SMS platforms ensuring TCPA and CTIA compliance: what to look for

Learn which features an SMS platform must have to meet TCPA and CTIA rules, what violations cost, and how to audit your stack before a lawsuit finds you.

LeadCompliant Team
27 min read
In This Article

Last updated 2026-07-10

Person reviewing compliance documents at a sunlit desk with a smartphone nearby
Person reviewing compliance documents at a sunlit desk with a smartphone nearby

TL;DR

An SMS platform is TCPA and CTIA compliant only if it stores written consent records, enforces opt-out commands automatically, respects quiet hours, and helps you prove prior express written consent in court. No platform makes you lawsuit-proof on its own. Consent management is your job. The platform's job is to make that job auditable and defensible.

What do TCPA and CTIA rules actually require for SMS?

TCPA and CTIA rules require two things that often get confused. TCPA (a federal statute) demands prior express written consent before you send a marketing text to a wireless number using an autodialer. CTIA (a trade group) sets carrier-enforced messaging rules that can shut off your traffic. You satisfy both or you have a problem.

The Telephone Consumer Protection Act (47 U.S.C. § 227) is the federal statute that governs commercial text messages. For SMS, the provision that bites hardest reads simply: you need prior express written consent before sending any marketing message to a wireless number using an automatic telephone dialing system (ATDS) or a predictive dialer. The FCC's 2012 order (CG Docket 02-278) tightened that standard for text marketing and killed the old oral-consent option for autodialed texts. [1]

The CTIA (Cellular Telecommunications Industry Association) is the wireless industry's trade group, not a regulator. Carriers like AT&T, T-Mobile, and Verizon enforce CTIA's Messaging Principles and Best Practices as a contractual condition of using their networks. [2] A CTIA violation can get your short code or 10DLC campaign suspended by a carrier even when the FCC has never heard your company's name. A CTIA gap hits you faster than a TCPA lawsuit does.

The two frameworks overlap. They are not identical. TCPA runs through private litigation and FCC enforcement. CTIA runs through carrier audits and traffic filtering. Satisfy both, because a platform that only talks about one leaves you exposed on the other.

Here are the core TCPA requirements for SMS. Prior express written consent (more than an opt-in click, plus a disclosure that spells out the messaging program). An easy opt-out honored within a reasonable time. Accurate identification of the sender. And no messages to numbers on the National DNC Registry unless you have an established business relationship or written consent. [3]

Prior express written consent is a signed, written agreement that clearly authorizes marketing messages sent by autodialer. A checkbox on a web form or a reply keyword like JOIN counts, as long as a specific disclosure sits right at the point of consent. Vague language does not survive court.

The FCC defines prior express written consent as "an agreement, in writing, bearing the signature of the person called that clearly authorizes the seller to deliver or cause to be delivered to the person called advertisements or telemarketing messages using an automatic telephone dialing system or an artificial or prerecorded voice." [1] An electronic signature counts under the E-SIGN Act, so a web form checkbox or a reply keyword works.

The disclosure has to check specific boxes. It states the name of the company sending the messages. It describes the type of messages (promotional, transactional, alerts). It gives the approximate message frequency. It notes that message and data rates may apply. And it provides opt-out and help instructions. [2] Courts and the FCC have thrown out disclosures that were vague or buried. A form that says "I agree to receive communications" with no specifics will not hold up.

A good SMS platform gives you a native opt-in form builder or a clean API integration that captures the exact timestamp, IP address, phone number, and disclosure language shown at the moment of opt-in. [4] That record is your evidence in litigation. Platforms that store only a boolean "opted in: yes" with no audit trail hand you almost nothing when someone files a TCPA claim.

Double opt-in, where the platform sends an automatic confirmation text and the subscriber replies YES before joining your list, is not required by TCPA. CTIA strongly recommends it, and it gives you a second timestamped record. [2] Many carriers treat those campaigns better. If you run a sms double opt-in flow, make sure the platform logs the confirmation reply separately from the initial web opt-in.

One thing most teams get wrong: consent is program-specific. Consent collected for a "weekly deals" list does not cover a separate "appointment reminder" program or a new brand you acquire. The platform should let you segment consent by program, more than by number.

How do TCPA and CTIA compliance features differ across SMS platforms?

SMS platforms handle compliance in wildly different ways. Some bake in consent management, opt-out processing, and carrier registration. Others treat those as add-ons, or hand them straight to you. The gap shows up when a lawsuit lands and you go looking for a consent record that was never stored. Here is how the feature categories break down:

FeatureWhat it doesTCPA relevanceCTIA relevance
Opt-in record storageSaves timestamp, IP, disclosure text per subscriberHighMedium
Automatic opt-out processingHonors STOP, QUIT, CANCEL, UNSUBSCRIBE, END within one message cycleHighHigh
Quiet hours enforcementBlocks sends outside 8am-9pm local timeHigh (FCC guidance)High
10DLC registration supportRegisters your brand and campaign with The Campaign RegistryLow (not TCPA)Very High
DNC scrubbingChecks numbers against federal/state DNC lists before sendHighLow
Double opt-in flowSends confirmation text, logs replyMediumHigh
Consent audit log exportLets you pull proof of consent per numberVery HighMedium
Short code vs 10DLC vs toll-free routingAffects deliverability and carrier scrutinyLowHigh

The platforms outbound sales teams reach for most include Twilio (API-first, you build the compliance layer yourself), EZTexting, SimpleTexting, Attentive (e-commerce heavy), Podium, and Salesmsg. None of them makes you automatically compliant. Every one still needs you to configure opt-in flows, DNC suppression, and quiet hours correctly. See also: [Twilio TCPA compliance: what you actually need to do.]

To evaluate platforms against your own use case, the text message marketing software guide covers what to ask vendors before you sign anything.

TCPA SMS violation: key numbers every sender should know Statutory damages, settlement benchmarks, and carrier thresholds 500 Per-message fine (negligent… 1,500 Per-message fine (willful v… 16.5M Papa John's class action settlement (2013) 24M Sallie Mae class action settlement Source: 47 U.S.C. § 227, FCC orders, public court records

What is 10DLC registration and why does it matter for compliance?

10DLC (10-digit long code) is the standard local number used to send commercial SMS at scale. Since 2021, carriers require businesses using 10DLC for application-to-person (A2P) messaging to register their brand and campaign through The Campaign Registry (TCR). [5] Unregistered traffic gets filtered or blocked outright. This is a carrier rule, not a TCPA rule, but the fallout is real.

If your messages are getting filtered, you may never reach subscribers who genuinely consented, which burns budget and creates inconsistent opt-out delivery. That second problem is its own compliance risk.

Registration asks you to describe your use case (marketing, account notifications, customer care), your opt-in method, and your message content. Carriers review it against CTIA's acceptable use policies, which ban whole content categories including cannabis, firearms, and payday lending regardless of state law. [2]

A platform that handles 10DLC registration for you, instead of leaving you alone in TCR's portal, saves real time and cuts the odds of a rejected campaign. Ask two specific questions, though: who is listed as the brand registrant, and what happens to your registration if you leave? Some platforms register campaigns under their own brand. That creates a portability trap.

Short codes (5-6 digit numbers) go through a separate vetting process directly with carriers and get held to a higher standard. Toll-free numbers need toll-free verification. All three paths have compliance checkpoints. 10DLC is just the common one for small and mid-size teams because it is cheaper and faster than a dedicated short code.

How should an SMS platform handle opt-outs to stay compliant?

An SMS platform should suppress a number the instant an opt-out arrives, before the next message goes out. TCPA sets no exact minute threshold, but FCC guidance and CTIA best practices both expect opt-outs to take effect before your next send. [2] In litigation, "promptly" has meant within the same business day at the outside, and courts frown on delay past the immediate send cycle.

CTIA requires platforms to recognize at minimum STOP, QUIT, CANCEL, UNSUBSCRIBE, and END as universal opt-out keywords, plus HELP as a keyword that returns contact information. [2] A subscriber who sends any of those words, in any mix of caps or lowercase, has to be removed. A platform that only matches exact uppercase "STOP" is building liability into your account.

After someone opts out, you send one final confirmation message and then nothing else to that number for that program. If the same number re-opts in later, that is a fresh consent record you have to capture.

The opt-out log matters as much as the processing. You need a timestamped record that the STOP message arrived, when it arrived, and when the number was suppressed. If a plaintiff claims you texted after they opted out, that log is your defense.

One edge case people miss: if you run multiple SMS platforms, or wire your CRM into a platform, suppression lists have to sync across systems. A number that opts out in Platform A must be suppressed in Platform B if both send to the same list. Platforms with webhook-based opt-out notifications make that sync easier. You still have to build the integration. The platform cannot do it for you without knowing your full stack.

What quiet hours rules must an SMS platform enforce?

Quiet hours for SMS run 8 a.m. to 9 p.m. in the recipient's local time zone, not the sender's. The TCPA's quiet hours provision applies to calls, and the FCC has extended the same reasoning to texts. [3] That gap matters for national campaigns. A 7:00 p.m. send from a California server lands at 10:00 p.m. for a subscriber in New York. That is a violation.

A platform that enforces quiet hours by the server's time zone instead of the recipient's area code gives you a false sense of safety. Ask vendors flat out: do you set quiet hours by recipient area code or by account time zone? The right answer is recipient area code, ideally with a manual override at the campaign level.

State laws pile on. Florida's Mini-TCPA (Fla. Stat. § 501.059) limits calls and texts to 8 a.m. to 8 p.m., one hour tighter than the federal standard. [6] Some state attorneys general add their own guidance. A platform that only enforces federal quiet hours will not cover you in stricter states.

