Last updated 2026-07-10

TL;DR
A compliant 10DLC CTA must include your business name, a clear description of message types, estimated frequency, a STOP opt-out instruction, a HELP command, and a disclosure that message and data rates may apply. Verbal opt-ins are allowed under TCPA, but marketing texts need a written confirmation step and a full audit trail. Carriers reject campaigns missing any of these elements.
What is a compliant CTA for 10DLC SMS registration?
A CTA (call to action) in 10DLC registration is the exact language a consumer sees or hears at the moment they agree to receive texts from you. The carriers (AT&T, T-Mobile, Verizon) and The Campaign Registry (TCR) read your sample CTA when they vet your campaign. Miss a required element and your campaign gets rejected, or it lands in a low-throughput tier where your messages crawl out at a trickle.
Six elements belong in every compliant 10DLC CTA: [1]
1. Your business name (so the consumer knows exactly who is texting) 2. A description of the message types they will receive (e.g., "appointment reminders and promotional offers") 3. Estimated message frequency (e.g., "up to 4 msgs/month") 4. A STOP opt-out instruction ("Reply STOP to unsubscribe") 5. A HELP command ("Reply HELP for help") 6. The message-and-data-rates disclosure ("Msg & data rates may apply")
Those last three are the "standard opt-out/opt-in language" in CTIA guidelines. Some carriers scan for them automatically. A human reviewer can also flag a campaign if the CTA is vague or buried in fine print no reasonable person would notice. [2]
The legal floor comes from 47 U.S.C. § 227, the Telephone Consumer Protection Act, which requires "prior express written consent" for marketing texts sent via an autodialer or pre-recorded voice. The FCC reads that to mean consent must be clear and conspicuous, not hidden. [3] CTIA's Messaging Principles and Best Practices sit on top of that with the specific disclosure language carriers enforce at the network level.
What exactly does a verbal opt-in mean for 10DLC, and is it allowed?
A verbal opt-in happens when a consumer says "yes" out loud, usually on a recorded phone call, to receive text messages from your company. TCPA does not ban verbal consent. The real questions are what kind of consent it creates and whether it clears the bar for marketing texts versus transactional texts.
For informational or transactional messages (appointment confirmations, shipping alerts, one-time passwords), the TCPA asks only for "prior express consent," which the FCC has long accepted as verbal. [3] The 2012 TCPA Order says that "prior express consent can be oral or written depending on the type of call." [4]
Marketing texts raise the bar. The FCC's 2012 order tightened the standard to "prior express written consent" for autodialed or prerecorded marketing calls and texts. A spoken "yes" alone does not carry a promotional campaign. [4]
Here is where teams trip. Verbal opt-in is fine as a first step, even for marketing. What you cannot do is fire off the first marketing text on nothing but a spoken "yes" with no written record. The compliant workflow: collect verbal agreement on the call, send a written opt-in confirmation text, and start the marketing sequence only after the consumer confirms (or at minimum does not reply STOP). [2]
During 10DLC registration, you describe your opt-in method in the campaign form. Pick "verbal" and note the written confirmation step too. Campaigns that claim verbal opt-in with no corroborating confirmation mechanism draw extra scrutiny from some carriers.
What are the exact 10DLC CTA requirements carriers check during registration?
TCR and the carrier review teams look at three things: your opt-in type, your sample message, and your CTA language. The CTA requirements break down like this. [1][2]
Opt-in type options in TCR: Website form, paper form, verbal, mobile QR code, interactive text (keyword), or third-party/lead source. You pick one primary type. You can note others in the description field.
Sample message review: You submit one or two sample messages to show what you will actually send. Those samples must match the use case you registered. A campaign registered as "customer care" that shows a promotional sample fails.
CTA language review: The reviewer checks that your CTA clearly names who is messaging, spells out what they will receive, and includes all six disclosure elements above.
Things that get a campaign rejected or filtered at the CTA stage: [2]
- Missing STOP / HELP / msg-rate language
- CTA that says only "text us" with no frequency or content description
- Business name absent from the opt-in language
- Consent language that bundles SMS opt-in into a broader terms-of-service agreement without calling it out separately (the FCC's 2012 order forbids this for marketing consent) [4]
- Affiliate or lead-gen language implying one consent form covers many sellers (the "comparison shopping website" consent problem the FCC addressed in its January 2025 one-to-one consent rule) [5]
Table: 10DLC CTA required elements by message type
| Required Element | Transactional / Informational | Marketing / Promotional |
|---|---|---|
| Business name | Yes | Yes |
| Message type description | Yes | Yes |
| Frequency estimate | Recommended | Required |
| STOP opt-out instruction | Yes | Yes |
| HELP command | Yes | Yes |
| Msg & data rates may apply | Yes | Yes |
| Written consent record | No (verbal OK) | Yes (written confirmation step) |
| Separate standalone consent | No | Yes (cannot be buried in T&Cs) |
What does a compliant written CTA look like? Real examples you can adapt
Below are word-for-word templates. Swap the brackets for your actual business info before using them. They follow CTIA best practices and FCC consent requirements. They are not legal advice, and your counsel should review before deployment.
Website opt-in form checkbox CTA (marketing):
"By checking this box, I agree to receive recurring promotional text messages from [Business Name] at the number provided. Message frequency varies. Reply STOP to opt out, HELP for help. Msg & data rates may apply. View our [Privacy Policy] and [Terms]."
Keyword CTA for 10DLC (placed on a flyer or landing page):
"Text JOIN to [10-digit number] to receive [up to 4] promotional offers and updates per month from [Business Name]. Reply STOP to cancel, HELP for help. Msg & data rates may apply."
Point-of-sale paper form CTA:
"I agree to receive text messages from [Business Name] including [appointment reminders and special offers] at the mobile number above. Messages sent [up to 2 times/month]. Reply STOP to opt out. Reply HELP for assistance. Standard msg & data rates may apply."
A couple of details make or break these. The consent language belongs next to the phone number field, not three pages away in the terms. The FCC's 2015 TCPA Declaratory Ruling said consent must be "clear and conspicuous." [6] Put the disclosure above or right below the submit button, in the same font size as the surrounding text, and you clear that standard. Shrink it to gray 8-point type and you are asking for trouble.
See SMS opt-in form: what it must say and how to build one for a deeper look at form design and field placement.
What does a compliant verbal opt-in script look like for outbound calls?
A verbal opt-in for 10DLC registered SMS campaigns has two jobs: capture real informed consent on the call, and leave a documentary record you can produce in litigation. Here is a script to build from.
Outbound call verbal opt-in script (marketing SMS):
"Before I let you go, [Business Name] would like to send you [promotional offers / appointment reminders / account updates] by text message. We would send around [X] messages per month. Standard message and data rates may apply. You can reply STOP at any time to stop receiving messages, or HELP for assistance. Do you agree to receive these text messages from us at the number you are calling from today?"
If the consumer says yes, the agent should:
1. Note the consent in the CRM record with timestamp, call recording ID, and agent ID. 2. Send a written confirmation text within minutes that restates the key terms: "[Business Name]: You're signed up for [message type], [frequency]. Msg & data rates may apply. Reply STOP to cancel, HELP for help." 3. Treat non-reply (no STOP back) as confirmation. Keep the recording.
Why the confirmation text matters legally. Courts put the burden on the sender to prove consent. In Satterfield v. Simon & Schuster (9th Cir. 2009), the court looked for evidence the consumer understood what they were agreeing to. A timestamped confirmation text the consumer never disputed is far stronger evidence than a call recording alone. [7]
For transactional-only campaigns (no promotional content), a verbal yes plus a CRM note is enough, though a confirmation text is still the safer habit.
Cross-reference this against the sms opt in overview, which covers consent mechanics across channels.
How do you document verbal opt-ins for a 10DLC audit or lawsuit defense?
Documentation is the difference between a dismissed case and a $500-to-$1,500-per-text judgment. TCPA statutory damages are $500 per negligent violation and $1,500 per willful violation, with no cap on class size. [3] A sloppy verbal opt-in program can create class exposure in the millions if the defendant cannot show individual consent records.
The minimum records to keep for each verbal opt-in: [3][7]
- Consumer's mobile number
- Date and time of the verbal consent
- Call recording file ID or a reference to where the recording is stored
- Agent ID or name who took the consent
- CRM entry or database record showing the opt-in was logged before the first text went out
- Confirmation text sent and timestamp
- Any STOP requests and the date they were processed (honor within 10 business days under CTIA guidelines, immediately as a best practice) [2]
Retention period: The FTC's Telemarketing Sales Rule requires records for 24 months. [8] TCPA plaintiffs have four years to sue under 28 U.S.C. § 1658, and some courts apply a longer state limitations period. [13] Keep records for at least four years, longer if your state allows a longer window.
One practical tip nobody follows consistently: store opt-in records in a system separate from your sending platform. Switch SMS providers and you have to carry the consent records with you. Consent is portable. The data lives in your system of record, not in Twilio's database or anyone else's.
The tcpa sms compliance guide goes deeper on record-keeping obligations under the TCPA and FCC implementing rules.
What changed with the FCC's 2024 one-to-one consent rule and how does it affect 10DLC opt-ins?
The FCC adopted a one-to-one consent rule in December 2023, effective January 27, 2025, that directly hits lead-gen and affiliate-driven SMS programs. The rule says a single consent form cannot cover multiple, unrelated sellers. [5]
In plain English: buy leads from a comparison shopping site or a lead aggregator whose form says something like "I agree to be contacted by our partners," and that consent is dead for your SMS campaign. You need to be named specifically, or the consumer needs to opt in to you directly.
That lands hard on 10DLC registration. Pick "third-party / lead source" as your opt-in method and TCR or the carriers may ask for documentation showing the consent was one-to-one. Campaigns built on pooled or shared consent carry the highest rejection and filtering risk from here on.
The FCC order text says "consumers must separately consent to each seller." [5] That is a direct quote, not a paraphrase. There is no grandfather clause for existing lead lists collected under the old one-to-many model.
Small outbound teams buying aged leads or internet-sourced leads should audit their consent chain now. If the opt-in form named a list of partners rather than your company, you need fresh opt-ins before texting those numbers.
For more on recent FCC changes, see tcpa news today and lead generation compliance news.
How do 10DLC use cases affect which CTA language is acceptable?
The Campaign Registry defines a list of approved use cases, and the CTA language you submit must match the use case you pick. Mismatches are a common reason campaigns get rejected or throttled. [1]
Here is how the major use cases map to CTA language constraints:
Marketing (standard use case): Requires the full six-element CTA. The sample message must be promotional. Consent must be clear and separate from general terms.
Customer care / conversational: CTA can be simpler, but you still need STOP/HELP/rates disclosure. Sample message must reflect support, not selling.
Notifications / alerts: Can use a lighter CTA. Business name, message type, and opt-out instruction are required. Frequency language is recommended.
Two-factor authentication / OTP: Minimal CTA required. Usually a website consent checkbox or in-app permission. No promotional content allowed in messages.
Mixed / multiple: Must satisfy the most restrictive requirements across all content types included. In practice, treat it as a marketing campaign for CTA purposes.
Political: High scrutiny. Carrier policies vary. Some require pre-approval beyond standard 10DLC registration.
The practical advice: unsure which use case fits, register at the more restrictive level. Downgrading a campaign later is possible but slow, and your throughput was probably throttled in the meantime. Upgrading from a weaker use case to marketing after carriers have already flagged your messages is harder than starting correctly.
For teams on platforms like Twilio, the use case surfaces during campaign registration in their console. See Twilio TCPA compliance: what you actually need to do for platform-specific steps.
What common 10DLC CTA mistakes get campaigns rejected or sued?
The mistakes that show up most in carrier rejections and TCPA complaints are not exotic. They are basic omissions and shortcuts teams take when moving fast.
Missing the business name in the opt-in language. The consumer needs to know who is texting before they agree. "Receive updates from our team" identifies nobody. Courts and carriers both flag this.
Bundling SMS consent into terms of service. An opt-in buried in a 4,000-word terms-of-service checkbox is not clear and conspicuous. The FCC's 2015 declaratory ruling addressed this head on. [6] The consent language must stand alone or get its own separate checkbox.
No frequency estimate. "You may receive messages occasionally" is not a frequency estimate. Carriers want a number. "Up to 4 messages per month" works. Vague language raises your odds of a filtering flag.
Verbal yes with no confirmation text. Sending marketing messages on a spoken agreement with no written record creates a gap plaintiffs love. The confirmation text closes that gap for under a penny per contact.
Not honoring STOP within 10 business days. CTIA guidelines say within 10 business days, and most carriers expect immediate processing. [2] One message after a STOP is a violation. At $500 minimum per text, a broken opt-out workflow on a list of 5,000 people is $2.5 million of exposure.
Reusing consent for different companies. After January 2025, shared or pooled consent from lead-gen sources is not valid for individual senders. [5]
For how these mistakes turn into actual lawsuits, the tcpa overview covers major case outcomes and FCC enforcement actions.
How should small outbound teams build a 10DLC-compliant opt-in process from scratch?
Starting fresh? Here is the sequence that keeps you compliant without overbuilding.
Step 1: Pick your opt-in channel and draft the CTA. Most small teams use a web form, a verbal-plus-confirmation flow for inbound calls, or a keyword campaign. Draft the CTA language from the templates above before you register your 10DLC campaign, because you paste it straight into the registration form.
Step 2: Register your brand and campaign in TCR. Brand registration is a one-time $4 fee. Campaign registration fees vary by carrier but typically run $10 to $15 per campaign per month. [9] If you use a messaging platform like Twilio, the platform files the TCR registration on your behalf, but you still supply the CTA language.
Step 3: Connect your consent record system. Every opt-in event has to write a record to your CRM or database before the contact enters any sending queue. Build this as a hard requirement, not a nice-to-have.
Step 4: Test STOP and HELP handling. Send a test message to your own number. Reply STOP. Confirm the number is suppressed and gets nothing else. Reply HELP. Confirm the system sends back your business name and contact info.
Step 5: Audit sample messages against your use case. Pull five random messages from your campaign and compare them to the use case you registered. If any are promotional and you registered as customer care, fix the campaign type first.
LeadCompliant's free TCPA compliance tools include a consent language checker that flags missing CTA elements before you submit your 10DLC registration. It takes about two minutes and saves the back-and-forth with the carrier review team.
For sector-specific needs, see real estate text message marketing and sample text message marketing for restaurants for a high-volume consumer context.
Also worth reading: opt-in SMS marketing: the complete compliance guide and text message marketing best practices: the compliance-first guide.
What penalties apply if your 10DLC CTA is non-compliant?
Non-compliance opens two separate risk tracks: carrier enforcement and legal liability.
Carrier enforcement moves fast and stays quiet. Fail the CTA review and your campaign gets rejected outright or dumped into a lower throughput tier. AT&T, T-Mobile, and Verizon can also filter your messages if they detect opt-out language is missing from the messages themselves or if complaint rates spike. Filtering means your texts simply do not arrive, with no error back to you. You pay for sends that never land. [10]
TCPA legal liability is where the money is. The statute provides $500 per violation for negligent violations and $1,500 per violation for willful violations. [3] No statutory cap on class size. Median TCPA class action settlements in recent years have run in the $5 million range, though outcomes swing wildly with list size, message volume, and whether the defendant can produce consent records.
FCC enforcement is less common against private businesses than class-action litigation, but the agency has issued multi-million dollar fines against carriers and large senders in egregious cases. [11]
State attorneys general can bring claims too. Florida (Florida Telephone Solicitation Act), Texas, and California each carry their own requirements that stack on top of federal TCPA rules. [12]
The math is blunt. A $10-a-month campaign registration fee and 10 minutes on the CTA language is far cheaper insurance than one TCPA class action. Nobody has good data on average settlement costs for small-team cases specifically, but the TCPA bar is well-organized and plaintiffs' firms work on contingency, so any unconsented list of meaningful size is a target worth suing.
For a full breakdown of exposure and defenses, see tcpa sms compliance.
Where does the one-time compliance kit fit and what should it include?
A compliance kit is a documented set of templates, checklists, and process records you keep as evidence of a good-faith compliance program. Courts and the FCC both weigh whether a defendant had a program in place when they judge willfulness.
At minimum, a 10DLC compliance kit holds:
- Your approved CTA language for each active campaign (a copy of what you submitted to TCR)
- Signed or timestamped records of each opt-in method
- Your verbal opt-in call script with version history
- A record of your STOP/HELP testing results
- Your data retention policy (how long records are kept and where)
- A suppression list maintenance log
- Your opt-out processing timeline (how fast STOP requests are honored)
LeadCompliant's one-time compliance kit is built around these elements and includes pre-populated templates you fill in once. It is not a substitute for legal review. It creates the paper trail that matters most in early-stage litigation, when defendants are trying to get cases dismissed before discovery.
This article is educational and does not constitute legal advice. Consult a qualified TCPA attorney before deploying any SMS marketing program, especially if you use purchased or third-party leads.
Frequently asked questions
Can I use a verbal opt-in for 10DLC SMS campaigns?
Yes, verbal opt-in is allowed, but marketing texts need a written confirmation step after the verbal agreement. The FCC's 2012 TCPA Order requires prior express written consent for autodialed or prerecorded marketing messages. A verbal yes on a call followed immediately by a written confirmation text, which the consumer does not opt out of, satisfies that in most cases. Keep the call recording and CRM timestamp.
What is the minimum language required in a 10DLC CTA?
Your CTA must include your business name, a description of the message types sent, an estimated message frequency, a STOP opt-out instruction, a HELP command, and a disclosure that message and data rates may apply. These six elements are required by CTIA's Messaging Principles and enforced by carriers during 10DLC campaign registration review.
How do I submit a verbal opt-in as my opt-in method in TCR?
In The Campaign Registry, select 'verbal' as your opt-in type. In the CTA description field, explain your process: verbal consent collected on a recorded outbound call, followed by a written confirmation text sent before the first marketing message. Some carriers ask for a sample of the verbal script during review. Include the confirmation text language in your sample messages.
Does the FCC's 2025 one-to-one consent rule affect 10DLC CTA requirements?
Yes. Starting January 27, 2025, a single consent form cannot cover multiple unrelated sellers. If your leads came from a comparison site or lead aggregator whose form named a list of partners rather than your company, that consent is no longer valid for your SMS campaign. You need consent that names your business directly. This affects the opt-in method you declare during 10DLC registration.
What happens if my 10DLC CTA is rejected by the carrier?
Your campaign is either rejected outright or placed in a low-throughput tier that limits how many messages per second you can send. You update the CTA language, resubmit, and wait for re-review. Turnaround varies by carrier but typically runs several business days. Repeated rejections can flag your brand registration for extra scrutiny.
Do I need a separate opt-in for each 10DLC campaign I register?
You need a CTA that accurately describes each campaign's content. If you run two distinct campaigns (say, appointment reminders and promotional offers), the safest move is a CTA that names both, or two separate opt-in moments. You cannot register a campaign as 'customer care' and send promotional content under it, even if the consumer consented to both in the same form.
How long do I need to keep verbal opt-in records for TCPA compliance?
The FTC's Telemarketing Sales Rule requires two years of records. TCPA plaintiffs have four years to sue under 28 U.S.C. § 1658, and some states allow longer windows. The practical standard is four years minimum. Records should include the call recording ID, timestamp, agent ID, CRM entry, and confirmation text log. Store them somewhere you control, more than in your SMS platform.
Is a STOP instruction inside the text message enough, or does it also need to be in the opt-in CTA?
Both. CTIA guidelines require the STOP opt-out instruction in the CTA at the point of consent and in your message content (at minimum in the first message and periodically after). The opt-in CTA establishes that the consumer knew they could opt out. The message-level STOP instruction is the ongoing reminder. Omit either and you create a compliance gap.
Can I collect verbal opt-in consent through an IVR system instead of a live agent?
Yes, IVR-collected consent is valid if the IVR script reads the full disclosure: business name, message types, frequency, STOP/HELP instructions, and rates disclosure. The IVR must record the consumer's keypress or voice confirmation with a timestamp. Send the written confirmation text right after. Document the IVR version number in your compliance kit so you can produce the exact script played if challenged.
What TCPA penalties apply if I text someone without a compliant opt-in?
The TCPA provides $500 per violation for negligent violations and $1,500 per violation for willful violations under 47 U.S.C. § 227. There is no statutory cap, so class actions on large lists can produce exposure in the millions. Courts consistently hold that the sender bears the burden of proving consent, so the absence of a documented opt-in is effectively treated as no consent.
Does a web form checkbox satisfy 10DLC written consent requirements for marketing texts?
Yes, if the checkbox language includes all six required elements (business name, message description, frequency, STOP, HELP, rates disclosure) and the checkbox is separate from a general terms-of-service agreement. The FCC's 2015 declaratory ruling requires consent to be clear and conspicuous. The checkbox must be unchecked by default. Pre-checked boxes do not satisfy consent requirements.
How quickly must I honor a STOP request from a 10DLC-registered campaign?
CTIA guidelines say within 10 business days, but the industry standard and best practice is immediate, meaning the next send cycle after the STOP arrives. Sending any message to a number after it has sent STOP is a TCPA violation. For automated campaigns, build suppression into the queue logic, not as an after-the-fact manual cleanup step.
Do B2B text messages require the same 10DLC CTA disclosures as B2C?
10DLC registration requirements are the same whether your audience is B2B or B2C. The TCPA's applicability to B2B is less settled in case law, particularly for texts to business lines, but most carriers apply the same CTA standards during registration. If you text personal mobile numbers of business contacts (which is common), full TCPA and CTIA compliance applies.
What is the cost to register a 10DLC campaign, and how does that relate to compliance?
Brand registration is a one-time $4 fee. Campaign registration costs roughly $10 to $15 per campaign per month, paid to the carriers through your messaging provider. These fees fund the vetting that includes the CTA review. Non-standard use cases or low-trust brands may pay higher fees or face extra review steps. The registration fee alone does not guarantee compliance if your CTA is deficient.
Sources
- The Campaign Registry (TCR), Campaign Registration Guidelines: TCR requires opt-in type, sample messages, and CTA language as part of 10DLC campaign registration review
- U.S. Congress, Telephone Consumer Protection Act, 47 U.S.C. § 227: TCPA requires prior express written consent for autodialed marketing texts; statutory damages are $500 per negligent violation and $1,500 per willful violation
- U.S. Court of Appeals, 9th Circuit, Satterfield v. Simon & Schuster, 569 F.3d 946 (2009): Court required evidence that the consumer understood what they were agreeing to when evaluating TCPA consent; documentation of consent scope is essential
- FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: FTC's Telemarketing Sales Rule requires retention of telemarketing records for 24 months
- The Campaign Registry (TCR), 10DLC Registration and Fees: 10DLC brand registration costs a one-time $4 fee; campaign registration fees typically run $10-$15 per campaign per month
- AT&T, Business Messaging and Code of Conduct: Carriers can filter or block messages from campaigns with missing opt-out disclosures or elevated complaint rates, with no error returned to the sender
- Florida Legislature, Florida Telephone Solicitation Act, Fla. Stat. § 501.059: Florida's FTSA imposes state-level consent and disclosure requirements for telephone solicitations that layer on top of federal TCPA rules
- U.S. Congress, 28 U.S.C. § 1658, Statute of Limitations: TCPA plaintiffs have a four-year statute of limitations under 28 U.S.C. § 1658, setting the practical minimum for consent record retention