Last updated 2026-07-10

TL;DR
10DLC applications get rejected most often for four reasons: the brand EIN doesn't match registry records, the campaign use case reads too vague, the sample messages skip opt-out language, or the opt-in flow isn't described clearly. Most rejections are fixable in under a week once you know what reviewers actually look for. This guide covers every major rejection category with exact resubmission steps.
What is 10DLC and why does your campaign application get reviewed at all?
10DLC stands for 10-digit long code, the local-looking phone numbers businesses use to send application-to-person (A2P) SMS. Before 2021, anyone could blast texts from a regular 10-digit number with almost no vetting. The carriers, pushed by the industry group CTIA and coordinated through The Campaign Registry (TCR), ended that.
Now every business that wants to send A2P SMS at scale registers two things: a brand (your company identity) and a campaign (the specific message program). The Campaign Registry scores your brand automatically using data from credit bureau Dun & Bradstreet. Then a carrier like T-Mobile or AT&T reviews the campaign itself. [1]
This review exists because unvetted 10-digit numbers drove a huge share of spam complaints. TCR launched in 2021 partly to answer FCC pressure on carriers to filter unwanted texts. The legal backdrop is the TCPA, 47 U.S.C. § 227, which makes an unsolicited commercial text to a cell phone a statutory tort worth $500 to $1,500 per message. [2] Carriers are protecting themselves and their customers. The paperwork is a side effect.
Here's the shift that helps: the reviewers are hunting for evidence that real consumers actually asked for your messages. Once you get that, you write every section of the application differently.
What are the most common reasons a 10DLC brand registration gets rejected?
Brand registration is step one, and it fails more often than people expect. The brand step is mostly automated. TCR pings Dun & Bradstreet for your EIN, pulls your business name, address, and industry code, and returns a brand trust score between 0 and 100. A low score restricts your daily message throughput. An outright brand failure usually traces to one of these.
EIN or legal name mismatch. The single most common brand rejection. If your TCR submission says "Acme Sales LLC" but your IRS EIN registration says "Acme Sales Group LLC", the system flags the discrepancy. Fix: pull your IRS CP-575 confirmation letter, then resubmit with the exact legal name on file. [3]
Using a foreign EIN or non-US tax ID. TCR requires a US EIN for standard brand registration. Canadian or UK entities need to either obtain a US EIN for their US operations or register under a special reseller path. Small teams skip this step and then wonder why their Canadian parent company's registration keeps bouncing.
Sole proprietor edge cases. Sole proprietors without a formal EIN can register using an SSN-based identity, but the trust score will almost always land very low, often under 10. That caps you at roughly 1,000 messages per day. If you're doing any real volume, form an LLC and get an EIN before registering. It's 30 minutes on the IRS website.
Unverifiable business website. Some carriers cross-check your domain. A single landing page with no privacy policy, no business address, and no description of what you do can stall or fail the brand review. Put a real privacy policy on your domain before you register. It protects you under TCPA consent rules anyway.
Wrong vertical or industry selection. Picking "Financial" when you sell real estate, or "Healthcare" when you run a gym, creates a mismatch that triggers manual review. Choose the vertical that matches your primary NAICS code.
What are the most common reasons a 10DLC campaign gets rejected?
Campaign rejections are more granular than brand rejections. They come from carrier-level human reviewers as well as automated checks. Here are the failure modes, roughly in order of how often they show up.
Vague or mismatched use case. "Marketing" is not a use case. Reviewers want to know three things: who you're texting, what you're saying, and why they asked for it. An application that says "We send promotional messages to customers" fails. One that says "We send appointment reminders to clients who opted in via our scheduling form at example.com/book" passes. Be specific.
Sample messages that don't match the use case. Select "Appointment Reminders" but attach discount promotions as your samples, and that's a mismatch. Reviewers read the samples. They should show what you'll actually send.
Missing opt-out language in sample messages. Every sample message needs an opt-out mechanism. "Reply STOP to unsubscribe" or similar is required by CTIA guidelines, which carriers enforce as part of 10DLC approval. [4] This is the fastest rejection to fix. Add the opt-out language and resubmit.
Missing opt-in flow description. The campaign form asks how subscribers opted in. "They gave us their number" doesn't cut it. Reviewers want the actual mechanism: a web form URL, a paper sign-up at a physical location, a keyword opt-in (text JOIN to 12345), or written consent at point of sale. If you can't describe a real opt-in flow, you have a compliance problem bigger than the registry. The TCPA requires prior express written consent for marketing texts, and that consent has to be documented. [2]
Embedded links that go to parked or suspicious domains. A shortened URL, a domain that doesn't resolve, or anything that reads like a phishing site fails the application. Use your actual business domain. Skip the URL shorteners if you can.
Forbidden content categories. Cannabis, firearms, payday lending, gambling (in most states), and certain other categories are blocked from standard 10DLC campaigns by carrier policy, regardless of state law. Even if your business is legal everywhere you operate, standard 10DLC is off-limits for these verticals. Some carriers offer special-use paths, but it's a completely different registration process.
Affiliate or lead generation campaigns described too loosely. Lead gen draws the heaviest scrutiny. If you're texting leads from a third-party list, describe exactly how consent was obtained, by whom, and what was disclosed at opt-in. "We purchased a contact list" is an automatic failure, and a TCPA lawsuit waiting to happen regardless of the registry result. [5]
| Rejection Reason | Fix Required | Typical Resolution Time |
|---|---|---|
| EIN / legal name mismatch | Match exact name from IRS records | 1-3 days |
| Missing opt-out in sample messages | Add "Reply STOP to unsubscribe" | Same day |
| Vague use case description | Rewrite with specific audience and trigger | 1-2 days |
| Opt-in flow not described | Document actual consent mechanism | 2-5 days |
| Sample messages mismatch use case | Rewrite samples to match use case | Same day |
| Suspicious or broken embedded link | Replace with real business domain | Same day |
| Forbidden content vertical | Apply for special carrier exception path | 2-6 weeks |
| Low brand trust score | Verify EIN, add DUNS, escalate to TCR | 1-2 weeks |
How do you read the rejection reason you actually received?
Rejections reach you through your connectivity partner, the Campaign Service Provider (CSP) you registered with, such as Twilio, Bandwidth, or Sinch. The message format varies by carrier. T-Mobile tends to give specific coded reasons. AT&T runs terse.
Common T-Mobile rejection codes include REJECTED_CONTAINS_URL (a link in your sample messages tripped a filter), REJECTED_OPT_IN_NOT_DESCRIBED, and REJECTED_CONTENT_MISMATCH. AT&T uses a scoring rubric and may just return a low score rather than a named code.
Here's the practical move. When you get a rejection from your CSP, contact their support and ask for the raw carrier rejection reason, not the summary the dashboard shows. The raw message usually names the exact field that failed. CSPs like Twilio publish their own 10DLC error code glossaries, so search for the exact code you received. [6]
If the reason is genuinely ambiguous, rewrite your opt-in description and sample messages anyway. Those two fields cause the majority of campaign-level rejections. You risk almost nothing by improving them, even if they weren't the specific cause.
How do you write an opt-in description that passes carrier review?
This is the field most teams botch. Here's a formula that works.
Start with the channel where consent is collected: "Subscribers opt in via a web form at [yourdomain.com/contact]." Then quote what the form says: "The form includes a checkbox stating: 'By checking this box, you agree to receive text messages from [Company Name] about [specific topic]. Message and data rates may apply. Text STOP to cancel.'" Then describe what happens next: "After form submission, the subscriber receives a confirmation text with a double opt-in link before any marketing messages are sent."
That's it. It's specific, it names the exact disclosure language, and it shows the reviewer that real informed consent happened. If your opt-in is in person (point of sale, paper form, verbal consent with written follow-up), describe that exact process the same way.
One thing to avoid: claiming web form opt-in when you're buying lists or scraping LinkedIn. Reviewers have seen every version of this. And if you're texting people who never opted in, a 10DLC rejection is the least of it. You're courting a TCPA class action. Cases like the Cash App TCPA class action settlement show how expensive unconsented commercial texts get.
How do you write sample messages that don't trigger a rejection?
Carriers want 2-3 sample messages that represent what you'll actually send. Here's what each one needs.
First, identify the sender: "Hi, this is Sarah from Acme Roofing." At minimum, the brand name appears somewhere in the text. Second, match your declared use case. If you said appointment reminders, the message references an appointment. Third, opt-out language. "Reply STOP to unsubscribe" is the standard. Some carriers also want "Msg & data rates may apply" in at least one sample, especially for marketing campaigns.
What kills sample messages: a URL from a generic shortener (bit.ly trips filters on some carriers), excessive ALL CAPS, spam-trigger phrases like "You've been selected" or "Claim your prize", and samples that are obviously bare templates with [FIRST NAME] placeholders and no real content around them.
Write the samples as if you're showing a real message you'd send to a real customer. That's the right mental model. The reviewer is asking one question: would a person who asked to hear from this company find this message reasonable? If yes, you're probably fine.
Does your business website affect 10DLC approval?
Yes, more than people realize. Carriers and TCR's automated systems check that your registered website is live, has content matching your declared vertical, and contains a privacy policy that mentions SMS.
A privacy policy that says "We may use your information for marketing purposes" without mentioning text messages is borderline. A policy with a line like "If you opt in to receive SMS messages from us, you can reply STOP at any time to unsubscribe" is far stronger. It signals to reviewers that you've thought about TCPA compliance.
Your site should also list a physical business address and a way to reach you. A page with just a contact form, no address, and no privacy policy reads like a temporary operation, which raises spam flags.
This holds for text message marketing programs of any size. Text a few hundred customers or a few million, the registration infrastructure demands the same baseline website legitimacy.
What happens after you fix your application and resubmit?
Resubmission timelines depend on your CSP and the carrier. Most campaign reviews take 1-5 business days after resubmission. T-Mobile has historically been the slower carrier for 10DLC reviews. AT&T sometimes moves faster. [6]
A few practical notes. You typically can't resubmit the same application unchanged. The system rejects it again for the same reason. Make the specific fix first, then resubmit. Some CSPs require a brand-new campaign record rather than an edit to the existing one, depending on how deep into the rejection state it went.
Rejected twice for the same issue? You probably didn't fix the right thing. Go back to the raw carrier rejection code. If you can't interpret it, call your CSP's support line instead of using chat. For complex cases involving forbidden verticals or disputed brand scores, some CSPs have a compliance team that can advocate for your registration with the carrier directly. Ask whether that's an option before giving up.
For an outbound sales team, a stalled 10DLC registration means your SMS channel is dead until it clears. Many teams fall back to toll-free numbers during the wait. Toll-free SMS has its own verification process through the toll-free registry but often approves faster for straightforward use cases. [7]
How does 10DLC rejection affect your TCPA exposure?
A rejected 10DLC registration doesn't automatically create TCPA liability. The TCPA is a federal statute (47 U.S.C. § 227) that governs consent, not carrier registration status. [2] In theory you can send texts from a non-registered number and stay TCPA-compliant if you hold proper written consent. And you can have flawless 10DLC registration and still violate the TCPA by texting people who never opted in.
Still, the two connect in a practical way. The 10DLC process forces you to document your consent flow. That documentation is exactly what defends a TCPA claim. Teams that get rejected for a missing opt-in description often turn out to have no documented consent at all, which is the real legal risk.
Building consent documentation now pays twice. The same records you use for 10DLC (screenshots of opt-in forms, database timestamps of consent, copies of confirmation texts) are what a plaintiff's attorney demands in discovery if you ever face a TCPA suit. Settlements in TCPA SMS cases routinely run into six and seven figures. [8]
The TCPA requires prior express written consent for marketing texts sent to cell phones using an ATDS or prerecorded voice. The FCC reads "automatic telephone dialing system" broadly, though courts still disagree on the exact scope after Facebook v. Duguid (2021). For practical purposes, treat any text platform as an ATDS and get real documented consent. [9]
What if your brand trust score is too low to send at the volume you need?
The brand trust score (TCR documentation calls it the "brand vetting score") runs from 0 to 100. A score above roughly 75 opens the highest daily message limits on standard campaigns. A low score, under 50 and sometimes as low as 10 for sole proprietors, throttles your throughput hard. [1]
You have a few options. First, appeal the score through TCR's manual review process. That means submitting more documentation: articles of incorporation, EIN confirmation letters, business bank statements, or similar proof you're a real operating company. The appeal takes 1-2 weeks and carries an extra vetting fee (around $40-$45 as of 2024, though fees change, so check TCR's current schedule). [1]
Second, add a DUNS number. Dun & Bradstreet assigns a DUNS number to businesses in its database. Getting one is free but can take a few weeks. A DUNS on file tends to raise brand trust scores because it feeds TCR's automated check more data. [12]
Third, for very high-volume senders, weigh whether a short code fits the use case better. Short codes (5-6 digit numbers) run through a separate carrier approval process and handle much higher throughput, but they cost $500-$1,000 per month and take 8-12 weeks to provision. [10]
LeadCompliant's free TCPA toolkit includes a consent documentation checklist that maps directly to what 10DLC reviewers and plaintiff attorneys both want to see. Worth running through before you resubmit.
Are there use cases that will always be rejected on standard 10DLC?
Yes. Carriers keep a list of prohibited content types that no clever application writing will fix. These are blocked at the carrier policy level, not the TCR level, so the rejection usually arrives from T-Mobile or AT&T rather than TCR.
Prohibited on standard 10DLC across major US carriers: cannabis and marijuana (even where state-legal), firearms and ammunition sales, tobacco and vaping products, payday lending and short-term high-interest loans, gambling (with some state-specific exceptions that require special agreements), explicit adult content, and multi-level marketing programs in some cases.
For these categories, the path is either a short code with a specific carrier use case agreement, or accepting that SMS isn't the right outbound channel for your business. Some brands in restricted categories have made toll-free numbers and heavy manual review work, but it isn't reliable.
If your business sits in a clean vertical but your messaging could read like a restricted one (financial services language that sounds like payday lending, wellness language that sounds like cannabis), rewrite your samples and use case description to draw a clear line around your actual product.
How can outbound sales teams stay compliant while waiting for 10DLC approval?
If your 10DLC campaign is under review or bounced back for resubmission, your compliant options for outbound SMS narrow.
Toll-free numbers with toll-free verification (TFV) are the most common interim path. Approval is typically shorter than 10DLC for simple use cases, though carriers have ramped scrutiny of toll-free registrations as some senders tried to dodge 10DLC through them. [7]
P2P (person-to-person) texting tools that genuinely require a human to send each message sit in a different regulatory category and don't require 10DLC registration. They're not practical for real volume.
For teams that lean on phone calls, the do not call list and cold calling rules still apply no matter what your SMS channel is doing. A paused SMS program doesn't excuse dialing people on the National DNC Registry. Scrub your lists against the DNC before you dial. [11]
The best use of a registration delay is fixing the plumbing: documenting your opt-in flows, adding proper disclosures to your web forms, and building the timestamp-based consent records you'll need for both 10DLC approval and TCPA defense. None of that requires an active campaign registration.
What does the 10DLC registration process cost, and what fees apply to rejected applications?
Brand registration through TCR costs a one-time fee, typically $4 in 2024, though your CSP may pass it through at cost or mark it up. Campaign registration costs vary by use case: standard campaigns run around $10-$15 per campaign per month, with some CSPs adding a setup fee. Special and mixed-use campaigns can cost more. [1]
Rejection fees are where teams get surprised. If your campaign fails carrier review, some CSPs charge a new campaign registration fee for each resubmission, and some carriers charge their own review fees. Per-rejection cost usually lands at $10-$25. Submit sloppily and get rejected over and over, and it adds up fast. The bigger cost is the revenue you lose while the SMS channel sits dark.
The brand vetting appeal fee runs around $40-$45 but has changed before. Check TCR's current published rate when you apply. [1]
Set SMS compliance costs against TCPA lawsuit exposure and the math isn't close. Average TCPA class action settlements have run into the millions in recent years. [8] Spending a few hundred dollars to get your 10DLC application right the first time, and to put proper consent documentation in place, isn't optional for any business that runs on text messaging.
Frequently asked questions
How long does 10DLC campaign approval take after resubmission?
Most resubmissions get reviewed within 1 to 5 business days. T-Mobile tends to run slower than AT&T. If you're past 7 business days with no update, contact your CSP's support team and ask them to ping the carrier for a status check. Some CSPs have carrier escalation paths for stalled reviews. Don't wait two weeks passively.
Can I send texts while my 10DLC campaign is under review or rejected?
Technically yes, but unregistered A2P traffic on 10-digit numbers gets filtered heavily by every major carrier and may be blocked entirely on T-Mobile, which enforces the hardest. Beyond the deliverability problem, texting without a compliant opt-in flow creates TCPA exposure. The pragmatic answer: use a toll-free number with toll-free verification as an interim path if you must text.
Does every business need 10DLC registration, even for just a few texts?
Any business sending A2P (automated or bulk) SMS from a 10-digit local number needs 10DLC registration under carrier requirements. If you're manually texting from your personal phone on a personal plan, different rules apply. But any software platform sending texts on your behalf uses A2P, which requires registration. The threshold is whether sending is automated or platform-driven, not the volume.
What opt-out language is required in SMS messages under 10DLC rules?
CTIA guidelines, which carriers enforce through 10DLC policies, require that subscribers can reply STOP (or similar) to opt out, and that the opt-out works within a reasonable time. Your sample messages must include opt-out language. "Reply STOP to unsubscribe. Msg & data rates may apply." is the standard form. The exact wording can vary slightly, but the mechanism has to be present and functional.
What is a brand trust score and how is it calculated?
The brand trust score is a 0-to-100 score assigned by The Campaign Registry using data from Dun & Bradstreet. It weighs your D&B profile, EIN verification status, industry type, and other firmographic data. Higher scores open higher daily message throughput limits. Sole proprietors typically score very low. Adding a DUNS number and submitting for manual vetting can raise a low score.
What happens if I pick the wrong use case category for my campaign?
A mismatched use case is one of the most common rejection reasons. Select "Appointment Reminders" but send promotions, or select "Customer Care" but send cold outreach, and reviewers flag the gap between your declared use case and your sample messages. You'll need to either change the use case category or rewrite your samples to reflect the actual messages you send.
Do I need a privacy policy on my website to pass 10DLC review?
Effectively yes. Carriers and TCR cross-check your registered domain. A site with no privacy policy raises spam risk flags. Your privacy policy should mention SMS specifically, state what data you collect, explain how to opt out, and include a business address. This is also required under various state privacy laws and supports your TCPA consent defense.
Can I register a 10DLC campaign for cold outreach to leads I purchased?
No. Purchased lead lists, scraped contacts, and third-party data without documented consent can't be used for A2P SMS campaigns under 10DLC rules. And texting purchased contacts without prior express written consent violates the TCPA regardless of registry status. If you're doing outbound to purchased lists, cold calling with proper DNC scrubbing is the lawful channel, not SMS.
What is the difference between 10DLC, toll-free SMS, and short codes?
10DLC uses standard 10-digit local numbers with carrier-level registration. Toll-free SMS uses 800-series numbers with toll-free verification. Short codes are 5-6 digit numbers with full carrier approval. Short codes handle the highest throughput and the cleanest delivery but cost $500-$1,000 per month and take 8-12 weeks to provision. 10DLC fits most mid-size business SMS programs.
How do I appeal a low brand trust score?
Submit a manual vetting request through TCR or your CSP. You'll need supporting documents: IRS EIN confirmation letter, articles of incorporation, business bank statements, or similar proof of a legitimate operating business. The appeal fee is around $40-$45. Processing takes 1-2 weeks. Getting a DUNS number from Dun & Bradstreet before appealing gives the review more data to work with.
Will my 10DLC campaign be rejected if my sample messages include a URL?
Not automatically, but the URL has to point to a real, functioning business domain. Generic URL shorteners like bit.ly trip spam filters on some carriers. Branded shorteners tied to your own domain are safer. Parked domains, broken links, or URLs that redirect to suspicious pages cause rejection. Use your actual business website URL in sample messages whenever you can.
What records should I keep to prove TCPA consent for my SMS list?
Keep a timestamped log of each opt-in event that captures the contact's phone number, the date and time of opt-in, the URL or mechanism where consent was given, the exact disclosure language shown, and the IP address if it was a web form. Store these records for at least 4 years to cover the TCPA's statute of limitations. These same records are what 10DLC reviewers want described in your opt-in flow section.
Is there a way to check my 10DLC application status before a rejection happens?
Most CSPs have a dashboard showing campaign status: Pending, Approved, or Rejected. Some show intermediate states like Under Carrier Review. T-Mobile is known for returning status updates within a few days. If your campaign has sat in pending for more than 7 business days without any update, contact your CSP. Some carriers process in batches, and a stuck review sometimes just needs a manual poke.
Sources
- The Campaign Registry (TCR), official TCR website: Brand registration, campaign registration fees, brand vetting scores (0-100), and appeal fee information from the central 10DLC registration body
- Cornell Law School LII, 47 U.S.C. § 227 (TCPA): TCPA statute text establishing $500-$1,500 per-violation damages and prior express written consent requirement for marketing texts to cell phones
- IRS, Business and Self-Employed Tax Center: IRS as the source of record for EIN and legal business name, needed to resolve brand registration name mismatches
- Twilio, A2P 10DLC guidelines and SMS documentation: CSP-level documentation of 10DLC carrier rejection codes and campaign review timelines
- Bandwidth, Toll-Free Verification for SMS: Toll-free SMS verification as an alternative registration path to 10DLC with different approval timelines
- WebRecon LLC, TCPA and FDCPA litigation statistics: TCPA class action settlements routinely reaching six and seven figures, cited as basis for compliance cost comparison
- Supreme Court of the United States, Facebook, Inc. v. Duguid (2021): Supreme Court decision narrowing the definition of an automatic telephone dialing system under the TCPA
- FTC, National Do Not Call Registry: National DNC Registry requirements for outbound callers, applicable regardless of SMS channel status
- Dun & Bradstreet, DUNS Number Registration: Free DUNS number registration from D&B, which TCR uses as a data source for brand trust score calculation