Last updated 2026-07-09

TL;DR
To legally make telemarketing calls, you must register with the FTC's National Do Not Call Registry at donotcall.gov, pay an annual fee (currently $79 per area code, up to $16,714 for all area codes), download the registered numbers, and remove them from your call lists before dialing. You must re-scrub at least every 31 days.
What is the National DNC Registry and who runs it?
The National Do Not Call Registry is a federal database of phone numbers whose owners have asked not to receive telemarketing calls. The Federal Trade Commission built it and still administers it under the Telemarketing Sales Rule (16 CFR Part 310) [1]. The FCC enforces the same list against telemarketers through rules implementing the Telephone Consumer Protection Act, 47 U.S.C. § 227 [2].
Two agencies, one list. That dual-enforcement structure is what makes DNC violations so expensive: the FTC can pursue you for TSR violations and the FCC can pursue you for TCPA violations at the same time, and so can state attorneys general.
Consumers register at donotcall.gov. Their numbers become effective 31 days after registration. After that, calling them for telemarketing purposes without an established business relationship or written consent triggers liability. As of mid-2025, the registry holds over 240 million registered numbers [9].
For a broader look at how the do not call list works from the consumer side, that context matters when your team gets pushback calls from people who think they're protected.
Who is required to register and access the DNC list?
Any person or organization that makes telephone solicitations to residential consumers in the U.S. is required to access the National DNC Registry before calling [1]. That covers B2C outbound sales teams, third-party lead generators calling on your behalf, fundraisers (with some limits), and political callers who also make commercial pitches.
B2B calling is a partial exception. The registry covers residential numbers, and calls made to businesses for business-to-business purposes fall outside the TSR's DNC requirements in most cases [1]. But the line blurs fast. A cell phone used by a sole proprietor for both personal and business calls is often treated as residential. When in doubt, scrub it.
Even callers with full established-business-relationship exemptions still have to access the registry. The exemption is a defense against liability if you call a registered number, not a pass on pulling the data [1].
A few callers are fully exempt from accessing the registry: purely non-commercial charitable solicitations, political calls, survey calls with no sales component, and calls to consumers who have given prior express written consent to hear from your specific company [1]. If you fall into any of those buckets, confirm the scope of your exemption with counsel before you skip registration.
If you use a third-party dialer or lead vendor, the legal duty to scrub does not transfer to them by default. Get written confirmation of who is responsible for scrubbing and how often.
How much does it cost to register with the DNC Registry?
Registration fees are set by the FTC under 15 U.S.C. § 6102 and adjusted periodically. For fiscal year 2024, the fee structure was:
| Access tier | Annual fee |
|---|---|
| First 5 area codes | No charge |
| Each additional area code (6th and beyond) | $79 per area code |
| Nationwide access (all area codes) | $16,714 |
Source: FTC, donotcall.gov fee schedule [3]
Say you're a small team calling into 10 states and covering maybe 30 area codes. You pay nothing for the first five and $79 each for the remaining 25, so $1,975 per year. That's cheap insurance against a $500-per-call statutory minimum.
Fees are paid annually and tied to your subscription year, not the calendar year. You pay when you first register, then again on each anniversary. Let your subscription lapse and keep calling, and you're working from stale data, which is its own compliance risk even if the numbers haven't changed.
Access to five or fewer area codes costs nothing. That covers a lot of small local businesses. But five area codes gets limiting fast if your team does any national calling.
Check the current fee schedule directly at donotcall.gov before you budget. The FTC adjusts fees periodically for inflation [3].
Step-by-step: how do you actually register and download the list?
Here is the exact process as of mid-2025.
Step 1: Go to donotcall.gov/business. The business portal is at https://www.donotcall.gov/business.html. This is where telemarketers (not consumers) register.
Step 2: Create an account. You'll need your organization's name, a valid email address, and a credit card for the fee if you're accessing more than five area codes. The account ties to your Subscription Account Number (SAN), which you'll use for all future downloads.
Step 3: Select area codes. Choose the area codes where you plan to call. Be honest here. Adding area codes later is allowed, but calling outside your subscribed area codes before you add them is a compliance gap.
Step 4: Pay the fee. Payment is processed at registration. You receive a SAN immediately.
Step 5: Download the data. The registry data comes as a text file (.txt). You can download the full file for your subscribed area codes or grab only the numbers added or removed since your last download (the delta file). For most scrubbing workflows the delta file between your last download date and today is enough, but re-downloading the full file periodically is a good sanity check.
Step 6: Load the data into your scrubbing process. This is where most small teams stumble. Downloading the file is not scrubbing. You have to actually compare your call list against the registry data and remove matching numbers before any call goes out.
Step 7: Document everything. Keep a record of every download: date, area codes accessed, SAN used, and who ran the scrub. If you're ever audited or sued, this log is your first line of defense.
For more detail on the download itself, the how do I get the do not call list guide covers the data formats and common technical snags.
How often do you have to scrub your call list against the DNC Registry?
The FTC's TSR requires telemarketers to scrub against the registry no more than 31 days before making a call [1]. That is a ceiling, not a suggested cadence. Scrub on January 1, start calling on February 2, and you're at 32 days and out of compliance.
Most compliant teams scrub at the start of every new campaign or weekly for ongoing campaigns, whichever comes first. Daily scrubbing is overkill for most small teams, but it makes sense if you're pushing high-volume inbound leads straight into an outbound queue.
The 31-day rule also means your downloaded registry file has a shelf life. A file pulled more than 31 days ago cannot certify compliance for calls made today. Some teams think downloading once and keeping the file is fine. It is not.
Here is the statute language. The TSR states that sellers and telemarketers must "not call any telephone number" in the registry and must access the registry data "no more than 31 days prior to the date any call is made" [1].
For campaigns that involve cell phones, add a layer. You also need to check whether the cell phone is on the registry and whether you hold TCPA-compliant prior express written consent. The mobile phone do not call list article explains how those two rules intersect.
What counts as a valid established business relationship (EBR) exemption?
An established business relationship (EBR) lets you call a registered number without violating the DNC rules, but it has a time limit and conditions.
Under FTC rules, an EBR exists if:
- The consumer made a purchase, rental, or financial transaction with your company within the past 18 months, OR
- The consumer made an inquiry or application to your company within the past 3 months [1]
Once either window closes, the EBR is gone. You can't call that registered number for telemarketing again without fresh consent.
Two limits worth remembering. First, the EBR is company-specific, not industry-specific. An EBR with Company A doesn't let Company B (even an affiliate) call that consumer. Second, if the consumer asks you to stop calling, that overrides the EBR permanently. You must honor a do-not-call request and add them to your internal DNC list within 30 days [1].
The FCC's TCPA framework uses similar but not identical language. For cell phone calls made with an autodialer or prerecorded message, the EBR defense largely does not apply. You generally need prior express written consent regardless [2]. This catches a lot of teams off guard.
Document your EBR basis for any call to a registered number. If a plaintiff's attorney or the FTC asks why you called a registered number, "we had an EBR" without supporting records is not a defense.
What are the penalties for calling someone on the DNC Registry?
The penalties are large enough to bankrupt a small operation if you rack up enough violations.
Under the FTC's Telemarketing Sales Rule, each violation can carry a civil penalty of up to $51,744 as of 2024 (the FTC adjusts this annually for inflation) [4]. Under the TCPA, each call to a registered number triggers statutory damages of $500 to $1,500 per call, with the higher amount available for willful violations [2].
Those per-call numbers are not theoretical. In 2023, the FTC and DOJ obtained a $299 million judgment against a robocall operation, though collection from individual defendants varied [5]. Smaller defendants have paid settlements in the $50,000 to $500,000 range for a few hundred illegal calls.
Class actions are the bigger risk for most small teams. Because every TCPA violation gives the called party a private right of action, plaintiff attorneys aggregate hundreds or thousands of calls into a single class suit. A team that made 2,000 calls to registered numbers faces $1,000,000 to $3,000,000 in statutory damages before negotiation.
State penalties stack on top. Florida and Indiana maintain their own DNC lists with separate penalty structures. Florida's Telephone Solicitation Act allows $500 per violation for calls to the state list [6]. See the florida do not call list and indiana do not call list articles for state-specific details.
There is one scenario where you can sleep at night. If you scrub in good faith inside the 31-day window and still accidentally call a registered number because of a data processing error, you may have a safe harbor defense. The FTC's safe harbor requires that you accessed the registry data within 31 days, kept a company-specific internal DNC list, trained your reps, and the violation came from an error [1]. Document all four.
How do you maintain an internal do-not-call list alongside the national registry?
The national registry is the floor, not the ceiling. You are also required under the TSR and TCPA to maintain your own internal do-not-call list and honor it [1] [2].
Your internal DNC list captures people who have specifically asked your company to stop calling. This is separate from the national registry. A consumer might not be on the national registry but still have the right to never hear from you again if they've asked you to stop.
The TSR requires you to honor internal DNC requests within 30 days of receiving them and to keep those records for five years [1]. The 30-day window is a maximum. Best practice is to process opt-outs within 24 hours.
What belongs on your internal DNC list? At minimum: phone number, date of the opt-out request, how it came in (verbal during a call, SMS reply, email), and who processed it. If you use a CRM, this is a suppression list field, not a contact tag.
Scrubbing your call lists means running against both the national registry and your internal DNC list every time. Running one and skipping the other is a compliance failure.
For teams using third-party lead vendors, your contract should require the vendor to honor your internal DNC list and not re-sell leads for contacts who have opted out with you. This is rarely automatic.
LeadCompliant's free TCPA compliance kit includes an internal DNC list template and a scrubbing checklist you can adapt to your CRM workflow.
Do state DNC lists require separate registration?
Yes, in many cases. Several states run their own do-not-call lists separate from the national registry, and some require separate registration and scrubbing [6] [7].
States with their own active DNC programs include:
| State | Separate registration required? | Notes |
|---|---|---|
| Florida | Yes | FL Telephone Solicitation Act, $500/violation |
| Indiana | Yes | Indiana Telephone Privacy Act |
| Pennsylvania | No (mirrors national) | Must still scrub national registry |
| Texas | No (mirrors national) | Some state-specific exemptions differ |
| Wyoming | Yes | Separate state list exists |
This table is not exhaustive. State laws change, and some states that once ran independent lists now rely on the national registry. Always verify current requirements for each state where your team calls.
For Pennsylvania-specific details, the do not call list pa article covers what's different there. Indiana's rules get their own treatment in the indiana do not call list article.
The practical takeaway: call into 10 states and you may need to register with and scrub against up to 10 separate lists on top of the national registry. Most compliance software handles multi-list scrubbing. Doing it by hand in Excel across multiple state files is where errors creep in.
What tools and processes should small teams use for DNC scrubbing?
Let me be direct about what actually works at different budget levels.
Manual scrubbing (Excel or SQL): You download the national registry text file, format it, and run a lookup against your call list. This works if your list is small (under 5,000 numbers) and you have someone who genuinely knows how to do a proper data match, including normalizing number formats (stripping dashes, parentheses, country codes). Most teams who say they do manual scrubbing actually do it wrong, because format mismatches cause false non-matches. A number on your list formatted as (555) 123-4567 will not match a registry entry of 5551234567 unless you strip the formatting first.
CRM-native scrubbing: Platforms like Salesforce and HubSpot have compliance add-ons, some built by third parties, that automate scrubbing. Quality varies widely. Before you trust any CRM scrubbing tool, test it with known DNC numbers to confirm it actually suppresses them.
Dedicated compliance platforms: Tools built specifically for DNC scrubbing (several vendors work this space; the FTC does not endorse specific vendors) pull the registry, apply your internal DNC list, and return a cleaned file or API response. These run anywhere from a few hundred to a few thousand dollars per year depending on volume. For teams making more than 10,000 calls per month, this almost certainly beats the staff time of manual scrubbing.
Process requirements regardless of tool:
- Scrub no more than 31 days before calling
- Normalize all phone numbers to a consistent format before matching
- Log the date, scope, and results of every scrub
- Scrub against both the national registry and your internal DNC list
- Re-scrub any list that's been sitting longer than 31 days before it hits your dialers
The dnc registry article goes deeper on the technical side of accessing and processing the data files.
What records do you need to keep to prove DNC compliance?
If the FTC or a plaintiff attorney ever asks for your compliance records, these are the documents that matter.
The TSR requires sellers and telemarketers to keep records demonstrating compliance for 24 months [1]. Some practitioners keep five years as a buffer, which matches the TSR's other recordkeeping rules and gives you cover for late-filed TCPA class actions.
The records you need:
Download logs: Date, time, SAN used, area codes accessed, and file name or hash for each registry download. If you use a third-party scrubbing service, get a written confirmation from them for each scrub with the same information.
Scrub logs: The date you ran the scrub, the size of the original list, the number of numbers suppressed, and the resulting clean list. Keep both the pre-scrub and post-scrub lists.
Internal DNC list with timestamps: Every number, when it was added, and how the request came in.
Training records: Documentation that every person who makes calls or manages campaigns has been trained on DNC compliance. A signed acknowledgment form works.
EBR documentation: If you call registered numbers under an EBR exemption, keep records showing the nature and date of the qualifying transaction or inquiry for each contact.
If you use a third-party lead vendor, keep the contract terms specifying who is responsible for DNC scrubbing. In FTC enforcement actions, the argument "our vendor was supposed to scrub" has not historically shielded companies from liability when the vendor failed [5].
For a broader look at how complaints flow into enforcement actions, the do not call list report article explains what happens after a consumer files a complaint.
Can you call cell phones, and does the DNC Registry cover them?
Cell phones can be registered on the National DNC Registry, and many are. If a cell number is on the registry, you face the same TSR and TCPA liability for calling it as you would for a residential landline [2].
There is an extra layer for cell phones that has nothing to do with the registry. The TCPA prohibits using an automatic telephone dialing system (ATDS) or prerecorded voice to call a cell phone without the called party's prior express consent, whether or not the number is on the DNC list [2]. The Supreme Court's 2021 ruling in Facebook v. Duguid narrowed the definition of ATDS, but the consent requirement for cell phones stayed put [8].
So for cell phones you face two overlapping frameworks: 1. DNC Registry rules: don't call if the number is registered (TSR/TCPA) 2. ATDS/prerecorded rules: don't use an autodialer or prerecorded message without prior express consent (TCPA)
You can call a cell phone that is not on the DNC registry using a human agent without an autodialer and be fine on the autodialer rule. But if that same number is on the registry, you still can't call it for telemarketing without an exemption.
For the full picture on cell phone rules, see the mobile phone do not call list article.
Where do you go to check or manage your DNC registration?
Everything for telemarketers lives at donotcall.gov. The business portal is at donotcall.gov/business.html. From there you can:
- Register for a new account and SAN
- Renew your annual subscription
- Add or remove area codes
- Download the registry data files (full or delta)
- Access your account history
Your SAN (Subscription Account Number) is the key credential. Keep it secure and don't share it with vendors unless you have a specific reason and a written agreement. If a vendor downloads registry data under your SAN and misuses it, you bear some responsibility.
Not sure whether your organization is registered? Search your records for a SAN. If you inherited a calling operation and can't tell whether it was ever registered, register immediately and don't call until you have a confirmed, current download.
For a plain-English walk-through of the FTC's side of this, the ftc do not call list article is a useful companion.
LeadCompliant offers a free DNC compliance checklist at leadcompliant.com that covers registration, download, scrub, and recordkeeping in a single-page format you can hand to whoever owns this process on your team.
This article is general information, not legal advice. If you're facing an active FTC investigation or a TCPA class action, talk to a telemarketing compliance attorney.
Frequently asked questions
How do I register with the National DNC Registry as a business?
Go to donotcall.gov/business.html, create an account, select the area codes you plan to call into, and pay the fee if you need more than five area codes. You'll receive a Subscription Account Number (SAN) immediately. Use that SAN to download the registry data files before calling. The whole setup process takes under 30 minutes.
How much does it cost to access the National DNC Registry?
Access to the first five area codes is free. Each additional area code costs $79 per year as of 2024. Nationwide access to all area codes costs $16,714 per year. These fees are set by the FTC and adjusted periodically. Small teams calling into a limited geographic area often pay nothing or a few hundred dollars per year.
How often do I need to scrub my call list against the DNC Registry?
The FTC's Telemarketing Sales Rule requires that you access the registry data no more than 31 days before making any call. A list scrubbed 32 or more days ago cannot be used to certify compliance today. Most teams scrub at the start of each new campaign and weekly for ongoing campaigns. Daily scrubbing is available but overkill for most small operations.
What is a Subscription Account Number (SAN) and why do I need one?
A SAN is the unique identifier assigned to your organization when you register with the National DNC Registry. You use it to log in, download registry data, and document your compliance activity. It's your proof of registration. Keep it on file. If you're audited or sued, your SAN and download logs are the first evidence you'll need to show good-faith scrubbing.
Does the DNC Registry cover business-to-business calls?
Generally no. The National DNC Registry covers residential numbers, and the FTC's TSR exempts most B2B telemarketing from DNC requirements. But the line isn't always clean: cell phones used by sole proprietors can be treated as residential, and some states have broader coverage. When a number could go either way, scrub it. The cost of scrubbing is close to zero; the cost of a wrong call is not.
What is the established business relationship exemption and how long does it last?
An established business relationship (EBR) lets you call a registered number if the consumer made a purchase or transaction with your company in the past 18 months, or made an inquiry or application in the past 3 months. Once those windows close, the exemption expires. An EBR is company-specific; it doesn't transfer to affiliates. If the consumer has already asked you to stop calling, the EBR is overridden permanently.
What happens if I call someone who is on the DNC Registry?
You face potential civil penalties of up to $51,744 per violation under FTC rules (2024 figure) and $500 to $1,500 per call in statutory damages under the TCPA. Private class action lawsuits are common because every called party has a right to sue. Multiple calls to a registered number multiply those figures fast. The FTC also has authority to seek injunctive relief, which can shut down a calling operation entirely.
Do I need to register with state DNC lists separately?
In some states, yes. Florida, Indiana, and a handful of others maintain their own DNC lists with separate registration requirements and penalty structures. Pennsylvania and Texas currently mirror the national registry without a separate list. State rules change, so verify requirements for each state where your team calls before starting a new campaign.
Can I call a cell phone number that isn't on the DNC Registry?
If the number isn't on the registry, you clear one hurdle. But the TCPA still prohibits using an autodialer or prerecorded message to call any cell phone without prior express consent, regardless of DNC status. A human agent calling manually to a cell number not on the registry is generally fine. An autodialer calling the same number without consent is a TCPA violation even if the number isn't registered.
How long do I need to keep DNC compliance records?
The FTC's TSR requires telemarketers to keep compliance records for 24 months. Many practitioners keep records for five years because other TSR recordkeeping rules use that timeframe and because TCPA class actions can surface years after the calls were made. Keep download logs, scrub logs, internal DNC lists with timestamps, training records, and any EBR documentation for every contact called on a registered number.
What is the difference between the national DNC Registry and an internal do-not-call list?
The national registry is a federal database consumers opt into at donotcall.gov. Your internal DNC list is a company-specific list of people who have personally asked your organization to stop calling them. Both are legally required: you scrub against the national registry for regulatory compliance, and you scrub against your internal list to honor individual opt-out requests. Missing either one creates liability.
What safe harbor protects companies that accidentally call a DNC-registered number?
The FTC's safe harbor applies if you accessed the registry within 31 days before calling, maintained an internal DNC list, trained your calling staff on compliance, and the violation resulted from an error despite those procedures. It is an affirmative defense, meaning you have to prove you met all four conditions. Document each element in advance; you can't reconstruct this evidence after a complaint arrives.
Can I use a third-party service to handle DNC scrubbing instead of doing it myself?
Yes, and for teams making more than a few thousand calls per month it usually makes sense. But the legal responsibility does not transfer automatically. You need a written agreement specifying that the vendor is responsible for scrubbing, how often they scrub, which lists they check, and what documentation they provide. Get a scrub confirmation for every campaign. If the vendor fails and you make illegal calls, you share the liability.
Sources
- FTC, Telemarketing Sales Rule (16 CFR Part 310) and National Do Not Call Registry: TSR requirements for accessing the National DNC Registry, 31-day scrubbing interval, internal DNC list obligations, EBR windows (18 months for transactions, 3 months for inquiries), and 24-month recordkeeping requirement
- Cornell LII, 47 U.S.C. § 227 (Telephone Consumer Protection Act): TCPA statutory damages of $500 to $1,500 per call and prohibition on using ATDS or prerecorded voice to call cell phones without prior express consent
- FTC, donotcall.gov business registration and fee schedule: First five area codes free; $79 per additional area code per year; $16,714 for nationwide access; SAN issuance process
- FTC, Civil Penalty Inflation Adjustments (16 CFR Part 1): Maximum civil penalty per TSR violation is $51,744 as of 2024, adjusted annually for inflation
- FTC, Press Releases (DOJ obtains $299 million robocall judgment, 2023): FTC and DOJ obtained a $299 million judgment against a robocall operation in 2023
- Florida Legislature, Florida Telephone Solicitation Act (FTSA), Fla. Stat. § 501.059: Florida's Telephone Solicitation Act allows $500 per violation for calls to the state DNC list and requires separate state registration
- Indiana Attorney General, Indiana Telephone Privacy Act (Ind. Code § 24-4.7): Indiana maintains a separate state DNC list under the Indiana Telephone Privacy Act requiring separate registration and scrubbing
- U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court narrowed the definition of ATDS under the TCPA in 2021, but the prior express consent requirement for autodialed calls to cell phones remains in effect
- FTC, National Do Not Call Registry Data Book FY 2023: As of mid-2025 the National DNC Registry contains over 240 million registered phone numbers