How to respond to a TCPA demand letter without making it worse

Got a TCPA demand letter? Statutory damages run $500-$1,500 per call. Here's exactly how to respond without turning a nuisance claim into a class action.

LeadCompliant Team
25 min read
In This Article

Last updated 2026-07-09

Person reviewing a demand letter at a wooden desk in quiet afternoon office light
Person reviewing a demand letter at a wooden desk in quiet afternoon office light

TL;DR

A TCPA demand letter is not a lawsuit, but how you respond in the first 72 hours shapes everything that follows. Do not ignore it, do not admit liability in writing, and do not call the claimant back without counsel. Statutory damages are $500 per violation and up to $1,500 for willful violations under 47 U.S.C. § 227(b)(3), so even small call volumes can produce large exposure fast.

What is a TCPA demand letter, exactly?

A TCPA demand letter is a pre-litigation notice from a person (or their attorney) claiming you violated the Telephone Consumer Protection Act, 47 U.S.C. § 227 [1]. It is not a lawsuit. It is not a court filing. But it is a formal signal that the sender is either preparing to sue or fishing to see if you'll write a check to make them go away.

These letters typically allege one of a few things: you called or texted a number without prior express written consent, you called a number on the National Do Not Call Registry [2], you used an automatic telephone dialing system (ATDS) or an artificial or prerecorded voice, or you continued contacting someone after they asked to stop. Sometimes it's all four at once.

The letter usually demands a specific dollar amount. That number is often calculated at $1,500 per violation (the maximum for willful violations under the statute) multiplied by however many calls or texts the sender claims you made. Seeing $45,000 for thirty texts is not unusual. It looks scary on purpose.

Some demand letters come from professional TCPA plaintiffs and their serial-litigation attorneys. Others come from ordinary people who are genuinely upset. Your response strategy is slightly different depending on which you're dealing with, but the first-hour rules are the same for both.

What should you do in the first 24-48 hours after receiving the letter?

Stop all outreach to that phone number. Right now. Not after you finish reading this. Pull the number from every active list, queue, and campaign immediately. If you call or text that person again before you have counsel involved, you have just handed them additional violations to add to the damages calculation. Under 47 U.S.C. § 227(b)(3), each call or text is a separate violation [1]. That math compounds fast.

Next, do not respond by email, phone, or letter on your own. I know it feels natural to pick up the phone and explain the situation, or to fire off a quick email saying it was a mistake. Don't. Anything you say can be used to establish willfulness, which is the difference between $500 per call and $1,500 per call. One careless email can triple your exposure.

Then start pulling records immediately. Your calling or texting logs, the consent documentation you have (or don't have) for that specific number, any opt-out requests you received from that number, and your dialer or SMS platform's records. These records have a way of disappearing when people panic and start cleaning up, which creates a whole separate problem called spoliation of evidence. Preserve everything, even the bad stuff.

Finally, get a TCPA-experienced attorney on the phone. Not your general business lawyer who handles contracts. Someone who handles TCPA defense specifically. TCPA litigation shifted hard after the Supreme Court's 2021 decision in Facebook, Inc. v. Duguid [3], which narrowed the definition of an ATDS, and a good defense attorney will know how to use that and other recent developments.

How bad could the damages actually be?

The statute sets damages at $500 per violation for each call or text made in violation of the TCPA, with a court able to treble that to $1,500 per violation if it finds the conduct was willful or knowing [1]. There is no stated cap. A company that sent 10,000 texts without proper consent is looking at potential statutory exposure of $5 million to $15 million before attorneys' fees.

Real settlements give you a better sense of practical exposure. The Cash App TCPA class action settlement resulted in a $5 million fund. The Credit One Bank case that produced the Credit One TCPA settlement resulted in a $12.5 million settlement. These are class actions, which involve far more claimants than a single demand letter, but they show how statutory damages pile up when the same violation repeats across a large list.

For an individual demand letter with a single claimant, the realistic settlement range is often between $500 and $5,000, depending on how many calls or texts are alleged, the quality of your consent records, and the sophistication of the plaintiff's attorney. That range is not legal advice. It's a rough observation from public case data. Your specific situation could land outside that range in either direction.

The chart below shows how per-violation damages multiply across call volume under the statute's two damage tiers.

TCPA statutory damages by call volume Total exposure at $500/call (standard) vs $1,500/call (willful), per 47 U.S.C. § 227(b)(3) $5,000 10 calls, stand… $15k 10 calls, willf… $50k 100 calls, stan… $150k 100 calls, will… $500k 1,000 calls, st… $1.5M 1,000 calls, wi… Source: 47 U.S.C. § 227(b)(3), U.S. Congress

What documentation do you need to gather immediately?

Your defense, if you have one, lives in your records. Gather these as fast as possible.

Consent records for the specific phone number. Not a general consent policy document, not a sample of what your form looks like. The actual timestamped record showing that number opted in, including the IP address, the date and time, the specific disclosure language the person saw, and where on your website or third-party lead form the consent was captured. If you bought the lead from a vendor, you need that vendor's consent record, more than their assurance that they have one.

Call and text logs from your dialer or SMS platform showing every contact you made to that number. Include dates, times, and whether calls were answered, went to voicemail, or were not connected.

Any opt-out or stop requests from that number, and your records showing what happened after those requests. Under the TCPA, once someone tells you to stop, you stop [1]. If you have a record showing the opt-out was processed and honored, that is a meaningful defense for any subsequent contacts.

Your internal DNC scrub records. Did you check this number against the National Do Not Call Registry [2] before dialing? Your do not call list scrub logs are your proof. The FTC requires covered entities to scrub against the registry at least every 31 days [4].

If you used a third-party lead vendor, pull your contract with them and any indemnification clauses. Many demand letters target downstream callers who bought bad leads, and the vendor may share or bear liability.

What should your written response to the demand letter actually say?

This is where most small teams make serious mistakes, so be direct: your first written response should come from an attorney, not from you.

If you absolutely cannot retain counsel before some internal deadline and must acknowledge receipt, keep it to three sentences. Acknowledge you received the letter, state that you are reviewing it and will respond substantively, and give a reasonable timeframe (usually 14 to 21 days). Do not admit the calls happened. Do not admit the calls were made by you. Do not admit the number was dialed by an autodialer. Do not apologize. An apology reads as an admission in litigation.

When your attorney does respond substantively, the letter will typically do one of a few things: dispute the factual claims (the number was called with consent, the technology used does not qualify as an ATDS under Duguid [3], or the number was not on the DNC at the time of the call), dispute the legal theory, make a settlement offer, or some combination. What it will never do is volunteer information that the plaintiff's attorney did not already have.

Do not send internal documents, dialer records, or your consent evidence to the claimant or their attorney without counsel advising you to do so. In pre-litigation, you control what they know. Do not educate them about the strength of their own case.

One thing attorneys sometimes do well here is a quick pre-litigation investigation to find weaknesses in the claimant's story. Was the number ported? Did the claimant previously consent through a different channel? Has this specific attorney sent dozens of similar letters to companies in your industry? These facts matter and they take time to find.

What are the biggest mistakes companies make after receiving a TCPA demand letter?

Ignoring it. This is the most common and most expensive mistake. Demand letters have deadlines, sometimes artificial ones, but ignoring them signals either ignorance or arrogance. Either way, the plaintiff's attorney will simply file a lawsuit. A filed complaint is harder and more expensive to resolve than a pre-litigation demand. Some plaintiffs attorneys specifically wait to see if you respond before deciding whether to invest the time in filing.

Calling the claimant to explain yourself. I cannot say this plainly enough. Do not do this. Any call you make to that number after receiving the demand letter is a fresh TCPA violation and may also be viewed as witness tampering or harassment, depending on the content of the call.

Deleting records. The moment you receive a demand letter, you have a litigation hold obligation. Deleting call logs, consent records, or other relevant data after receiving notice of a potential claim is spoliation. Courts have sanctioned companies for this. The remedy can include adverse jury instructions, meaning the jury is told to assume the deleted records contained bad information.

Blaming the vendor publicly or in early correspondence. If a lead vendor sold you bad consent, that is relevant, but working that out is a contractual dispute between you and the vendor. Bringing it up in your early response to the claimant does not help your position with the claimant. It may actually confirm that the call happened.

Trying to settle too fast at too high a number. Some demand letters are fishing expeditions. A quick $5,000 check in response to a letter demanding $15,000, with no investigation and no pushback, can signal that you have something to hide and may invite more letters.

Can you settle a TCPA demand letter before a lawsuit is filed?

Yes, and most of the time pre-litigation settlement is the right outcome for both sides. The plaintiff avoids the risk and time of litigation. You avoid litigation costs and the risk of a court finding willfulness.

The practical mechanics are straightforward. Your attorney makes a settlement offer, the parties negotiate, and you end up with a confidential settlement agreement that typically includes a release of all claims related to the alleged contacts, a non-disparagement clause, and sometimes a confidentiality clause. You pay the agreed amount, you get the release, and the matter ends.

The amount you pay is highly fact-dependent. If your consent records are clean and the plaintiff's attorney knows it, your negotiating position is strong and the settlement number will be low. If you have no consent records and 47 calls to the number, your position is weak.

If the demand letter comes with a short deadline (some say "respond within 5 business days or we file"), take it seriously but not as a hard deadline. Courts do not punish defendants for taking two weeks to retain counsel and respond thoughtfully. Plaintiff's attorneys set tight deadlines as pressure tactics. Ask for an extension. Most will grant 14 to 21 days without objection because they do not want to spend the filing fee either.

For teams doing regular outbound sales or cold calling, the best outcome from a TCPA demand letter is a reasonable settlement combined with a real compliance audit of your calling and texting practices. Paying to make one letter go away while your dialer keeps running the same way means you'll get another letter.

What if the letter threatens a class action?

Take this more seriously than an individual claim. A class action demand means the attorney believes your alleged conduct was not isolated to one person but was part of a systematic practice affecting a class of similarly situated people. If that is true, your exposure is not $1,500. It is $1,500 multiplied by every person in the class.

The Class Action Fairness Act gives federal courts jurisdiction over class actions where aggregate damages exceed $5 million [5]. TCPA class actions almost always clear that threshold when large lists are involved, which is why they end up in federal court and attract experienced plaintiff class-action firms.

The good news is that class certification is not automatic. The plaintiff must satisfy the requirements of Federal Rule of Civil Procedure 23, including showing that there is a definable class, that common questions predominate, and that a class action is the superior method of adjudication [6]. Defendants win class certification battles more often than you might expect, especially post-Duguid [3], because proving that an ATDS was used systemically across a class is now harder.

The bad news is that even defending against class certification costs real money. A contested class certification motion in federal court can cost a defendant $200,000 or more in legal fees before you ever get to trial. Early settlement is often the rational choice, which is exactly why class action demand letters are structured to look terrifying.

If your letter threatens a class action, retain TCPA defense counsel immediately. This is not the moment to wait and see.

How do you fix your compliance process so this doesn't happen again?

A TCPA demand letter is painful. The upside is that it forces you to look at your compliance process while the stakes are still manageable.

Consent documentation is where most small outbound teams are weakest. If you are buying leads from third-party vendors, you need more than their verbal assurance that the leads are opted in. You need the specific consent language, the URL where it was disclosed, and a timestamped record tied to each individual lead. The FCC's 2023 one-to-one consent rule (effective January 2025) made this requirement more demanding, requiring that consent be obtained for a specific seller, not a broad category of callers [11].

For text message marketing, the bar is the same or higher. Express written consent is required before sending any marketing text to a cell phone. That means a clear disclosure in the opt-in language, not buried in terms of service.

Scrubbing against the National Do Not Call Registry is required at least every 31 days for covered entities, and you should also maintain your own internal suppression list for people who have asked not to be called [2]. The do not call telemarketer list rules apply to outbound cold call programs regardless of whether you have prior consent, because DNC and consent are separate requirements.

LeadCompliant's free compliance kit includes a consent documentation checklist and a pre-call scrub workflow you can adapt to your stack. Worth reviewing after any demand letter, because the process gaps that created one demand letter usually create the next one too.

Train your sales team. Most TCPA violations happen not because leadership intended them, but because a rep re-engaged a number that was already opted out, or a dialer was misconfigured, or a lead list was imported without a scrub step. Documented training is also relevant to the willfulness question: a company with written compliance training has a better argument that any violation was unintentional.

Does the TCPA apply to B2B calls and texts?

Mostly yes, with some nuance. The TCPA's restrictions on autodialed or prerecorded calls to mobile phones apply regardless of whether the recipient is a consumer or a business, because the statute protects phone numbers, not categories of people [1]. If you autodial a business owner's cell phone, the TCPA applies.

The National Do Not Call Registry rules under the FTC's Telemarketing Sales Rule are more consumer-oriented, but if a business owner registers their cell phone on the DNC, calling that number for commercial purposes still carries risk [4].

Where B2B calling gets more favorable treatment is in the established business relationship (EBR) exemption for landline calls, and in the practical reality that business-to-business autodialed calls to business landlines are generally not covered because those lines cannot receive texts and prerecorded calls to them are treated differently. But if your outbound program calls mobile numbers, assume the full TCPA framework applies and structure your consent and DNC practices accordingly.

The mobile phone do not call list question comes up constantly in outbound teams. There is no separate wireless DNC registry. The National DNC Registry covers all numbers, including mobile, so you scrub once against the same list.

What does a good TCPA compliance process look like before any demand letter arrives?

Prevention is cheaper than response. Here is what a working compliance process looks like for a small outbound team.

Consent first. Every number you call or text should have a documented consent record. If you cannot produce a timestamped record showing that specific number opted in with specific TCPA-compliant disclosure language, you should not call it. This is the single most valuable thing you can do.

Scrub every list against the National DNC Registry and your internal suppression list before every campaign. Not once when you buy the list. Before every campaign run [2][4]. Services that automate this exist and are cheap relative to the cost of a single settlement.

Honor opt-outs immediately. When someone texts STOP or tells a rep they do not want to be called, that number goes on your suppression list within the same business day. Many TCPA demand letters involve contacts made after an opt-out. That is a winnable case for plaintiffs because the timeline is usually documented in your own records.

Document your process. Written policies, training records, and system configuration logs all matter if you ever need to argue that a violation was not willful. "We had a policy but it was not followed" is a better position than "we had no policy."

LeadCompliant's free tools let you check numbers against the DNC registry and audit your consent process before a problem finds you. If you are running a regular cold calling program and you have not done a formal compliance review in the past six months, do one now. The cost is a few hours. The alternative costs considerably more.

Under its rules implementing the TCPA, the FCC has consistently held that the burden is on the caller to demonstrate that it obtained the necessary prior express consent [11]. You do not get to assume consent exists. You have to prove it.

Frequently asked questions

Do I have to respond to a TCPA demand letter?

There is no legal requirement to respond to a pre-litigation demand letter. But ignoring it almost always leads to a filed lawsuit, which is more expensive to defend than pre-litigation negotiation. A brief acknowledgment of receipt while you engage counsel is the minimum sensible response. Silence reads as either ignorance or an invitation to file.

How long do I have to respond to a TCPA demand letter?

Demand letters often set artificial deadlines of 5 to 14 days. These are not court-imposed deadlines. Courts do not penalize defendants for taking a reasonable time to retain counsel and respond. Asking for a 14 to 21 day extension is normal and usually granted. What matters is that you respond substantively within a reasonable window, not that you meet the plaintiff's self-imposed deadline.

What is the maximum penalty per call under the TCPA?

Under 47 U.S.C. § 227(b)(3), the statutory damages are $500 per violation. A court can increase that to $1,500 per violation if it finds the violation was willful or knowing. There is no stated cap. Each call or text is a separate violation, so damages accumulate with volume. Courts have entered judgments in the millions where call volumes were high.

Can I negotiate a TCPA demand letter without a lawyer?

Technically yes. Practically, it is risky. TCPA plaintiff attorneys negotiate these every day. They know what to ask for and they know what admissions to look for in your responses. Without counsel, you may inadvertently admit facts that increase your exposure or waive defenses you did not know you had. The cost of a few hours of TCPA defense counsel is almost always less than a poor settlement or an avoidable admission.

What happens if I accidentally contact the person again after receiving the demand letter?

Each additional contact is a new statutory violation, adding $500 to $1,500 to the damages calculation. It also strongly supports a finding of willfulness, which trebles the damages for prior violations. And depending on the content of the contact, it could be characterized as harassment or witness tampering. Stop all contact with that number the moment the letter arrives.

It is your primary defense for autodialed or prerecorded calls and texts to mobile phones. But the consent must be specific: it must identify you as the caller, include a clear disclosure that consent is not a condition of purchase, and be documented with a timestamp and the exact language displayed. General terms-of-service consent or consent given to a third party for "marketing partners" often fails. The FCC's 2023 one-to-one consent rule made third-party consent much harder to rely on.

What is the difference between a TCPA demand letter and a TCPA lawsuit?

A demand letter is pre-litigation: no court, no judge, no public filing. A lawsuit is a formal complaint filed in court, usually federal district court. Once a lawsuit is filed, you have a clock to respond (usually 21 days in federal court under FRCP Rule 12), litigation holds apply formally, discovery begins, and costs escalate sharply. Pre-litigation resolution is almost always faster and cheaper.

Can a TCPA claim be a class action even if the demand letter only mentions one person?

Yes. An individual plaintiff can bring a demand letter on their own behalf and then file a class action complaint alleging that your systematic conduct affected many people similarly. If your dialer called the same opt-out list repeatedly, or sent the same text blast without proper consent, one plaintiff can anchor a class. A demand letter threatening individual claims does not prevent a later class filing if the plaintiff decides to go that route.

What records should I preserve immediately after receiving a TCPA demand letter?

Preserve everything relevant to the claimant's number: your call and text logs, consent documentation, opt-out records, DNC scrub logs, dialer configuration records, lead vendor contracts, and any internal communications about that campaign. Do not delete, modify, or move these records. A litigation hold applies from the moment you receive a demand that plausibly signals litigation. Spoliation sanctions can include adverse jury instructions or default judgment.

Does the TCPA apply to text messages the same way it applies to phone calls?

Yes. The FCC ruled in 2003 that text messages are "calls" under the TCPA, and courts have consistently upheld that interpretation. Autodialed or prerecorded texts to mobile numbers without prior express written consent violate the statute the same way that calls do. Each text is a separate violation with the same $500 to $1,500 per-text damages exposure.

What does 'willful or knowing' mean for TCPA treble damages?

Courts apply this standard broadly. It does not require intent to violate the law. It generally means you knew you were making the calls or texts, even if you did not know they were illegal. Continuing to call a number after receiving an opt-out request, or after receiving a demand letter, almost always qualifies as willful. Good-faith efforts to comply, documented training, and prompt remediation can help argue against trebling.

Is there a statute of limitations on TCPA claims?

The TCPA has a four-year federal statute of limitations under 28 U.S.C. § 1658, which is the general federal statute of limitations. Some states that have their own mini-TCPA statutes may have different limitations periods. The four-year clock generally runs from the date of each alleged violation, meaning calls made in the past four years are within the window.

What role does the National Do Not Call Registry play in a TCPA demand letter?

Calls to numbers on the National DNC Registry violate both the TCPA and the FTC's Telemarketing Sales Rule. A demand letter citing DNC violations means the claimant's number was on the registry at the time of your call. The FTC requires covered callers to scrub against the registry at least every 31 days. If you did not scrub, or your scrub missed the number, that is a clean liability fact with minimal defense available.

Should I tell my lead vendor about the demand letter?

Tell your attorney first. Then, with counsel's guidance, notify the vendor if your contract includes an indemnification clause that requires notice. Many lead vendor agreements require prompt notice of claims related to the vendor's data as a condition of indemnification. Missing that notice window can waive your indemnification rights. Do not contact the vendor casually or by email before reviewing your contract and talking to counsel.

Sources

  1. U.S. Congress, Telephone Consumer Protection Act, 47 U.S.C. § 227: Statutory damages are $500 per TCPA violation, trebled to $1,500 for willful or knowing violations; each call or text is a separate violation
  2. FTC, National Do Not Call Registry: The National Do Not Call Registry covers all telephone numbers including mobile; telemarketers must scrub against it at least every 31 days
  3. U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): The Supreme Court narrowed the definition of an automatic telephone dialing system (ATDS) under the TCPA, requiring capacity to produce numbers using a random or sequential number generator
  4. FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: The FTC's Telemarketing Sales Rule requires covered entities to scrub against the National DNC Registry at least every 31 days
  5. U.S. Congress, Class Action Fairness Act, 28 U.S.C. § 1332(d): Federal courts have jurisdiction over class actions where aggregate damages exceed $5 million
  6. U.S. Courts, Federal Rules of Civil Procedure, Rule 23: Plaintiffs must satisfy Rule 23 requirements including predominance and superiority for class certification
  7. FTC, Complying with the Telemarketing Sales Rule: Telemarketers must maintain an internal do-not-call list and honor opt-out requests; violations of TSR can result in civil penalties up to $51,744 per violation
  8. U.S. Courts, 28 U.S.C. § 1658, General Federal Statute of Limitations: The TCPA has a four-year federal statute of limitations under 28 U.S.C. § 1658
  9. FCC, TCPA Rules, 47 C.F.R. § 64.1200: FCC rules implementing TCPA require prior express written consent for autodialed or prerecorded calls to mobile numbers and specify opt-out requirements; the burden is on the caller to demonstrate consent

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit