How to spot a TCPA troll number before it enters your list

TCPA troll numbers can cost $500, $1,500 per call. Learn the real signals, scrubbing tools, and list hygiene steps that keep them off your dialing list.

LeadCompliant Team
25 min read
In This Article

Last updated 2026-07-09

Hands holding a smartphone over a printed list of phone numbers on a desk
Hands holding a smartphone over a printed list of phone numbers on a desk

TL;DR

A TCPA troll number belongs to a serial litigant who signs up for marketing lists on purpose, so they can collect statutory damages of $500 to $1,500 per unwanted call or text under 47 U.S.C. § 227. Screen for them by cross-referencing litigant databases, checking number type and reassignment history, and validating consent records before you dial.

What is a TCPA troll number, exactly?

A TCPA troll number is a phone number held by someone who gives it to you so they can receive calls or texts and sue over them. They never wanted your product. The person on the other end may be a professional plaintiff, a plaintiff's attorney testing your compliance, or someone who knows the statute well enough to weaponize it.

The Telephone Consumer Protection Act, 47 U.S.C. § 227, creates a private right of action worth $500 per violation and up to $1,500 for willful or knowing violations [1]. There is no cap on how many claims one person can file. A litigant who receives 50 autodialed texts can sue for $25,000 to $75,000 before a single dollar of attorney fees. That math is the whole business model.

The Federal Communications Commission has documented serial filers in multiple proceedings. In its 2023 declaratory ruling on one-to-one consent, the FCC named consent farms, lead generators, and bad-faith opt-ins as drivers of TCPA abuse [2]. Troll numbers are the demand-side version of the same problem.

Not every litigant acts in bad faith, and the law exists for real reasons. People do get harassed by unwanted calls. But there is a documented population of repeat filers who cycle through hundreds of suits, and courts have started to notice. In Stoops v. Wells Fargo Bank, the district court found that a plaintiff who owned 35 cell phones for the express purpose of receiving wrong-number calls lacked Article III standing because she suffered no concrete injury [3]. That outcome is encouraging. It also took Wells Fargo years of litigation to reach. You want to stop the number before it ever enters your system.

How do troll numbers actually end up on marketing lists?

Know the entry points and you can build the filter. Troll numbers reach your list four ways.

The first is organic opt-in fraud. The person visits your web form, enters a real phone number, checks the consent box, and submits. Your system logs a valid consent record. You call. They sue. This is the favorite vector for sophisticated litigants because it hands them the exact paper trail you'll rely on in your defense, and they'll argue your autodialer or the message content invalidated that consent anyway.

The second is purchased or rented lead lists. You buy 10,000 "pre-qualified" contacts from a vendor. A small slice of those numbers belong to people who sell their data straight to lead aggregators because they know the calls will come. The vendor's consent chain is often thin or outright fabricated, which leaves you exposed even when you did everything right.

The third is reassigned numbers. A number that once belonged to a consenting person gets recycled by the carrier and handed to someone new. You call the new holder, who never consented. Under TCPA precedent, that call can still generate liability even though you acted in good faith [4]. Some new holders learn they can collect on these calls and keep the number precisely because it attracts them.

The fourth is honeypot registrations. Certain plaintiff's firms and individual litigants seed numbers into aggregators, comparison sites, and lead capture pages, knowing those numbers get sold downstream. By the time you dial, the litigation machinery is already built.

Each vector has its own countermeasure. You need all of them running at once.

What signals identify a troll number before you dial?

No single signal is proof. A cluster of red flags is reason enough to suppress the number.

Litigation history databases. Several compliance vendors keep lists of phone numbers tied to known TCPA plaintiffs and their attorneys, compiled from public court filings. A number that shows up in five federal TCPA complaints is a signal. The databases are imperfect because litigants rotate numbers, but they catch the most active serial filers.

Number type mismatch. Your lead form says the person is a homeowner in Ohio, but the number comes back as a VoIP line registered to a Nevada address. That gap earns a second look. VoIP numbers are cheap to buy in bulk and easy to rotate, which makes them popular with litigants cycling through campaigns.

Consent velocity. If one IP address submitted five different phone numbers to your form in an hour, at least one of those is not a real prospect. Watch the submission metadata: IP address, device fingerprint, time between page load and form submit, browser type. Bots and litigants both look different from real buyers in these numbers.

Number age and reassignment. A number ported or reassigned in the last 30 days is higher risk than one stable for years. The FCC's safe harbor under 47 U.S.C. § 227(b)(1) protects callers with no actual or constructive knowledge of reassignment, but you have to run the check to claim that protection [4].

Attorney-associated numbers. Some plaintiff's firms have their own numbers surface in the litigation databases. A quick check against PACER or a screening service flags this.

No answer, then an immediate demand letter. A number that never picks up and then produces a demand letter within days of your outbound attempt was set up to capture calls, not answer them. This one is retrospective, not preventive. It still tells you something real about your current list hygiene.

TCPA troll numbers: key exposure figures Statutory and settlement benchmarks for outbound teams $500 Statutory damages per viola… (standard) $1,500 Statutory damages per viola… (willful) $5M Cash App TCPA class action settlement $9M Credit One Bank TCPA settlement Source: 47 U.S.C. § 227 (citations 1, 3, 8); published settlement records

What databases and tools can you use to screen troll numbers?

There are three categories of tools, and you probably need at least one from each.

Litigation screening databases. Vendors like Contact Center Compliance, DNC.com, and several boutique TCPA firms maintain phone number databases cross-referenced against federal court filings. Prices vary a lot. A per-record lookup runs a few cents per number for high-volume buyers, and subscription plans for smaller teams typically start in the low hundreds of dollars per month. None of them are complete, because PACER data lags and some cases settle before they're fully indexed. The major serial litigants still show up fast.

The FCC's Reassigned Numbers Database. The FCC launched the Reassigned Numbers Database (RND) in 2021 under 47 C.F.R. § 64.1200(a)(1)(iv) [2]. Carriers report number disconnections to it. You query a number with a consent date, and the database tells you whether that number was reassigned after your consent was collected. The FCC set up a safe harbor for callers who query the RND and get a "no reassignment" response before calling [2]. As of mid-2024 the RND covers most U.S. wireline and wireless numbers, though MVNO coverage has been uneven.

Real-time number validation APIs. Services like Twilio Lookup, Numverify, and IPQS return number type (mobile, landline, VoIP), carrier, and sometimes a fraud risk score. These are not TCPA-specific tools, but they're fast and cheap (usually under $0.01 per lookup), and they catch the VoIP flag and carrier mismatch problems above.

LeadCompliant's free number checker pulls several of these signals into a single query, which helps for spot-checking individual numbers before a campaign. For bulk scrubbing of large purchased lists, you want an API integration, not a manual tool.

The honest truth: no tool catches everything. A litigation database updated six months ago won't show a plaintiff who filed their first case last week. Layering tools lowers your risk. It does not zero it out.

How does the FCC Reassigned Numbers Database work and does it actually help?

The Reassigned Numbers Database was created by FCC order in 2018 and went live for commercial queries in 2021 [10]. Its statutory basis is the FCC's authority to set caller protections under 47 U.S.C. § 227. The idea is simple. Before you call a number for which you collected consent at some earlier point, you query the RND with the number and the consent date. The database gives you one of three answers: "Yes" (reassigned after your consent date), "No" (not reassigned), or "No Data" (the carrier didn't report anything usable).

A "No" response gives you a safe harbor. If the person on the line later claims they never consented, you point to the RND query as evidence of reasonable diligence. The FCC's rule protects a caller who queries the database, gets a "No" response, and later reaches a number that turns out to have been reassigned [10]. That is real protection.

The limits are real too. "No Data" returns give you no safe harbor. MVNO customers, prepaid numbers, and some ported numbers have historically had lower coverage. And the RND only solves the reassignment problem. It does nothing about a number that has always belonged to a serial litigant who handed it to you willingly.

Access runs through a small set of approved database administrators. The FCC sets pricing on a cost-recovery basis, so it isn't free, but it usually runs fractions of a cent per query at scale. Current administrator and pricing details live on the FCC's site [10].

Even if a troll number slips past your screening, a strong consent record is your best defense. Courts have dismissed TCPA claims when defendants produced clear, timestamped evidence of prior express written consent. What that record needs to hold is not a mystery.

The FCC's 2012 rule amendment, effective October 2013, defined "prior express written consent" to require a written agreement (electronic is fine), a clear and conspicuous disclosure that the person authorizes autodialed or prerecorded calls, the specific number to be called, and no condition that makes consent a prerequisite to buying a product or service [5]. That last element trips up a lot of marketers. If you require a phone number to complete a purchase and that number is automatically enrolled in a marketing list, the consent is likely invalid.

The 2024 one-to-one consent rules (effective January 2025, then stayed and revisited in later FCC proceedings) moved the FCC toward requiring consent for one seller at a time instead of blanket consent to multiple marketers on a single disclosure [2]. Even with the stay, build one-to-one consent records now. Courts can still hold multi-marketer consent to a higher scrutiny standard under the general "clear and conspicuous" requirement.

A troll-resistant consent record holds the exact phone number submitted, the timestamp and IP address of the submission, a screenshot or server log of the consent disclosure as the user saw it, the specific language of that disclosure (more than a policy URL), and a confirmation of what the person opted into. Store these for at least four years, the outer edge of the TCPA statute of limitations.

For how cold calling compliance looks at the record level, and how text message marketing consent differs from voice, read those alongside this one.

Should you check the National DNC Registry as part of troll screening?

The National Do Not Call Registry and TCPA troll screening are related but different problems. The do not call list protects residential numbers from telemarketing calls whether or not the holder is litigious. The troll problem is about people who actively set up to receive calls so they can sue, which is the opposite of someone who wants to be left alone.

DNC scrubbing is a prerequisite, not an alternative. A number that sits on the DNC registry and belongs to a serial litigant creates two separate violations: one under the FCC's DNC rules (47 C.F.R. § 64.1200(c)) and one under the autodialer or prerecorded call rules [1]. Each carries its own $500 to $1,500 exposure. You can learn how to get the do not call list for your scrubbing process, and you should treat DNC compliance as a layer that runs before troll screening.

Some compliance teams also keep internal suppression lists of numbers that previously demanded removal or sent cease-and-desist letters. Those numbers belong on a permanent do-not-contact list no matter what the DNC registry says. A troll who sends you a revocation-of-consent letter and then gets another call from you has a far stronger willfulness argument.

The mobile phone do not call list rules are worth understanding on their own, because mobile numbers carry extra TCPA exposure under the autodialer provisions even when the call isn't traditional telemarketing.

What does TCPA troll litigation actually cost defendants?

Statutory damages under 47 U.S.C. § 227(b)(3) are $500 per violation for negligent violations and $1,500 per violation for willful or knowing ones [1]. Each call or text is a separate violation. A campaign that fires 100 texts to a troll number before the cease-and-desist lands creates $50,000 to $150,000 of exposure before attorney fees.

Class actions are the scarier scenario. If the troll can find others who received the same message without adequate consent, the class exposure scales to millions. The cash app TCPA class action settlement and the credit one TCPA settlement show what that scale looks like. Cash App settled a TCPA class action for $5 million. Credit One Bank paid $9 million to resolve a TCPA class action over autodialed calls.

Individual troll cases usually settle for far less, often $5,000 to $30,000 per plaintiff. The defense cost can equal or beat the settlement even when the case is weak. A 2021 analysis from the U.S. Chamber Institute for Legal Reform found TCPA litigation drives large aggregate defense costs each year, though that figure is dominated by class actions against big defendants [6]. For a small outbound team, even one letter from a known TCPA attorney is worth taking seriously.

Courts do scrutinize serial litigants. In Stoops v. Wells Fargo, the court found no standing where the plaintiff owned dozens of phones just to attract litigation [3]. Getting to that outcome still costs litigation, discovery, and legal fees.

What is a list hygiene workflow that filters troll numbers at scale?

Here is the sequence I'd actually run for a small outbound team, in the order the checks should fire. You don't need every layer on day one. Every layer you skip is a gap you're choosing to accept.

Step 1: Validate at the point of capture. If you collect leads through web forms, use a real-time phone validation API to reject disconnected, VoIP-only, or obviously fake numbers before they hit your CRM. This alone kills a big share of bad submissions.

Step 2: Check the FCC Reassigned Numbers Database. Query the RND for every number against its consent date before the first dial. Log the result. "No reassignment" gives you the safe harbor. "Yes" means suppress the number now.

Step 3: Scrub against the National DNC Registry. Required by law no more than 31 days before you call a residential number for telemarketing [7]. Table stakes, not a troll-specific step, but it runs here in the sequence.

Step 4: Run litigation screening. Pass your list through a TCPA litigant database. Suppress any match. Flag numbers tied to known plaintiff's attorneys for manual review instead of automatic suppression, because sometimes the attorney's own number appears in the data and that differs from their client's number.

Step 5: Score VoIP flags and IP mismatches. For lists from opt-in forms, pull the submission metadata. Flag records where the IP is a known proxy or VPN, where time-on-page before submit was under five seconds, or where the number type is VoIP and the stated location doesn't match the number's registration.

Step 6: Keep a permanent internal suppression list. Every number that sends a cease-and-desist, revokes consent in writing, or generates a demand letter goes on this list and never comes off. Review it before every launch.

LeadCompliant's compliance kit includes a pre-built suppression list template and a checklist for each step, which saves setup time if this is your first pass.

For the actual cold call workflow and the disclosures you need before you dial, that's a separate process layer that runs after list hygiene is done.

Can you sue a TCPA troll back, or get a case dismissed?

You have options. None of them are fast or cheap.

The standing argument (Stoops v. Wells Fargo [3]) is the strongest legal weapon against a serial litigant who manufactured their own harm by stockpiling phones to attract calls. The Supreme Court's 2021 ruling in TransUnion LLC v. Ramirez reinforced that TCPA plaintiffs must show a concrete, particularized injury, not a bare statutory violation [8]. Courts in several circuits have since applied that reasoning to dismiss TCPA claims where the plaintiff's own conduct erased any real injury. This is a litigation defense, not a pre-call screen, but knowing it exists shapes how you document your files.

Some defense attorneys pursue counter-claims for abuse of process or malicious prosecution where bad-faith intent is provable. These win rarely. They shift the litigation economics enough that some serial filers walk away from smaller defendants.

The more practical move is documentation. A clean consent record, a logged RND query, a DNC scrub certificate, and a timestamped opt-in with IP metadata put you in a far better negotiating position. Most TCPA demand letters bet you'll settle fast because you can't find your records. Produce the complete file within 48 hours of a demand and the settlement value drops sharply.

What you cannot do is ignore a demand letter. The statute of limitations is four years under 28 U.S.C. § 1658, and ignoring a demand does not stop the clock. Get counsel involved when you receive a formal demand, even if your compliance feels solid.

Are there specific industries or call types that attract more troll numbers?

Certain business models draw outsized troll attention, partly from call volume and partly from consent complexity.

Debt collection has long been the highest-exposure category, because of high call volume, hard-to-trace consent chains, and the emotional weight of the calls. The CFPB's Regulation F interacts with TCPA in ways that add exposure for debt collectors [9].

Mortgage and insurance lead generation is another hot zone, specifically because of the multi-step consent chains that run from lead form to aggregator to buyer. Each step is a place the consent record can break, and the call volumes are high enough to make individual troll numbers worth targeting.

Real estate cold calling, especially FSBO and expired listings, is a known troll target because dialers here have been aggressive about calling mobile numbers, which carry the maximum TCPA exposure. The do not call telemarketer list rules matter a lot here.

Solar and home services lead gen took a wave of TCPA suits in the 2020s as those industries scaled digital lead acquisition fast without matching investment in consent infrastructure. The FCC's one-to-one consent rule, complicated implementation history and all, aimed squarely at the lead gen practices common in those industries [2].

If your business lands in any of these buckets, the baseline list hygiene steps above are the floor. Get legal review of your consent disclosures at least once a year, because the standard has moved enough in the last five years that a disclosure defensible in 2019 may not hold today.

Frequently asked questions

What is a TCPA troll number?

A TCPA troll number is a phone number held by a person whose goal is to receive autodialed or prerecorded calls or texts so they can claim statutory damages of $500 to $1,500 per violation under 47 U.S.C. § 227. They may submit their number to your lead form voluntarily, or it may arrive on a purchased list. The marker is intent: they never planned to buy, they planned to sue.

How do I know if a phone number belongs to a serial TCPA litigant?

The most reliable method is running the number through a TCPA litigation screening database, which indexes federal court filings by phone number. A number appearing in multiple TCPA suits is a strong signal. Secondary signals include VoIP registration, mismatched location data, and consent submissions with very fast form-fill times or proxy IP addresses. No single signal is definitive. Look for clusters.

Does the FCC Reassigned Numbers Database help catch troll numbers?

It helps with one specific type: numbers reassigned to a new holder after your consent was collected. Querying the database before each call and getting a "No" response gives you a formal safe harbor under 47 C.F.R. § 64.1200(a)(1)(iv). It does nothing about numbers that have always belonged to a serial litigant who willingly handed you their number.

Can I get a TCPA case dismissed if the plaintiff is a known troll?

Possibly. Courts in cases like Stoops v. Wells Fargo Bank have dismissed TCPA claims where the plaintiff's own conduct, such as buying dozens of phones to attract calls, erased any concrete injury. The Supreme Court's 2021 TransUnion ruling reinforced the Article III standing requirement. Getting there requires litigation, discovery, and legal fees, which is why pre-call screening beats a litigation defense.

How much does a TCPA troll lawsuit actually cost to defend?

Individual plaintiff cases often settle in the $5,000 to $30,000 range, but your own defense costs can match or beat that figure even when you win. Willful violations trigger $1,500 per call or text, with no cap on the number of claims. Class actions over the same campaign can reach seven figures. The Cash App TCPA class action settled for $5 million, and Credit One Bank paid $9 million.

What metadata should I collect at opt-in to defend against troll claims?

Collect and store the exact phone number submitted, the timestamp, the IP address, the device or browser fingerprint, the time between page load and form submission, a server-side screenshot of the consent disclosure as the user saw it, and the exact disclosure language. Keep all of it for at least four years, the outer edge of the TCPA statute of limitations under 28 U.S.C. § 1658.

Do I need to scrub the DNC list and troll databases separately?

Yes. They address different risks. The National Do Not Call Registry identifies numbers whose holders want no telemarketing contact. TCPA troll databases identify numbers tied to people who actively seek calls to litigate. A number can appear in one, both, or neither. DNC scrubbing is legally required every 31 days for telemarketing. Troll screening is risk management layered on top of that legal floor.

How often should I run troll number screening on my list?

Run it before every new campaign launch, and re-screen any aged list you haven't touched in 90 or more days. Litigant databases update as new cases get filed, so a number clean in January may surface in April. For high-volume teams sending texts or calls weekly, monthly re-screening is a reasonable minimum. For purchased or rented lists, screen before first use no matter how recently the vendor claims it was cleaned.

Are VoIP numbers automatically higher risk for TCPA purposes?

Not automatically, but they are a useful signal. VoIP numbers are cheap to acquire in bulk, easy to route, and easy to rotate, which makes them attractive to sophisticated litigants. A VoIP number submitted from a residential lead form deserves a closer look, especially if the carrier's registered location doesn't match the stated contact address. VoIP alone is not proof of fraud. Combined with other flags, it means something.

What happens if a number was reassigned after I collected consent and I didn't know?

Under the TCPA, you can still face liability for calling a reassigned number even without knowledge, because the new holder never consented. The FCC's Reassigned Numbers Database safe harbor protects you only if you queried the database, received a "No" response, and then the call turned out to reach a reassigned number anyway. Without the query, good faith alone is generally not a defense.

Can a plaintiff's attorney put their own number on my list to catch violations?

It has happened, and it's a known litigation tactic. Some plaintiff's firms submit numbers to lead forms to test the consent and disclosure process. Their injury claims are disputed when they initiated the contact themselves, but defending those cases still costs money. Your best protection is a clean consent record showing exactly what was disclosed and agreed to, plus metadata proving the submission came from a specific device and IP.

Is there a free way to check if a number is a troll number?

Partially. You can search PACER (the federal court filing system) for a phone number to see if it appears in TCPA complaints. That's free but slow and incomplete. The FCC Reassigned Numbers Database charges a cost-recovery fee. Litigation screening vendors charge by volume. Free number validation APIs catch VoIP flags and carrier data but don't cross-reference court filings. A layered free-plus-paid approach is more realistic than any single free tool.

The FCC's one-to-one consent requirement, issued in 2023 with a planned 2025 effective date, requires that written consent for autodialed marketing calls name a single seller rather than allowing blanket consent to multiple companies. Its implementation has been legally contested, but building one-to-one consent records now cuts the chance a troll can argue your blanket-consent disclosure was insufficient. Courts can still scrutinize multi-marketer consent under existing "clear and conspicuous" standards.

Sources

  1. U.S. Code, 47 U.S.C. § 227, Telephone Consumer Protection Act (Cornell Legal Information Institute): TCPA statutory damages are $500 per violation, trebled to $1,500 for willful or knowing violations, with no cap on the number of individual claims
  2. Code of Federal Regulations, 47 C.F.R. § 64.1200 (eCFR), Reassigned Numbers Database safe harbor and consent rules: FCC established the Reassigned Numbers Database safe harbor under 47 C.F.R. § 64.1200(a)(1)(iv) and issued one-to-one consent rules in 2023
  3. Stoops v. Wells Fargo Bank, N.A., W.D. Pa. 2016, No. 15-1073 (Justia): District court dismissed TCPA claim where plaintiff owned 35 cell phones for the purpose of attracting calls to litigate, finding no concrete injury and no Article III standing
  4. Code of Federal Regulations, 47 C.F.R. § 64.1200 (eCFR), reassigned number and prior consent provisions: FCC rules address reassigned number liability and the limits of good-faith reliance on prior consent when a number changes hands
  5. Code of Federal Regulations, 47 C.F.R. § 64.1200 (eCFR), prior express written consent definition (2012 rule, effective October 2013): The 2012 FCC rule effective October 2013 defined prior express written consent to require specific disclosure, the number to be called, and no conditioning of consent on a purchase
  6. U.S. Chamber Institute for Legal Reform, TCPA litigation analysis: ILR analysis found TCPA litigation drives large aggregate defense costs annually, dominated by class actions against larger defendants
  7. FTC, National Do Not Call Registry, 16 C.F.R. § 310.4(b)(1)(iii)(B): Sellers must scrub against the National DNC Registry no more than 31 days before calling a residential number for telemarketing purposes
  8. TransUnion LLC v. Ramirez, 594 U.S. 413 (2021), U.S. Supreme Court: Supreme Court held that Article III standing requires a concrete, particularized injury; a bare statutory violation without actual harm is insufficient, a ruling applied to TCPA cases in multiple circuits
  9. CFPB, Regulation F, Debt Collection Practices, 12 C.F.R. § 1006: CFPB Regulation F governs debt collector contact rules and interacts with TCPA compliance requirements for call frequency and consent
  10. Code of Federal Regulations, 47 C.F.R. § 64.1200 (eCFR), Reassigned Numbers Database access and safe harbor: The FCC's Reassigned Numbers Database went live for commercial queries in 2021 and provides carriers' reported number disconnection data to callers seeking safe harbor

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit