complaints get processed, see do not call list report.

What happens when a consumer files a Do Not Call complaint?

When a consumer files a complaint at donotcall.gov or 1-888-382-1222, the FTC logs it in a database it uses to spot patterns of violations [1]. A single complaint rarely triggers enforcement. Volume does. A telemarketer generating dozens or hundreds of complaints from registered numbers signals a systematic problem.

The FCC runs a parallel complaint system for consumers. State AGs have their own intake systems too.

Consumers can also skip the agencies and sue you directly in federal or state court. The TCPA explicitly creates a private right of action. Any person who receives a call in violation of the TCPA DNC rules may sue in an appropriate court [2]. No minimum number of violations. No prior administrative process. This is why small outbound teams get hit by individual plaintiffs more often than by agency actions.

Get a complaint or a demand letter? Pull your records for that number first. When did you last scrub, was the number on your list at that point, do you have a consent or EBR record? Clean records give you a defense. No records means you call outside counsel before you respond.

The FTC publishes aggregated complaint data every year, and it is worth reading. It shows which industries generate the most complaints and helps you benchmark your own risk [8].

What is an internal Do Not Call list and why do you need one separate from the federal registry?

The federal DNC Registry covers consumers who registered there. Your internal DNC list covers everyone who has asked your specific company not to call, whether or not they are on the federal registry. Both lists are mandatory. They are not interchangeable.

When a consumer says "put me on your do not call list" during a call, you must honor that request within 30 days and keep it indefinitely [4]. Indefinitely means you cannot purge it after a year or when you switch CRMs. If you sell your business, the internal DNC list transfers with it.

Your internal list must cover the seller and any affiliated entities the consumer would reasonably expect the request to reach. If a consumer tells Company A to stop calling, and Company B runs under the same brand with the same numbers, Company B is probably covered too.

Building a reliable internal DNC process is easier than it sounds. A dedicated suppression list in your CRM. A clear workflow for any agent who gets a verbal do-not-call request. A regular audit to confirm the list applies at each call import. The hard part is the discipline to keep it going through agent turnover and system changes.

See the dnc registry article for how the federal registry fits into your broader suppression stack.

Are there Do Not Call rules for texts and SMS messages?

The DNC Registry covers voice calls. Text messages are a separate matter governed mainly by the TCPA, not the DNC rules, though the practical requirements overlap a lot.

Under the TCPA, sending a marketing text to a mobile number requires prior express written consent. That requirement applies whether or not the number is on the DNC list. The FCC has consistently treated commercial SMS as "calls" under the TCPA, because the statutory definition reaches text messages to mobile numbers [2].

The FCC's 2023 and 2024 rulemaking tightened text-marketing consent. The one-to-one consent rule, finalized in 2024 though its implementation timeline shifted after litigation, would require consent to name the specific seller rather than a lead generator [9]. If you buy leads and those leads consented to hear from "marketing partners," that consent likely does not protect you under the newer framework.

SMS compliance gets complex fast. The short version: scrub your SMS lists against the DNC registry as a conservative practice even though it is not technically required, get clear written consent that names your company, and honor opt-outs within 10 business days (the TSR standard) or faster.

Our SMS compliance section covers the opt-in and opt-out mechanics in detail for teams running text campaigns alongside voice.

Frequently asked questions

How long does it take for a number to be protected after someone registers on the Do Not Call list?

Registrations take effect within 31 days of the date a consumer signs up at donotcall.gov or by calling 1-888-382-1222. After that 31-day window, any covered telemarketer who calls the number is in violation. The registration itself does not expire. Numbers stay on the list permanently unless the consumer removes them or the number is disconnected and reassigned.

Can I call someone on the Do Not Call list if they gave me their number on a web form?

Potentially yes, if the form captured clear prior express written consent that names your company and describes the type of calls. Generic "by submitting this form you may receive calls from our partners" language will not hold up. Courts and the FCC ask whether a reasonable consumer understood what they agreed to. Thin or buried consent language is a recurring cause of TCPA class actions.

What is the established business relationship exemption and how long does it last?

The EBR exemption lets you call a consumer who bought something from your company in the past 18 months, or who made an inquiry within the past 3 months, even if their number is on the DNC list. The clock starts from the most recent transaction or inquiry. The EBR is company-specific. A relationship with a lead vendor or affiliate does not count as your EBR. Document transaction dates, because the burden of proving the EBR is on you.

Does the Do Not Call list apply to B2B calls?

Business-to-business calls sit outside the National DNC Registry's scope under the TSR, which focuses on consumer telephone solicitations. But cell phones blur the line. If a business contact's personal cell number is on the registry, calling it for commercial purposes can still be a violation. And TCPA autodialer rules apply to mobile numbers no matter the business or consumer context of the call.

How do I check if a specific number is on the Do Not Call list?

Consumers can verify their own number at donotcall.gov. Telemarketers cannot look up individual consumer numbers in an "is this number registered" format through the public portal. They access the full registry by area code through the paid telemarketer access system. Third-party DNC scrubbing tools and some dialer integrations allow real-time lookups against the most recent registry download.

What does Tennessee's state Do Not Call list require beyond the federal rules?

Tennessee keeps its own do not call list (do not call list TN) through the Tennessee Department of Commerce and Insurance. Telemarketers targeting Tennessee consumers must scrub both the federal registry and the Tennessee state list. Tennessee's telephone solicitation law imposes its own registration and calling-hour requirements. Penalties under Tennessee law can stack on top of federal TCPA and TSR penalties for the same call.

How much does it cost to access the National DNC Registry?

The FTC provides access to the first five area codes at no charge. Beyond that, each additional area code costs $75 per year. National access to all area codes is capped at $18,936 per year under the current FTC fee schedule. Organizations calling within a limited geographic area can hold cost down by subscribing only to the area codes they actually dial.

Can a consumer sue me directly for a Do Not Call violation, or do they have to file an FTC complaint first?

A consumer can sue you directly in federal or state court under the TCPA without any prior agency complaint. The TCPA's private right of action is explicit in the statute (47 U.S.C. § 227(c)(5)). There is no administrative exhaustion requirement. Damages are $500 per violation, or $1,500 if the violation was willful. Courts can, and regularly do, certify class actions under this provision.

How long do I have to honor an individual do-not-call request from a consumer?

You must add the number to your internal DNC list within 30 days of the consumer's request, and the suppression lasts indefinitely. There is no expiration. You cannot remove a number from your internal list after a year or after a CRM migration. If a consumer later gives you fresh consent to call, document that consent carefully. Absent that, the suppression stays.

What is the difference between the FTC Do Not Call list and the FCC rules?

The FTC enforces the Telemarketing Sales Rule (16 CFR Part 310) against sellers and telemarketers engaged in commercial telephone solicitation. The FCC enforces the TCPA (47 U.S.C. § 227) rules, which cover autodialers, prerecorded messages, and the DNC protections for residential and mobile numbers. Both agencies use the same underlying registry, but they can bring independent enforcement actions, and state AGs can act under either framework.

Do robocalls and prerecorded messages have different rules from live calls?

Yes, stricter ones. A prerecorded message or robocall to a residential number for commercial purposes requires prior express written consent under the TCPA, even if the number is not on the DNC list. A live call from a human agent to a residential number without an autodialer follows DNC rules but does not require prior consent unless the number is registered. The autodialer and prerecorded rules add a consent layer on top of the DNC layer.

How do I report someone who is calling me despite being on the Do Not Call list?

File a complaint at donotcall.gov or call 1-888-382-1222. You can also file with the FCC and with your state attorney general's consumer protection office. Provide the caller's number, the date and time of the call, and what was said. The FTC uses complaint data to spot patterns and build enforcement cases. Individual complaints rarely trigger immediate action, but aggregate data does.

If I buy a lead list, am I responsible for DNC violations if those numbers are on the registry?

Yes. Buying a list does not shift legal risk to the list vendor. The FTC holds the company that benefits from the call, the seller or telemarketer, responsible for scrubbing numbers before calling. Your contract with a list vendor may give you an indemnification claim against them, but that does not erase your liability to the consumer or the regulator. Scrub every purchased list before use.

Sources

  1. FTC, National Do Not Call Registry (donotcall.gov): The FTC operates the National Do Not Call Registry; consumers register at donotcall.gov or 1-888-382-1222.
  2. Cornell Legal Information Institute, 47 U.S.C. § 227 (Telephone Consumer Protection Act): TCPA establishes $500 per unintentional violation and $1,500 per willful violation, creates a private right of action, and prohibits autodialer calls to mobile numbers without prior express consent.
  3. FTC, National Do Not Call Registry Data Book (annual report, FY 2023 edition): The registry held more than 249 million active registrations as of FY 2023; access fees are free for the first five area codes and $75 per additional area code.
  4. FTC, Telemarketing Sales Rule (16 CFR Part 310): TSR requires telemarketers to access an updated registry version no more than 31 days before any call; EBR window is 18 months for transactions and 3 months for inquiries; records must be kept for 24 months.
  5. FTC, Complying with the Telemarketing Sales Rule (business guidance): The registry applies to any telephone number a consumer registers, including personal cell phones used for business.
  6. FTC, Federal Register notice on annual civil penalty inflation adjustments (16 CFR Part 1): The civil penalty maximum for TSR violations is $51,744 per violation as of the most recent annual adjustment.
  7. WebRecon LLC, Consumer Litigation Statistics (annual report): The TCPA is among the most litigated consumer protection statutes in the United States by annual federal case count.
  8. FTC, News and press releases on robocall enforcement actions: The FTC obtained a $225 million judgment against a robocall operation in 2021; the FTC publishes aggregated Do Not Call complaint data annually.
  9. Florida Legislature, Florida Telephone Solicitation Act, Fla. Stat. § 501.059: Florida's Telephone Solicitation Act provides $500 per violation damages and allows attorney fee awards, enabling private actions against telemarketers.

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit