Under the do-not-call registry rules, what a telemarketer must do

The DNC registry rules require telemarketers to scrub lists every 31 days, honor opt-outs within 30 days, and face $51,744 per-violation fines. Full requirements here.

LeadCompliant Team
23 min read
In This Article

Last updated 2026-07-09

Person reviewing call records at desk under afternoon light, telemarketing compliance work
Person reviewing call records at desk under afternoon light, telemarketing compliance work

TL;DR

Under the FTC's Do Not Call Registry rules (16 CFR Part 310) and the FCC's parallel TCPA regulations (47 USC 227), a telemarketer must scrub its call list against the National DNC Registry at least every 31 days, keep its own company-specific DNC list, honor individual opt-out requests within 30 days, and skip registered numbers. Miss any of it and fines reach $51,744 per violation.

What exactly is a telemarketer required to do under DNC rules?

A telemarketer has to satisfy two rulebooks at once, and most founders discover the second one too late. The first is the FTC's Telemarketing Sales Rule (TSR), at 16 CFR Part 310, which covers most outbound sales calls. The second is the FCC's rules under the Telephone Consumer Protection Act, 47 USC 227, which stacks extra requirements on autodialed and prerecorded calls. Both agencies can fine you independently.

At the core, any entity making telemarketing calls to U.S. consumers must access the National Do Not Call Registry before calling. The FTC's rule states a seller or telemarketer "may not call a number that is registered on the National Do Not Call Registry" unless a specific exemption applies. [1] Those exemptions are narrow: an established business relationship (EBR) that meets the TSR's definition, written consent from the consumer, or a call that the rule doesn't cover at all (certain B2B calls, political calls, and purely charitable solicitations fall outside the TSR's commercial framework).

Beyond the registry itself, the rules impose four categories of affirmative obligations:

1. List scrubbing on a 31-day cycle. 2. Maintaining a company-specific internal DNC list. 3. Honoring opt-out requests within 30 days. 4. Disclosing who's calling and why, within the first few seconds of the call.

Each one has teeth. Missing a single obligation creates its own liability, so compliance isn't pass-fail across the board. You can scrub perfectly and still get sued because you didn't honor a verbal opt-out fast enough.

How often does a telemarketer have to scrub against the DNC registry?

Every 31 days. That's the statutory interval, and it's a hard line, not a suggestion. The FTC's TSR at 16 CFR 310.4(b)(3)(iv) requires a telemarketer or seller to access the registry no more than 31 days before any call is placed. [1] If your last scrub was 32 days ago, the protection you thought you had is gone, and any call to a registered number after day 31 is a fresh violation.

Most professional operations run a scrub weekly, sometimes daily on active campaigns. The 31-day rule is the legal floor, not the recommended cadence. Running close to the limit is a real risk. Data pipelines lag, vendors take time to process files, and one scheduling hiccup pushes you past day 31.

To access the registry, a telemarketer must register as an organization with the FTC. Registration is annual, and the cost scales by the number of area codes you need. As of 2024, the first five area codes are free; each additional area code costs $79 per year, capped at $17,082 for all U.S. area codes. [2] That fee covers access for one organization. If a lead-generation company calls on behalf of multiple sellers, each seller needs its own registry subscription and has to verify independently that numbers are clean.

Here's the mistake I see constantly. A team scrubs a list once at launch and treats it as valid forever. Consumer numbers churn. People add themselves to the registry after you scrub. A number clean on day one can be registered by day 45, and if you're still dialing it, you have a problem.

What is the company-specific DNC list, and how long must it be kept?

Separate from the national registry, every telemarketer has to keep its own internal do-not-call list. This one covers people who asked not to be called by your specific company, even if their number never touched the national registry. The FTC's TSR and the FCC's rules both demand it. [1][3]

The mechanics under FCC rules (47 CFR 64.1200(d)) are specific. You need a written policy for maintaining the list. You have to train staff who make calls on how to honor requests. When a consumer says "don't call me again," that request gets recorded and honored within 30 days. [3] The FCC's 2003 order set that 30-day window, and it hasn't changed since. [12]

How long do you keep a suppression record? Indefinitely, for practical purposes. The TSR doesn't set an expiration for company-specific DNC entries. The FCC requires internal list entries to be honored for five years from the date of the request. [3] Drop someone off your internal list before the five-year mark and call them again, and that's a violation.

A sane operational approach: import every opt-out into one central suppression file, timestamp it, and run every new campaign list against that file before dialing. Many CRMs have a suppression field. Standalone suppression tools are worth a look for teams calling at any real volume. This is the one place where a manual process eventually fails you.

Key DNC telemarketer compliance numbers Thresholds and penalties every outbound team must know 52k Max FTC fine per TSR violation 1,500 Max TCPA private suit per willful call 30 Days to honor opt-out request 31 Days between required regis… scrubs Source: FTC (16 CFR Part 310), FCC (47 USC 227), FY2024 penalty schedule

What are the call-time and disclosure requirements for telemarketers?

The DNC rules govern more than who you can call. They also govern when and how. The TSR bans calls before 8 a.m. or after 9 p.m. in the called party's local time zone. [1] The consumer's time zone counts, not yours. A 6 p.m. call from a Pacific-time office to an Eastern-time consumer lands at 9:05 p.m. their time. That's a violation.

At the start of every call, the telemarketer must promptly disclose:

  • The caller's name.
  • The name of the company on whose behalf the call is being made.
  • That the purpose of the call is to sell goods or services (where applicable).

For prerecorded message calls (robocalls), the FCC adds an immediate opt-out requirement. The message has to include an automated, interactive opt-out that stays available throughout the call, not only at the end. [4] This matters if you use any recorded outreach, including voicemail drops that play a recording when a live person picks up.

Caller ID rules are separate but linked. Under the TSR and FCC rules, a telemarketer must transmit caller ID information. Blocking or spoofing it is independently prohibited under the Truth in Caller ID Act, 47 USC 227(e). [5] The number transmitted has to be either the actual number you're calling from or a number where you can be reached and where a DNC request can be made.

What exemptions let a telemarketer call a number on the DNC registry?

Three main exemptions exist, and each has conditions that are easy to blow.

Established Business Relationship (EBR). Under the TSR, an EBR exists if the consumer made a purchase, rental, or transaction with the seller within the past 18 months, or made an inquiry or application within the past 3 months. [1] The EBR belongs to the seller who has the relationship. A lead-generation company can't borrow a client's EBR. And if the consumer told the company not to call, an active EBR is overridden anyway.

Prior Express Written Consent. If the consumer gave written consent (electronic counts) specifically authorizing calls from that seller, the registry doesn't block them. The consent has to be clear and conspicuous, has to name the seller, and can't be buried in a terms-of-service document. [4] The FCC has been exact about what "prior express written consent" means for autodialed calls. An opt-in checkbox that checks itself by default doesn't meet the standard.

Exempt Call Categories. The TSR applies to calls made for a commercial purpose. Purely political calls, calls by or on behalf of tax-exempt nonprofits, calls that aren't telephone solicitations (a survey with no sales pitch, for example), and business-to-business calls where neither party is a consumer generally sit outside the registry requirement. [1] "Generally" is carrying weight in that sentence. B2B has real carve-outs, but if your B2B call includes a consumer-product pitch or reaches a home office line, you're likely back inside the rules.

For cold calling teams at small companies, the EBR exemption is the most commonly used and the most commonly abused. Eighteen months sounds generous, but the clock runs from the last transaction, not the last conversation.

What do DNC rules say about autodialers and prerecorded messages?

This is where the TCPA piles requirements on top of the TSR. Under 47 USC 227(b), using an automatic telephone dialing system (ATDS) or a prerecorded voice to call a cell phone requires prior express consent, full stop. [4] Once autodialers are in play, the registry status of the number is almost secondary to the consent question.

The TCPA's definition of an ATDS has been fought over hard. The Supreme Court's 2021 decision in Facebook v. Duguid, 592 U.S. 395, narrowed it: a system has to "use a random or sequential number generator" to store or produce numbers to count as an ATDS. [6] That ruling helped some defendants. It didn't kill autodialer liability. Plenty of modern dialers still qualify under the narrowed definition, and prerecorded-voice rules apply whether or not an ATDS is used.

For residential landlines, prerecorded messages for commercial purposes need either an EBR or written consent. For wireless numbers, the bar is higher: prior express written consent for any prerecorded or autodialed call with a commercial purpose. [4]

If you're weighing AI cold calling or any automated outreach, settle whether your tech qualifies as an ATDS under the post-Duguid standard before you start a campaign. Not after a lawsuit lands.

What are the DNC violation fines, and who enforces them?

The FTC can fine telemarketers up to $51,744 per violation of the TSR as of 2024. [7] The FCC can impose separate fines under the TCPA for autodialer and prerecorded call violations, up to $1,500 per call for willful or knowing violations. [4] The two regimes run independently. One bad call can generate liability under both.

State attorneys general can also enforce the national registry rules under the TSR, and many states run their own do-not-call laws with separate penalty structures. Florida, Texas, Indiana, and Oklahoma, among others, keep state DNC lists or enhanced call-time restrictions that layer on top of federal rules. [8]

Private plaintiffs have a right of action under the TCPA. A consumer can sue for $500 per violation, or $1,500 if it was willful. [4] Because TCPA cases can be filed as class actions, the total exposure from one bad campaign can run into the millions. The plaintiff's bar chases these cases, and the case law since 2015 shows no shortage of willing plaintiffs.

The FTC has brought hundreds of enforcement actions since the registry launched in 2003. Major cases have settled anywhere from hundreds of thousands to tens of millions of dollars. [9] Small companies aren't safe. The FTC has gone after businesses with fewer than 10 employees when the violations were systematic.

Key DNC telemarketer obligations at a glance

The table below sums up the main requirements, the governing rule, and the consequence of non-compliance. Treat it as a working reference, not a full legal analysis.

RequirementGoverning RuleConsequence of Violation
Scrub against national DNC registry16 CFR 310.4(b)(3)(iv)Up to $51,744 per call (FTC)
Maintain internal company DNC list16 CFR 310.4(b)(1)(iii); 47 CFR 64.1200(d)Per-call FTC/FCC fines; private suits
Honor opt-out requests within 30 days47 CFR 64.1200(d)(3)$500-$1,500 per call (TCPA private right)
Call only between 8 a.m. and 9 p.m. local16 CFR 310.4(c)Per-call FTC fines
Transmit accurate caller ID47 USC 227(e)FCC fines; possible criminal penalties
Obtain consent for autodialed cell calls47 USC 227(b)(1)(A)Up to $1,500/call TCPA + FCC fines
Disclose name of caller and seller16 CFR 310.4(d)Per-call FTC fines
Register with FTC to access registry16 CFR 310.8No registry access; unverifiable compliance

One table, the whole burden. Each row is an independent obligation. Check off six of eight and miss two, and you're still exposed on those two.

What records must a telemarketer keep, and for how long?

The TSR requires sellers and telemarketers to keep records for 24 months from the date the record is created. [1] Those records include advertising materials, information about prize recipients, sales records, employee records, and, most relevant here, records of a consumer's consent or any DNC request.

The FCC's rules under 47 CFR 64.1200(d) require company-specific DNC requests to be honored for five years. [3] That's a longer horizon than the TSR's 24-month general window, so for opt-outs specifically, the five-year standard should govern.

What does "records" mean in practice? At minimum:

  • The suppression list itself, with timestamps of each opt-out request.
  • Documentation of when each campaign list was scrubbed and against which version of the national registry.
  • Consent records for any consumer who got an autodialed or prerecorded call.
  • Call logs detailed enough to reconstruct which number was called when.

Recordkeeping is where small teams fall short over and over. A spreadsheet kept by one person, with no audit trail, is not a defensible record system. The moment a demand letter or FTC civil investigative demand hits, you need to reconstruct your scrub cadence and consent chain. If you can't, the default assumption runs against you.

For teams building out compliance infrastructure, LeadCompliant's one-time compliance kit includes a recordkeeping template built around these retention windows.

How do the DNC rules apply to text messages and SMS?

Text messages to wireless numbers fall under the TCPA the same way calls do. The FCC has consistently held that an SMS text message is a "call" for purposes of 47 USC 227(b). [4] So autodialed texts to cell phones without prior express written consent are prohibited, and a number's presence on the national DNC registry is a second, independent reason to leave it alone.

The DNC Registry was built mainly for voice calls, but FCC rules and case law (including Marks v. Crunch San Diego, LLC, 904 F.3d 1041 (9th Cir. 2018)) confirmed the TCPA's protections reach texts. [10] Practically speaking, if a number is on the DNC registry, don't send it unsolicited commercial SMS. Full stop.

Marketing texts trigger opt-out obligations too. Under FCC rules and the CTIA Messaging Principles, which carriers enforce by contract, a consumer who replies STOP has to come off your list immediately. A 30-day window is far too slow for SMS. Carrier enforcement moves faster than the FTC ever will.

The 2024 FCC one-to-one consent rule (FCC 23-107, effective January 2025) requires consent for autodialed texts to come from the specific seller who'll send the messages. A shared consent form covering multiple brands or partners doesn't cut it. [11] Lead generation companies and aggregators should have rebuilt their consent flows by January 2025 if they were relying on single-form multi-seller consent.

What should a telemarketer actually do to stay compliant day to day?

Compliance is a process, not a document you file once. Here's what a defensible daily operation looks like for a small outbound team.

Before any campaign launches: scrub the prospect list against the national registry (downloaded fresh, no more than 31 days old) and against your internal suppression file. Log the date of each scrub and the registry version used. If any numbers lack clear consent records, don't call them with an ATDS.

When a call happens: make sure callers identify themselves and the company within the first few seconds. Set your dialer to transmit accurate caller ID. Don't place calls outside 8 a.m. to 9 p.m. local time for the called party.

When a prospect says stop: log the opt-out in your suppression system that same day, with a timestamp. Don't wait 30 days to add it. The 30-day rule is the outside limit, not a processing deadline.

Once a month at minimum: audit a sample of recent calls against your suppression file to confirm nobody slipped through. Review your scrub dates. Check whether any new state DNC lists apply to your target markets.

Every year: renew your FTC registry subscription. Review your consent language against current FCC guidance, especially given the one-to-one consent changes from 2024. If you use a third-party telemarketer or lead provider, get their compliance certifications in writing.

If you're just building this out, LeadCompliant's free DNC checker and compliance kit are a practical starting point. They won't replace legal counsel for hard cases, but they handle the operational mechanics most small teams neglect.

If you're fuzzy on what cold calling even covers in a legal sense, start with the cold calling definition and what is cold calling in sales as legally defined activities before layering compliance requirements on top.

Does the DNC registry apply to B2B calls?

Mostly not, with real exceptions. The TSR and the national registry focus on calls to "residential telephone subscribers." Pure B2B calls, where you're calling a business to sell something to that business, generally sit outside the TSR's scope. [1] The FCC's rules similarly carve out calls to businesses from many of the residential protections.

The carve-out isn't unlimited. If you call a cell phone that a businessperson also uses personally (which is nearly every cell phone in 2024), the TCPA's wireless number protections apply no matter your intent. The phone is personal property. Autodialing it without consent is a TCPA problem even if your pitch is pure B2B. [4]

Some states close the gap further. Washington state's DNC rules reach more broadly than the federal version. Indiana runs a commercial call registry. Florida's Telemarketing Act covers some B2B activity depending on the type of seller. [8] The federal B2B exemption doesn't pre-empt state laws that go further.

Practical rule: if you're calling cell phones in a B2B context with any form of autodialer or prerecorded message, treat the TCPA requirements as if they apply. The cost of getting consent is low. The cost of getting it wrong is not.

If you want to understand the mechanics of a cold call before deciding which rules apply, start there, then layer the regulatory analysis.

Frequently asked questions

How long does a telemarketer have to honor a do-not-call request?

The FCC's rules under 47 CFR 64.1200(d)(3) require company-specific do-not-call requests to be honored within 30 days of the request. That 30-day window is the legal maximum, not a target. Most compliance teams log opt-outs the same day. Once recorded, the suppression must stay in place for at least five years under FCC rules.

Can a telemarketer call a number on the DNC registry if there is an existing customer relationship?

Yes, under the Established Business Relationship exemption, but only if the consumer made a purchase within the past 18 months or an inquiry within the past 3 months, and only if the consumer hasn't since made a company-specific do-not-call request. The EBR belongs to the specific seller and can't be transferred to or used by a lead generator or affiliate.

What is the maximum fine for calling a number on the do-not-call registry?

The FTC can impose fines up to $51,744 per violation of the Telemarketing Sales Rule as of 2024. The FCC can add up to $1,500 per call for willful TCPA violations. Private plaintiffs can sue for $500 per violation ($1,500 if willful). Multiple enforcement actions can stack, so a single call can generate liability under more than one authority at once.

Does the national DNC registry cover text messages?

The FCC has held that text messages to wireless numbers are "calls" under 47 USC 227(b), so TCPA protections apply. The national registry was built for voice calls, but sending unsolicited commercial SMS to a registered number using an autodialer without consent violates the TCPA independently. The 2024 FCC one-to-one consent rule also applies to marketing texts.

How does a telemarketer register to access the national DNC registry?

Organizations register at donotcall.gov through the FTC's National Do Not Call Registry portal. Registration is annual. The first five area codes are free; each additional area code costs $79, capped at roughly $17,082 for all U.S. area codes. Each organization placing calls, or on whose behalf calls are placed, needs its own separate subscription.

Are political calls and charitable solicitations exempt from DNC rules?

Political calls aren't covered by the FTC's Telemarketing Sales Rule because they aren't commercial solicitations. Purely charitable solicitations by nonprofit organizations are also exempt from the national registry. However, a for-profit telemarketer hired to make charitable calls on behalf of a nonprofit is still subject to certain TSR requirements, including caller ID rules and call-time restrictions.

What happens if a telemarketer calls a cell phone using an autodialer without consent?

Under 47 USC 227(b)(1)(A), using an ATDS to call a wireless number without prior express consent is a standalone TCPA violation, separate from DNC registry status. Each call can expose the caller to $500 to $1,500 in statutory damages, and class action suits can aggregate those damages across thousands of affected consumers.

Can a small business be held liable for DNC violations made by an outsourced telemarketer?

Yes. Under the FTC's TSR, both the seller on whose behalf calls are made and the telemarketer making the calls are jointly liable for most violations. The FCC has also held sellers vicariously liable for their agents' TCPA violations under agency law principles. Outsourcing the dialing doesn't outsource the legal exposure.

What are the call-time restrictions under the DNC rules?

The TSR (16 CFR 310.4(c)) bans telemarketing calls before 8 a.m. or after 9 p.m. in the called party's local time zone. The consumer's local time governs, not the caller's. Several states impose stricter windows. Some state laws cut off calls at 8 p.m. or 8:30 p.m. State law governs when it's more restrictive.

Does the DNC registry apply to calls made to business phone numbers?

The national DNC registry and the TSR primarily cover residential subscribers, so pure B2B calls generally fall outside their scope. However, TCPA wireless number protections apply regardless of the call's business purpose if a cell phone is autodialed without consent. Some states extend DNC protections more broadly, and those state rules can apply even to business-to-business calls.

How often can a telemarketer call the same number in a given period?

The TSR doesn't set a specific maximum call frequency for numbers that are legally contactable. But repeated unwanted calls can support a harassment claim under state law, and calling the same person multiple times after they've asked you to stop is a clear TSR and FCC violation. Most compliance teams cap daily contact attempts at two to three per number.

The FCC's 2024 order (FCC 23-107), effective January 2025, requires prior express written consent for autodialed or prerecorded calls or texts to be obtained specifically for the seller who'll make the contact. A single shared consent covering multiple companies or lead buyers no longer satisfies the standard. Each seller in a lead-distribution chain needs its own individual consent from the consumer.

What disclosures must a telemarketer make at the start of a call?

Under 16 CFR 310.4(d), a telemarketer must promptly disclose the caller's name, the name of the company on whose behalf the call is made, and that the purpose is to sell goods or services (where applicable). For prerecorded messages, FCC rules require an automated interactive opt-out mechanism available throughout the message, not only at the end.

What records must a telemarketer keep to prove DNC compliance?

The TSR requires records to be kept for 24 months. FCC rules require company-specific DNC opt-out entries to be maintained for five years. In practice, a compliant operation keeps scrub dates and registry version records, timestamped opt-out logs, consent documentation for autodialed contacts, and call logs. These records are the first thing any enforcement authority or plaintiff attorney will request.

Sources

  1. FTC, Telemarketing Sales Rule (16 CFR Part 310): Core TSR requirements: 31-day scrub interval, EBR definitions (18 months/3 months), call-time restrictions (8am-9pm local), disclosure obligations, 24-month recordkeeping requirement, B2B exemption scope
  2. FTC, National Do Not Call Registry: Registry access fee: first five area codes free, $79 per additional area code, capped at approximately $17,082 for all U.S. area codes
  3. FCC, 47 CFR 64.1200 - Delivery restrictions (eCFR): FCC requirements for company-specific internal DNC lists, written policy, staff training, 30-day honor window, five-year retention for opt-out entries
  4. Supreme Court of the United States, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court narrowed ATDS definition: a system must use a random or sequential number generator to store or produce numbers to qualify as an automatic telephone dialing system under TCPA
  5. FTC, Legal Library (civil penalty inflation adjustments): FTC TSR maximum civil penalty of $51,744 per violation as of 2024 (adjusted annually for inflation under the Federal Civil Penalties Inflation Adjustment Act)
  6. National Conference of State Legislatures, State Do Not Call Laws: Multiple states including Florida, Indiana, Texas, and Washington have state-level DNC registries or enhanced telemarketing restrictions that layer on top of federal rules
  7. FTC, Cases and Proceedings: FTC has brought hundreds of enforcement actions since 2003; major settlements have ranged from hundreds of thousands to tens of millions of dollars
  8. Ninth Circuit Court of Appeals, Marks v. Crunch San Diego, LLC, 904 F.3d 1041 (9th Cir. 2018): Ninth Circuit confirmed TCPA protections extend to text messages sent to cell phones; SMS texts constitute 'calls' under 47 USC 227(b)

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit