Last updated 2026-07-10

TL;DR
10DLC registration takes two steps: register your brand with The Campaign Registry (TCR) for a one-time $4 fee, then register each campaign use case for $10 to $25 per month plus a one-time vetting fee. Carriers filter or block unregistered traffic. The whole process takes 1 to 5 business days if your paperwork is clean.
What is 10DLC and why does registration matter?
10DLC stands for 10-digit long code. It lets a business send application-to-person (A2P) SMS from a standard 10-digit phone number, the same kind of number a person might call back. Before the current registration framework existed, carriers had no reliable way to tell a company texting appointment reminders apart from a spam operation blasting phishing links. So they rate-limited everybody.
The Campaign Registry (TCR) is the central hub the major US carriers built to fix that. AT&T, T-Mobile, and Verizon all require A2P 10DLC messages to be registered through TCR before those messages get favorable delivery treatment. Unregistered or badly registered traffic faces heavy filtering or outright blocking, not occasionally but consistently. T-Mobile has been the most aggressive, publishing explicit filtering thresholds for unregistered senders since 2021.[1]
From a legal angle, this sits alongside your TCPA obligations, not instead of them. Registration with TCR is a carrier requirement, not a federal law. The Telephone Consumer Protection Act, 47 U.S.C. § 227, governs consent and content. TCR registration governs deliverability. You need both. Confusing the two is a common mistake that leaves teams exposed on one side or the other.
Here is the blunt version. If you send any volume of business SMS from a 10-digit number and you have not registered, your messages are either being filtered now or will be soon.
What does 10DLC registration actually cost?
10DLC has several fee layers, and they vary with your carrier relationships and the CSP (Campaign Service Provider) you use. Here is the honest breakdown as of mid-2026.
Brand registration with TCR costs a one-time $4 fee.[2] That covers your company entity. If your brand fails the automated vetting (the DUNS or EIN lookup does not match cleanly), you can request enhanced vetting for an additional $40 to $95 depending on the TCR-connected CSP you use.
Campaign registration is an ongoing monthly fee per use case: typically $10/month for standard campaigns and $15/month for special use cases like political messaging or mixed marketing.[2] Some CSPs charge more, building a margin on top of TCR's pass-through rates.
Individual carriers sometimes add their own pass-through fees. AT&T charges a one-time $25 activation fee per campaign, passed through by your CSP.[3] T-Mobile has historically charged a $10 one-time campaign registration fee. These are not always visible in your CSP's quoted price, so ask explicitly.
Run multiple campaigns (say, one for transactional alerts and one for marketing promotions) and you pay the monthly campaign fee for each one separately. A company running four campaigns could easily sit at $60 to $80/month in pure registration costs before sending a single message.
Short codes (5 to 6 digit numbers) cost roughly $500 to $1,000/month to lease plus their own registration process. Toll-free numbers have a separate vetting pathway through carriers. 10DLC sits in the middle: real friction, but reachable for a small team with a legitimate use case.
| Number type | Setup cost | Monthly cost | Best for |
|---|---|---|---|
| 10DLC (standard) | $4 brand + $25 AT&T activation | ~$10 to $25/campaign | Small-to-mid volume A2P |
| Toll-free | $0 to $15 vetting | $0 to $10/number | Mixed voice+SMS, mid volume |
| Short code (shared) | Low | $25 to $50 | High volume, shared sender |
| Short code (dedicated) | $500 to $1,500 setup | $500 to $1,000 | Very high volume, brand control |
Who needs to register: carriers, CSPs, ISVs, and brands?
The 10DLC ecosystem has three tiers. Which tier you sit in decides what you register and with whom.
Brands are the companies actually sending messages. Run a SaaS company that texts your customers, and you are the brand. You register your entity with TCR and register each campaign (use case) you intend to run.
CSPs (Campaign Service Providers) are the messaging platforms and aggregators sitting between you and the carriers. Twilio, Bandwidth, Sinch, Plivo, and dozens of others are CSPs. They hold direct connections to AT&T, T-Mobile, and Verizon. When you register a brand and campaign through a platform like Twilio, you are doing it through that CSP's TCR portal.
ISVs (Independent Software Vendors) send messages on behalf of multiple brands. Think marketing platforms or CRMs with SMS features. They carry extra registration obligations and usually register as a CSP themselves or connect to one.
For most small outbound teams the path is simple: pick a CSP (your SMS platform), and use their brand and campaign registration flow inside their dashboard. You are not registering directly with TCR unless your CSP hands you direct portal access, which some do.
One nuance matters a lot. Your CSP must be TCR-registered themselves. If you are evaluating SMS platforms, ask flat out whether they are a registered CSP with TCR and which carriers they hold direct agreements with. A platform routing through several undisclosed aggregators can create registration gaps that sink your deliverability even after you have done everything right on your end.
What information do you need to register your brand?
TCR's brand registration pulls from business identity databases, mainly Dun & Bradstreet's DUNS system and EIN records. The cleaner your business registration, the smoother this goes.
You will need:
- Legal company name (must match your EIN registration exactly)
- EIN (Employer Identification Number) or the equivalent for non-US entities
- Business type (LLC, corporation, sole proprietor, etc.)
- Industry vertical (TCR has a dropdown; pick the closest honest match)
- Business address
- A contact email and phone number
- Company website
- Stock symbol and exchange if you are publicly traded (this actually gets you faster approval and lower scrutiny in some cases)
The single biggest reason brand registrations fail or get flagged for enhanced vetting is a mismatch between the company name on the TCR form and the name attached to your EIN. If your legal name is "Acme Marketing LLC" but you have been operating as "Acme" everywhere, put the full legal name on the form. You can specify a DBA separately.
Sole proprietors and very small businesses sometimes struggle here because their EIN may be tied to a personal SSN, or their business name in IRS records differs from how they present publicly. If that is you, getting your Dun & Bradstreet DUNS number set up and verified before registering can save you the enhanced vetting fee and the delay.[4]
Give yourself two to three hours to gather this documentation before you open the registration portal. Saving a half-finished registration and coming back to it sometimes causes session errors in TCR-connected portals.
How do you register a campaign use case, and what are the use case categories?
Once your brand is registered and approved (usually within minutes for standard automated vetting), you register each campaign. A campaign in TCR terms is a specific messaging use case, not an individual promotional send. Think of it as standing permission to send a certain type of message.
TCR's current use case categories include:
- Account Notifications
- Customer Care
- Delivery Notifications
- Fraud Alerts
- Higher Education
- Marketing
- Mixed (two or more use types combined)
- One-Time Passcodes (OTP)
- Polling and Voting
- Political
- Public Service Announcements
- Security Alerts
- Two-Factor Authentication
- Agents and Franchises
- Carrier Exemptions
- Emergency
- Low Volume Mixed
For each campaign registration you provide: the use case category, a plain-English description of what the campaign sends and to whom, 2 to 3 sample messages that mirror actual sends, opt-in language (how subscribers consented to hear from you), opt-out instructions (how recipients stop messages), and whether you use embedded links or phone numbers.
The sample messages get reviewed. Write them to match your real traffic. Carriers have flagged campaigns where the registered samples were clean but actual traffic carried promotional language never disclosed during registration, which triggered filtering after the fact.
For text message marketing campaigns specifically, be explicit in your opt-in description. Note whether consent came from a web form, at point of sale, or by some other method. This is where your TCR registration meets your TCPA consent documentation: both need proof of prior express written consent for marketing messages.[5]
After submission, campaign approval typically takes 24 to 72 hours for standard use cases. Political and other high-scrutiny categories can take longer. AT&T's secondary review adds another day or two on top of TCR's approval.
What happens after you register: connecting numbers to your campaign
Approval from TCR is not the finish line. After your campaign is approved, you have to link your actual phone numbers to that campaign inside your CSP's platform. This step goes by number provisioning or number assignment.
The process varies by CSP. In Twilio, for example, you link numbers to a messaging service, and that messaging service ties to your approved campaign. In other platforms you assign numbers directly to a campaign ID. Check your CSP's documentation, because skipping this step means messages from that number still go out unregistered even though you have a perfectly approved campaign sitting in TCR.[7]
Throughput limits (called message rates or MPS, messages per second) attach to campaigns. Standard 10DLC campaigns start at fairly low throughput, around 75 to 100 messages per second across the carrier network, which is more than most small teams ever need. High-volume senders can apply for higher throughput, but that means additional carrier-level vetting and sometimes a separate enhanced campaign registration.
Set up your opt-out keywords too. HELP and STOP are required, and most platforms handle them automatically. Verify that yours is processing STOP replies and pulling those numbers from active send lists. Texting a recipient who opted out is a TCPA violation regardless of your 10DLC registration status, and class actions have settled in the tens of millions of dollars over exactly this failure. The Cash App TCPA class action settlement shows how expensive post-opt-out messaging gets.
What are the most common reasons 10DLC registration gets rejected or delayed?
Rejections mostly fall into four buckets.
First, identity mismatches. The brand name or EIN does not match TCR's lookup against business registration databases. Solve this before you start: look up your own company in the D&B database and confirm the record is current.[4]
Second, vague or misleading campaign descriptions. "We send marketing messages to customers" tells TCR nothing. Reviewers want to know who your audience is, how you collected consent, and what the messages say. Write something specific: "We send promotional offers for home services to customers who opted in via our website contact form at checkout."
Third, sample messages that do not match the use case. Register under "Account Notifications" but drop promotional offers into your samples, and that is a mismatch. Register a separate marketing campaign.
Fourth, an opt-in description that is too thin. "Customers opted in" is not enough. Describe the mechanism: a checkbox on a web form, a keyword reply to an inbound number, a signed paper form. If you cannot describe the opt-in mechanism clearly to TCR, that is a signal you may not have the consent documentation you need for TCPA compliance either.
Delays past five business days usually mean your brand hit manual review. Contact your CSP directly. They can often see the specific rejection reason in their TCR portal, which is not always surfaced in the brand-facing interface.
How do 10DLC rules interact with TCPA obligations?
These are parallel frameworks that do not fully overlap. Getting one right does not satisfy the other.
The TCPA, at 47 U.S.C. § 227(b)(1)(A)(iii), prohibits using an automatic telephone dialing system (ATDS) or an artificial or prerecorded voice to call or text a mobile number without prior express consent.[5] For marketing messages that consent must be in writing and must be specific to receiving messages from you. The FCC's 2024 order (FCC 24-25) moved to close the "lead generator loophole" by requiring one-to-one consent, meaning a single opt-in form cannot bundle consent for multiple sellers.[6]
TCR registration does not prove TCPA consent. You can be perfectly registered with TCR and still face a class action because you sent marketing texts without proper written consent, or because you texted someone on the do not call list who never gave you express written consent. The two systems do not talk to each other.
The reverse holds too. Excellent TCPA consent documentation does nothing for your deliverability if you have not registered with TCR. Carriers do not know about your consent records.
So run both tracks at once. Audit your consent collection and documentation (a TCPA and FCC requirement), and register your brand and campaigns with TCR (a carrier requirement). Skip either one and you carry real exposure. LeadCompliant's free compliance kit covers the consent documentation side with templates you can adapt for your opt-in flows.
For teams doing cold calling alongside SMS, the DNC obligations for outbound calls are separate again. The do not call telemarketer list rules apply to voice calls under a different regulatory track from the SMS carrier rules.
What throughput limits and carrier-specific rules should you know about?
Carriers do not all treat 10DLC traffic the same, and the differences bite at scale.
T-Mobile has been the strictest and most transparent about its filtering rules. It applies a daily message limit and a "reputation score" system to registered campaigns, and it states that unregistered A2P traffic faces blocking regardless of content. Its throughput for standard registered campaigns is 2,000 messages per day per campaign on the default tier, with room to apply for higher limits.[1]
AT&T runs a tiered system where throughput depends on your brand's "trust score" (a TCR score from 1 to 100 based on your business data). Higher trust scores allow higher message rates. A brand scoring above 75 gets meaningfully better throughput than one under 50. Publicly traded companies and established businesses with clean D&B records tend to score higher automatically.
Verizon aligns closely with T-Mobile's approach but has been somewhat less aggressive about blocking and more focused on filtering to spam folders or delaying delivery.
For most small outbound teams sending a few hundred to a few thousand messages per day, the default throughput limits are not a real constraint. Teams get into trouble when they scale fast without applying for higher throughput, or when they stop watching delivery rates and miss that filtering has kicked in.
Monitor your delivery reports. A sudden drop below 85 to 90% on a campaign that was performing well is the first sign your messages are being filtered. It can mean your content tripped carrier spam detection, or your opt-out rate spiked past a threshold, or your campaign registration has drifted from your actual traffic. CTIA's messaging principles describe the STOP and HELP handling and the filtering policies carriers apply to non-compliant A2P traffic.[8]
Do nonprofits, political campaigns, and small businesses register differently?
Yes, with differences that matter.
Nonprofits register using their EIN like any other entity, but they should pick the correct industry vertical and choose use cases like "Public Service Announcements" or "Customer Care" rather than "Marketing" when their messages are genuinely informational. Watch the trap: fundraising texts count as marketing for TCPA consent purposes even when the sender is a nonprofit, so do not let the TCR use case category fool you about consent requirements.
Political campaigns face special rules. Political messaging is a separate use case category in TCR, and some carriers treat it differently for filtering and throughput. This part matters: political calls and texts have an exemption from some TCPA provisions for manually dialed calls, but that exemption is narrow and courts have not uniformly agreed on its scope. Do not assume being a political campaign means the TCPA leaves your texts alone.
Sole proprietors and very small businesses without a DUNS number or a clean EIN record hit the most friction. If your business is brand new (under six months of IRS records), you may be routed to enhanced vetting almost automatically. Building your DUNS record and cleaning up your IRS business registration before applying saves money and time.[4]
Franchises and multi-location businesses need to decide whether to register one brand with multiple campaigns (one per location's use case) or separate brands per legal entity. TCR has a specific "Agents and Franchises" use case. Use it when agents or franchisees send messages under your brand umbrella. It allows sub-accounts while keeping a single brand identity.
What should your ongoing compliance process look like after registration?
Registration is a starting point, not a one-time task.
First, monitor delivery rates weekly. Your CSP's reporting should show delivery, failure, and opt-out rates by campaign. Set a threshold. Something like: investigate any campaign dropping below 90% delivery or spiking above 3% opt-outs in a week.
Second, keep your campaign descriptions current. If your messaging strategy shifts meaningfully (you add promotions to a transactional campaign, or you start texting a new audience segment), update your campaign registration. Sending content that materially differs from your registered use case is the most common trigger for filtering even on registered campaigns.
Third, maintain your consent records. Every number in your send list should carry a documented consent event: the date, the channel (web form, text keyword, in-person), and the specific consent language shown to the recipient. The FCC's one-to-one consent rule makes this more important than it was before 2024.[6] If you face a TCPA complaint or a Credit One TCPA settlement-style class action, your consent records are your defense.
Fourth, scrub your lists against opt-out records before every send. Do not rely on your platform's internal suppression list alone. Export your STOP replies, cross-reference against your send list, and build a master suppression file that survives platform changes.
LeadCompliant's free TCPA checkers can help you spot gaps in your consent language and opt-out handling before they turn into complaints. A proactive audit every quarter is the difference between a minor correction and a six-figure settlement.
Fifth, review the mobile phone do not call list rules periodically. The DNC registry covers calls, not texts in the same direct way, but recipients on the DNC registry who never gave you written consent should not be in your marketing SMS list either.
How long does 10DLC registration take from start to first message?
Plan for three to seven business days end to end if everything goes smoothly. Here is the breakdown.
Brand registration: automated vetting usually returns a result within minutes to a few hours. If it goes to enhanced vetting (manual review), add two to four business days and the extra vetting fee.
Campaign registration: TCR reviews typically take 24 to 48 hours. AT&T's secondary review adds another one to two business days on top, since AT&T runs its own pass-through review for certain campaign types.
Number provisioning: once your campaign is approved, linking numbers in your CSP platform takes minutes if you know where the setting lives.
Worst case is a brand that hits enhanced vetting, a campaign that needs manual review, and an AT&T secondary review. That can stretch to 10 to 12 business days. Got a hard launch deadline? Start the registration process at least two weeks before you need to send.
One thing that never helps: starting registration, hitting a snag, abandoning it, and restarting. Each submission creates a record. Clean up your business data before the first submission, and you are far less likely to need a second pass.
Frequently asked questions
Can I send SMS without 10DLC registration?
Technically yes, but your messages will likely be filtered or blocked by major carriers, especially T-Mobile. AT&T and Verizon filter unregistered A2P traffic heavily too. Short codes and toll-free numbers have their own registration pathways. If you send from a 10-digit number without TCR registration, assume a large share of your messages never reach recipients.
Does 10DLC registration replace TCPA consent requirements?
No. They are completely separate. TCR registration is a carrier deliverability requirement. TCPA consent is a federal legal requirement under 47 U.S.C. § 227. You can be registered with TCR and still face TCPA liability if you lack prior express written consent for marketing messages. Both tracks must be maintained independently.
How much does it cost to register a brand with TCR?
The TCR brand registration fee is $4 one-time. If your business data does not pass automated vetting, enhanced vetting costs an additional $40 to $95 depending on your CSP. Campaign registration costs $10 to $25 per campaign per month, plus a one-time $25 AT&T activation fee per campaign. Running three campaigns could cost $55 to $100/month in registration fees alone.
What is a CSP in 10DLC registration and do I need one?
A CSP (Campaign Service Provider) is the messaging platform or aggregator that connects your brand to the carrier network and to TCR. Twilio, Bandwidth, Sinch, and similar platforms are CSPs. You almost certainly need one unless you are a very large enterprise with direct carrier agreements. Most brands register through their CSP's dashboard rather than directly with TCR.
What happens if my 10DLC brand registration is rejected?
Most rejections stem from a mismatch between your business name and your EIN or DUNS records. Check your business information in the Dun & Bradstreet database, correct any discrepancies, and resubmit. Your CSP can usually see the specific rejection reason in their TCR portal. You may also be routed to enhanced vetting, which costs more but lets a human reviewer evaluate your registration.
How many campaigns can I register under one brand?
There is no hard cap on campaigns per brand, but each one carries its own monthly fee. Most small businesses run two to four campaigns: one for transactional messages, one for marketing, maybe one for customer care. Every distinct use case type (marketing vs. OTP vs. notifications) should be its own campaign registration to avoid content mismatches that trigger filtering.
Do I need to register separately for each area code or phone number?
No. You register your brand once and your campaign use cases once. Then you assign individual phone numbers to the appropriate campaign inside your CSP platform. You can add or remove numbers from a campaign any time after registration. The registration lives at the brand and campaign level, not the individual number level.
What sample messages do carriers and TCR actually want to see?
Write exactly what you will send, including your brand name, a realistic message body, and the opt-out language ("Reply STOP to unsubscribe"). Reviewers flag samples that are too generic or that do not match the declared use case. For a marketing campaign, your sample should read like a real promotional text, not a sanitized placeholder. Two or three samples that reflect your actual message variety works best.
