Does opt-out language need to be in every SMS you send?

TCPA and CTIA rules say you don't have to put opt-out language in every SMS, but there are specific triggers. Learn exactly when it's required and when it helps.

LeadCompliant Team
23 min read
In This Article

Last updated 2026-07-10

Hand holding a smartphone on a desk with soft afternoon light, illustrating SMS opt-out compliance
Hand holding a smartphone on a desk with soft afternoon light, illustrating SMS opt-out compliance

TL;DR

You do not have to include opt-out language in every single SMS. CTIA guidelines require it in the first message of any new campaign and periodically after that (at least every 30 days for recurring programs). Carriers can require it too. Skipping it entirely is where programs get hurt, and a TCPA suit runs $500 to $1,500 per message.

What does the law actually say about opt-out disclosures in SMS?

Federal law requires a working opt-out mechanism. It does not require specific words on every text. The TCPA, codified at 47 U.S.C. § 227, gives consumers the right to opt out of autodialed or prerecorded calls and texts and requires senders to honor those requests promptly [1]. What the statute never does is spell out a per-message disclosure.

The FCC implements the TCPA through rules at 47 C.F.R. § 64.1200. Those rules require a text solicitation to identify the sender and give the consumer a way to opt out [2]. The mechanism has to work. The regulations do not say you must print the full STOP instruction on every message you send.

So where does the "put STOP in every message" idea come from? Mostly from CTIA Messaging Principles and Best Practices, an industry guideline that carriers and aggregators enforce through contracts, not a statute [3]. Break CTIA guidelines and your carrier can block your traffic or kill your account. That real-world consequence is why most SMS platforms treat the guidelines as near-mandatory even though they are not federal law.

Here is the split that matters. Federal law requires an opt-out mechanism. Industry guidelines require specific language and timing. Both bind you, and ignoring either one is how you end up in a demand letter.

When is opt-out language actually required in an SMS?

Three situations make opt-out language genuinely required, not a nice-to-have.

First: the initial message of any new program. CTIA guidelines say the first message in a recurring program must include the program name, a message frequency disclosure, a data rate notice, and how to opt out (STOP) and get help (HELP) [3]. Skipping this on message one is the most common mistake small programs make.

Second: periodic reminders in recurring campaigns. CTIA's framework says recurring-message programs must send an opt-out reminder at least once every 30 days [3]. Some carriers want it more often. If your program sends a daily text for 45 days, the reminder language has to land somewhere in that window, more than on day one.

Third: after a subscriber replies with a non-standard opt-out keyword. If someone texts "UNSUBSCRIBE" or "CANCEL" or even "STOP IT," CTIA guidelines say you must read it as an opt-out attempt, honor it, and send one final confirmation that includes how to re-subscribe. That confirmation should state clearly that no further messages will come [3].

Outside those three, routine transactional or conversational messages in an ongoing opted-in program do not each need a STOP footer. Including it periodically is cheap insurance anyway. Most platforms let you drop it in automatically on every fifth or tenth message without writing it by hand each time.

What does CTIA specifically require the opt-out message to say?

CTIA's Messaging Principles and Best Practices is the governing industry standard, and it is more specific than most people expect [3]. For the initial program message, five elements have to appear.

ElementExample text
Program name"LeadCo Alerts"
Message frequency"Msg frequency varies" or "4 msgs/month"
Data rate disclosure"Msg & data rates may apply"
Opt-out instruction"Reply STOP to cancel"
Help instruction"Reply HELP for help"

All five must show up. The phrasing can flex a little, but every element has to be present. A message that says "Msg & data rates may apply. STOP to unsubscribe" but leaves out the frequency disclosure is technically non-compliant with CTIA guidelines.

For the opt-out confirmation (sent after someone replies STOP), CTIA says it must acknowledge the opt-out, confirm no further messages will be sent, and optionally include a re-subscribe path. Something like: "You've been unsubscribed from LeadCo Alerts. No more messages will be sent. Text START to re-subscribe."

For periodic reminders in recurring programs, the reminder does not have to be as long as the initial disclosure. Appending "Reply STOP to cancel" to a normal message is enough, as long as it appears at least once in the required window.

The good news: this language is short. Tacking "Msg & data rates may apply. Reply STOP to cancel, HELP for help" onto a message adds roughly 60 characters, well within SMS limits.

Key TCPA and CTIA opt-out compliance thresholds Numbers every SMS sender needs to know 500 Statutory damages per negli… violation 1,500 Statutory damages per willf… violation 30 Days to send periodic opt-out reminder (max inter… 24 Hours to honor opt-out request (CTIA standard) Source: 47 U.S.C. § 227 [1]; CTIA Messaging Principles and Best Practices [3]; 28 U.S.C. § 1658 [11]

What happens if you leave opt-out language out entirely?

Two bad things happen, and they come from different directions.

On the carrier side, aggregators run automated compliance checks on message content. If your shortcode or 10DLC campaign keeps sending messages with no opt-out mechanism or language, carriers can flag your traffic, throttle it, or terminate your campaign registration. 10DLC vetting has tightened since 2021, and reviewers read sample message content before approving a registration [4]. A campaign with no opt-out plan in its use-case description gets rejected or sent back for revision.

On the legal side, the TCPA lets consumers sue for $500 per negligent violation and $1,500 per willful one [1]. Courts have consistently held that sending messages after an opt-out is willful. If you never gave consumers a clear way to opt out and they kept getting messages, that failure makes the willful finding much easier for a plaintiff's attorney to argue. Class actions stack thousands of individual $500 or $1,500 claims into serious exposure fast.

The Ninth Circuit's decision in Van Patten v. Vertical Fitness Group confirmed that unwanted texts create standing to sue and that failing to honor opt-outs supports TCPA liability [5]. You do not want that kind of clarity aimed at you.

Leaving opt-out language out also signals to class-action scouts that your program is sloppy. Plaintiffs' firms scan and document non-compliant SMS campaigns for a living. Having the required disclosures won't make you lawsuit-proof. Missing them is a red flag in every demand letter.

Does the opt-out requirement apply to transactional texts too?

Yes, though the confusion here is understandable. CTIA opt-out rules cover all commercial SMS, transactional messages included, even though transactional texts get lighter consent treatment under the TCPA.

The FCC separates marketing texts from transactional or informational texts. Transactional texts, like a one-time order confirmation, appointment reminder, or shipping notice, do not require the express written consent that marketing texts require [2]. Lighter treatment on consent does not mean zero opt-out requirement.

CTIA guidelines apply opt-out requirements to every commercial SMS program. The first message of even a transactional program should carry the opt-out instruction and data rate notice [3]. Plenty of companies skip this on transactional flows and get away with it for years. They are still technically non-compliant with CTIA rules, and they are exposed the moment a consumer complains to a carrier or an attorney decides they are worth suing.

Purely conversational texts get blurrier. One-to-one peer-to-peer messaging without an autodialer arguably falls outside the TCPA's autodialer rules entirely. But "peer-to-peer" is hard to claim when you are pushing messages through a platform, and courts have not drawn a bright, stable line.

Safest practice for transactional programs: include the initial disclosure, honor any STOP with a confirmation, and add a periodic reminder if the program runs past 30 days. Those 60 extra characters cost nothing next to defending a TCPA suit.

How does 10DLC registration affect opt-out language requirements?

10DLC (10-digit long code) registration became mandatory for most commercial SMS traffic in the US across 2021 and 2022, enforced through The Campaign Registry [4]. When you register a 10DLC campaign, you describe your use case, submit sample messages, and agree to CTIA guidelines. That agreement is contractual.

Carriers run automated filtering on 10DLC traffic. One thing they check is whether your messages carry recognizable opt-out keywords like STOP, UNSUBSCRIBE, CANCEL, QUIT, and END. If your messages never reference an opt-out, the filtering systems can score your traffic lower and raise the odds of blocking.

Registration itself asks whether your campaign includes opt-out language in the initial message. Say yes but submit samples that don't show it, and the reviewer can reject the campaign or demand changes. Say no, and you'd better have a clear reason your program is exempt, which is rare for any commercial messaging.

Shortcode campaigns go through separate approval with higher throughput limits. CTIA and carrier compliance requirements there have been enforced even longer and get audited more carefully. A shortcode program that loses opt-out compliance can have its code suspended.

If you are building or auditing an outbound SMS program, learn the tcpa sms compliance rules for your channel type before you register, not after your first rejection.

Is there a difference between STOP, UNSUBSCRIBE, and other opt-out keywords?

CTIA defines a set of standard keywords every compliant SMS platform must treat as opt-out requests: STOP, QUIT, END, CANCEL, UNSUBSCRIBE, and ARRET (the French equivalent, required for Canadian traffic) [3]. Your system has to respond to all of them the same way: suppress the number immediately, send one confirmation, and never send another marketing or promotional message to that number from that program.

HELP and INFO are standard too. When someone texts HELP, you must return the program name, a support contact (phone or email), and how to opt out. This is non-negotiable in CTIA guidelines and gets checked during shortcode and 10DLC audits.

Non-standard phrasing is where it gets messy. If someone replies "Please remove me" or "Don't text me anymore," that is an opt-out attempt, and CTIA guidelines say you should honor it. The FCC has signaled in guidance that consumer intent matters more than exact keyword matching [7]. In practice, many platforms auto-suppress only standard keywords and route the rest to a human review queue. That queue has to get monitored and cleared fast. Sitting on a "please remove me" reply for weeks while you keep messaging that person is exactly the fact pattern that drives willful TCPA claims.

If you are building or auditing your sms opt in process, give the opt-out side equal attention. A clean opt-in paired with a broken opt-out is still a liability.

How quickly do you have to honor an opt-out request?

CTIA guidelines say within 24 hours. The FCC's standard is "promptly," which in practice means before the next message goes out [2][3]. If you run a reputable SMS platform, suppression happens in real time the moment a STOP keyword lands.

The risk lives in programs that use manual suppression, batched CRM syncs, or a gap between the SMS platform and the outbound dialer or email system. If a consumer opts out at 11 PM Friday, your suppression list syncs to the CRM Monday morning, and you send Saturday, you have a textbook TCPA violation. Courts don't accept "our systems weren't synced" as a defense. They treat it as willful, because you messaged someone who already asked you to stop.

Some carrier compliance documents push for near-instantaneous suppression on automated systems. That is the bar to aim for.

The practical answer: automate it. Opt-outs should flow to a master suppression list that every outbound channel checks before any message goes out, more than the platform that caught the STOP reply. One number, one suppression list, all channels.

Do B2B text messages need opt-out language too?

This is a real gray area, and B2B is not the clean exemption many sales teams think it is. Include opt-out language anyway.

The TCPA applies to calls and texts to any wireless number, business lines included [1]. Most salespeople are texting cell phones, and most business cell phones are personal phones the person also uses for work. That phone is not exempt from the TCPA just because the person happens to have a job.

The FCC has suggested that texts to numbers used primarily for business may get different treatment, but that has never been codified into a clear B2B exemption in the statute or regulations [2]. Courts have split. Most TCPA suits still involve individual consumers rather than B2B contexts, partly because the damages model makes consumer cases more attractive to plaintiffs' attorneys.

For a small outbound team prospecting by text, the pragmatic move is to include opt-out language. The cost is negligible. The protection is real. If you are capturing consent with an sms opt in form in a B2B context, document it even when you think you don't strictly need to.

For how B2B lead generation intersects with compliance beyond the TCPA, b2b lead generation platforms gdpr compliance covers how European rules add another layer if you have any cross-border exposure.

What should opt-out language actually look like in a real message?

Here is compliant opt-out language across the scenarios you'll hit.

Initial marketing campaign message: "Hi, this is [Brand]. You're signed up for deal alerts. Msg frequency varies. Msg & data rates may apply. Reply STOP to cancel, HELP for info."

Recurring program's periodic reminder (appended to a normal promotional message): "[Your deal here]. Reply STOP to cancel."

Opt-out confirmation after a STOP reply: "You've been unsubscribed from [Brand] alerts. No more messages will be sent from this number. Text START to resubscribe or call [number] for help."

Transactional text (order confirmation, appointment reminder): "Your appt with [Provider] is confirmed for [date]. Reply STOP to opt out of text reminders. Msg & data rates may apply."

A few practical notes. Don't bury the opt-out language or shrink it so it's hard to find. Regulators and courts look at whether the disclosure was clear and conspicuous, more than technically present. Don't swap a STOP keyword for a URL that redirects to an opt-out page. Most platforms and carriers expect the keyword to work directly in SMS. And test your STOP processing before launch, not after your first complaint.

To see these patterns in a specific vertical, sample text message marketing for restaurants shows concrete examples of working compliant messages in a real industry.

What tools help you stay compliant with opt-out requirements automatically?

Manual opt-out management doesn't scale, and it opens liability gaps. Any serious SMS program needs automated suppression built into the platform.

Every major SMS platform handles standard keyword suppression (STOP, QUIT, and the rest) automatically. Twilio, Bandwidth, Sinch, and similar providers process STOP replies and suppress the number from that messaging service [6]. The catch: suppression is often program-specific by default. If a number opts out of one campaign, it may not be suppressed across a different shortcode or 10DLC campaign you run. You have to build cross-program suppression yourself or use a CRM that centralizes it.

For auditing, tools that check your message templates against CTIA requirements before launch catch missing disclosures early. LeadCompliant's free compliance kit includes a template checker for exactly this, so you can run your SMS copy through a checklist before your first send.

For text message marketing software, look for platforms that include built-in opt-out handling, suppress across campaigns by default (more than within one), and give you a report of opt-out activity and confirmation messages sent. No audit trail means you can't prove you honored an opt-out if you're ever challenged.

The opt-in side matters just as much. A clean record of who consented, when, through what mechanism, and what they were told is what makes your opt-out compliance defensible. Without that record, the opt-out language in your messages is protecting a house with no foundation. Good text message marketing best practices treat consent records and opt-out records as two halves of the same system.

What are the biggest opt-out compliance mistakes small teams make?

These patterns show up over and over in TCPA demand letters and FCC complaints.

No opt-out language in the first message. Teams launch a campaign, get excited about the offer, and forget the required disclosures. That first message carries the highest compliance stakes. Missing it is the most common and most preventable mistake.

Not processing non-standard opt-outs. If someone texts "Remove me" and your system only auto-suppresses STOP, that person stays on your list. The next message to them is a willful violation.

A gap between your SMS platform's suppression list and your CRM or dialer. Someone opts out by text, the SMS platform honors it, but the CRM still marks them active and your rep calls them the next day. That is a TCPA violation, and courts take cross-channel harassment seriously.

Reactivating opted-out numbers without fresh consent. Some teams purge opt-out lists when they switch platforms or rebuild a contact database. Sending to someone who previously opted out, even from an old campaign, is risky. Treat opt-outs as permanent unless the consumer explicitly re-subscribes.

Treating the confirmation message as optional. It isn't optional under CTIA guidelines, and it's also your proof that you honored the request. Send it every time, log it, and keep that log for at least four years, the TCPA statute of limitations [1][11].

For teams doing real estate text message marketing, where lead volumes run high and speed-to-lead pressure is intense, these gaps hit hardest. Speed pressure and compliance pressure pull in opposite directions, and the compliance side doesn't get gentler when you explain you were moving fast.

Frequently asked questions

Do I have to put STOP in every single text message I send?

No. CTIA guidelines require opt-out language in the first message of a new campaign and as a periodic reminder at least once every 30 days in recurring programs. Routine messages in between don't each need a STOP footer, though including it periodically is good practice. The first message and the 30-day reminder are the non-negotiable touchpoints.

What happens if a customer texts STOP and I keep sending messages?

Continuing after a STOP reply is a TCPA violation. Courts classify it as willful, which triggers the $1,500 per-message cap instead of $500. A class action involving even a few hundred people who texted STOP and kept getting messages can generate six-figure exposure fast. Honor every STOP immediately, send one confirmation, and send nothing else.

Is there a specific law that says what opt-out language must be in an SMS?

The TCPA at 47 U.S.C. § 227 requires an opt-out mechanism but doesn't dictate exact language. FCC rules at 47 C.F.R. § 64.1200 require identity and an opt-out method. CTIA's Messaging Principles and Best Practices specify the actual elements: program name, message frequency, data rate notice, STOP instruction, and HELP instruction. Carriers enforce CTIA guidelines contractually.

Does the opt-out disclosure requirement apply to one-time transactional texts?

CTIA guidelines apply to all commercial SMS programs, transactional ones included. The first message of even a transactional program should include opt-out instructions and a data rate notice. For a true one-time send, the risk is lower, but including the disclosure costs almost nothing and removes ambiguity about whether your program is subject to recurring-program rules.

How long do I have to honor an opt-out request?

CTIA guidelines say within 24 hours, and the FCC's standard is "promptly," which in practice means before the next message goes out. Automated SMS platforms suppress in real time. The risk is batch CRM syncs or cross-channel gaps where a STOP from your SMS platform doesn't reach your dialer or email system before the next outreach.

Can I reactivate a number that previously opted out?

Only if the consumer explicitly re-subscribes with fresh consent. Purging an opt-out list when you switch platforms or CRMs and then re-adding those numbers is a TCPA risk. Courts have found that sending to a number that previously opted out, even from an earlier campaign or a different sender name, can be a willful violation if the consumer never opted back in.

What is the required opt-out language for a 10DLC campaign?

During 10DLC registration with The Campaign Registry, you confirm your initial message includes opt-out instructions. Sample messages submitted for vetting should show STOP and HELP keyword support. Carriers run automated filtering that checks for opt-out language. A registered campaign that sends messages without any opt-out references risks filtering, throttling, or suspension.

Does replying STOP to one of my campaigns opt them out of all my campaigns?

Not automatically. Most SMS platform suppression is program-specific by default. A STOP reply to one shortcode or 10DLC campaign suppresses that number for that campaign only. If you run multiple campaigns, you need cross-campaign suppression yourself, typically by syncing opt-outs to a master suppression list in your CRM that all campaigns check before any send.

Do B2B text messages need opt-out language?

There is no clear B2B exemption in the TCPA statute. The law applies to wireless numbers, and most business contacts sit on personal cell phones. The FCC has hinted at different treatment for true business-use numbers, but courts haven't settled it. Including opt-out language in B2B texts costs nothing and removes an argument. Most compliance lawyers advise treating B2B mobile numbers like consumer numbers until the law clarifies.

What should the opt-out confirmation message say after someone texts STOP?

CTIA requires the confirmation to acknowledge the opt-out, confirm no further messages will come from this program, and optionally include a re-subscribe path. A compliant example: 'You've been unsubscribed from [Program Name]. No more messages will be sent. Text START to resubscribe or call [number] for help.' Send it exactly once. Log it. Keep the record for at least four years.

What is the TCPA statute of limitations for SMS violations?

The TCPA has a four-year statute of limitations under 28 U.S.C. § 1658, though some courts have applied a two-year limit depending on how the claim is characterized. The majority position is four years. Keep opt-out records, consent records, and message logs for at least four years after a program ends.

Are there state laws that add opt-out requirements beyond TCPA and CTIA?

Yes. Florida's Telephone Solicitation Act (Fla. Stat. § 501.059) adds prior express written consent requirements and a state private right of action. Oklahoma and Washington have their own SMS and robocall statutes. California's CCPA/CPRA adds opt-out rights for personal data that touch SMS marketing indirectly. If you message across states, the most restrictive applicable rule sets your baseline.

How often does the periodic opt-out reminder need to appear in a recurring SMS program?

CTIA guidelines require at least once every 30 days for any recurring messaging program. Some carriers want it more often. You don't need a whole message for it: appending 'Reply STOP to cancel' to a normal promotional message satisfies the requirement. Automate it on a schedule so you don't rely on manual tracking to stay in the window.

Does the HELP keyword response have any required content?

Yes. When a subscriber texts HELP, your response must include the program or brand name, a support contact (phone number or email), and how to opt out. CTIA guidelines treat HELP response content as required, not optional. The response should also mention message frequency and data rates if space allows, mirroring your initial disclosure.

Sources

  1. Cornell Law School LII, 47 U.S.C. § 227 (TCPA statute text): TCPA provides $500 per violation for negligent violations and up to $1,500 for willful ones
  2. FCC, 47 C.F.R. § 64.1200 (FCC TCPA implementing regulations): FCC rules require that text message solicitations include sender identity and an opt-out mechanism; opt-outs must be honored promptly
  3. The Campaign Registry, 10DLC campaign registration overview: 10DLC campaign registration requires disclosure of opt-out handling in use-case description and sample messages; carrier filtering checks for opt-out language
  4. Van Patten v. Vertical Fitness Group, 847 F.3d 1037 (9th Cir. 2017): Ninth Circuit found unwanted texts create standing to sue and that failing to honor opt-outs supports TCPA liability
  5. Twilio, Messaging Compliance documentation: Twilio processes STOP replies and suppresses numbers automatically for the sending service; suppression is service-specific by default
  6. Federal Trade Commission, CAN-SPAM guidance for business: FTC notes that commercial messages must provide a clear opt-out mechanism and that opt-outs must be honored within 10 business days for email; SMS opt-out standards are governed by FCC/TCPA
  7. Florida Legislature, Fla. Stat. § 501.059 (Florida Telephone Solicitation Act): Florida's FTSA adds state-level requirements for commercial text messages that can exceed TCPA, including prior express written consent for automated texts and a state private right of action
  8. Cornell Law School LII, 28 U.S.C. § 1658 (statute of limitations): Four-year default statute of limitations for federal civil actions, applied by majority of courts to TCPA SMS claims

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

LeadCompliant
Build My Kit