Does 10DLC registration affect my compliance with the national Do Not Call registry?
Not directly. The national DNC registry, managed by the FTC, applies mainly to outbound telemarketing calls. SMS falls under a separate structure through the TCPA. That said, recipients on the DNC registry who never gave you prior express written consent should not be getting your marketing texts either, because the consent standard for marketing SMS already excludes people who opted out of commercial contact.
What is a trust score in 10DLC and how do I improve it?
TCR assigns brands a trust score from 1 to 100 based on business data quality, including DUNS records, how long your company has been registered, whether you are publicly traded, and the completeness of your TCR profile. Higher scores unlock better throughput with AT&T. You improve it by keeping your business records current, adding your website and public business information, and, over time, maintaining a clean messaging record.
Can I use 10DLC for cold outreach to people who have not opted in?
No. 10DLC registration does not create permission to text people who never consented. The TCPA requires prior express written consent for marketing texts to mobile numbers. Sending unsolicited marketing texts, even from a fully registered 10DLC number, is a TCPA violation carrying statutory damages of $500 to $1,500 per text. Registration only affects deliverability, not legality.
How do I know if my messages are being filtered by carriers?
Watch your delivery rate reports in your CSP dashboard. A healthy registered campaign typically delivers at 95% or above. Drops below 85 to 90% suggest filtering. Watch for spikes in "carrier errors" or "unreachable" codes in your delivery receipts too. Some CSPs offer filtering diagnostics. You can also run test sends to numbers on each major carrier (AT&T, T-Mobile, Verizon) to spot carrier-specific filtering.
What is the FCC's one-to-one consent rule and how does it affect SMS registration?
The FCC's 2024 order (FCC 24-25) requires prior express written consent for marketing communications to be obtained for one seller at a time. A form that bundles consent for multiple marketers no longer satisfies the rule. This does not change TCR registration steps, but it does change how you describe your opt-in process in your campaign registration. Your opt-in description should reflect a direct, one-to-one consent mechanism.
How do I register if I send messages on behalf of multiple clients?
If you are an ISV or agency sending on behalf of other brands, you likely need to register as a CSP or connect through one and register each client as a separate brand. TCR has ISV-specific registration pathways. Each end-brand must have its own brand registration and appropriate campaigns. Batching multiple client brands under a single registration violates TCR rules and can result in suspension of all associated campaigns.
Sources
- T-Mobile, A2P 10DLC Registration Requirements: T-Mobile applies daily message limits and filtering thresholds for unregistered A2P 10DLC traffic, including a 2,000 messages/day default limit per campaign on the standard tier
- The Campaign Registry, Pricing: TCR brand registration fee is $4 one-time; standard campaign registration is $10/month, special use cases $15/month
- AT&T Business, 10DLC and Business Messaging: AT&T charges a one-time $25 per-campaign activation fee passed through CSPs for 10DLC campaigns
- Dun & Bradstreet, Get a D-U-N-S Number: Businesses can request and verify their DUNS number through D&B; TCR uses DUNS data for brand vetting
- U.S. Code, 47 U.S.C. § 227, Telephone Consumer Protection Act: 47 U.S.C. § 227(b)(1)(A)(iii) prohibits using an ATDS to call or text a mobile number without prior express consent
- FCC, Report and Order FCC 24-25, One-to-One Consent Rule: FCC 24-25 (2024) requires prior express written consent to be obtained from one seller at a time, closing the lead generator loophole
- Twilio, A2P 10DLC Documentation: Twilio's 10DLC documentation describes the number provisioning step: linking numbers to a messaging service associated with an approved campaign
- FTC, National Do Not Call Registry: The national Do Not Call Registry is administered by the FTC and covers outbound telemarketing calls; SMS compliance falls under a separate TCPA track