The practical fix is a conservative buffer. Schedule campaigns for 9 a.m. to 8 p.m. in the most restrictive time zone you serve. If you send nationally and cannot pin down recipient time zones, schedule for 9 a.m. to 8 p.m. Eastern and you stay inside the legal window for the continental United States.

What TCPA risks remain even when you use a compliant SMS platform?

A compliant SMS platform cuts your operational risk. It does not move your legal liability. Under TCPA, the entity that initiates the text is primarily liable. [1] Tell the platform to send to a number where you had no valid consent, and the exposure is yours, not the platform's.

Some risks no platform can erase:

Stale or purchased lists. Upload numbers you bought from a third-party data vendor, and the platform has no way to verify those numbers consented to hear from you specifically. TCPA consent runs to the specific seller, not generically to "marketing messages." The FCC's January 2024 one-to-one consent ruling, later stayed pending further review, signaled where the agency wants this to go. [7]

Lead generation consent chains. If a third party collected consent for you, that consent has to name your company (or a clearly identified category of affiliates) at the point of collection. Consent captured on a co-registration landing page that listed 47 companies does not survive a courtroom.

Number recycling. Carriers reassign disconnected numbers. A number that belonged to a consenting subscriber six months ago may now belong to a stranger. Run your list against the FCC's Reassigned Numbers Database, which launched in 2021. [8] Some platforms wire this check in. Most do not include it by default.

Record-keeping gaps during migrations. When you move from one SMS platform to another, consent records often do not travel cleanly. This one is underappreciated. If you cannot prove consent for a subscriber you imported from an old system, you are sending without proof of consent, full stop.

For a wider map of where SMS liability hides in your stack, the tcpa sms compliance guide is the right next read.

How do carriers enforce CTIA rules and what happens when you violate them?

Carrier enforcement is faster and murkier than FCC enforcement. T-Mobile, AT&T, and Verizon all run filtering systems that read message volume, content patterns, opt-out rates, and spam reports. Cross their thresholds and one of three things happens: your messages get silently filtered (delivered to carriers but never to recipients), your short code or 10DLC campaign gets suspended, or your entire brand gets blocked from the carrier's network.

The filtering systems are not public. You usually find out something is wrong when your delivery rates drop. High opt-out rates, above roughly 1 to 2 percent, are a common trigger. A campaign that draws spam reports, often because recipients do not recognize your brand or you message too often, can go dark within hours.

CTIA's Messaging Principles and Best Practices document spells out what content is banned, what opt-in disclosures must say, and what opt-out flows must do. [2] Carriers cite this document in their acceptable use policies. Reading it is not optional if you run a commercial SMS program.

Reinstatement after a suspension takes days to weeks and requires a written appeal explaining what went wrong and how you fixed it. Your SMS channel is down the whole time. For teams that lean on SMS for lead follow-up or appointment reminders, that is a serious operational hit.

Your own opt-out rate by campaign is the best leading indicator of carrier risk. Track it weekly. If a campaign generates opt-outs above 2 percent, pause it and audit the consent source before you send again.

A defensible consent audit trail has seven parts: the opt-in timestamp, the phone number as entered, the submitting IP address, the page URL or keyword and short code, the exact disclosure text shown, the double opt-in confirmation timestamp, and any opt-out record. When a TCPA lawsuit lands, your attorney asks for proof of consent for the specific numbers at issue, and the burden of proof sits on you.

A complete consent record includes:

1. The exact date and time the opt-in was submitted (to the second, UTC-stamped) 2. The subscriber's phone number as it was entered 3. The IP address of the device that submitted the opt-in 4. The URL of the page, or the keyword and short code used to opt in 5. The exact text of the disclosure shown at opt-in, or the keyword confirmation text sent 6. For double opt-in: the date and time the confirmation reply arrived 7. If applicable: the opt-out date, the STOP keyword received, and the suppression timestamp

Many platforms store some of this. Few store all of it in an exportable format a litigation attorney can actually use. Before you commit, test the export. Download a sample consent record and check whether the disclosure text is stored, or just a pointer to a form version that may have changed since.

LeadCompliant's free TCPA compliance kit includes a consent record template and a pre-send checklist you can use alongside any platform, with a field-by-field guide to what your platform's data export should contain.

If you are building or auditing your own opt-in forms, the SMS opt-in form: what it must say and how to build one guide covers the exact disclosure language TCPA and CTIA require.

What do TCPA SMS violations actually cost and how are damages calculated?

TCPA statutory damages are $500 per violation for negligent violations and $1,500 per violation for willful or knowing violations. [1] Each text to each number counts as a separate violation. A campaign that sends one message to 10,000 numbers without valid consent could, in theory, expose you to $5 million in statutory damages. Make it willful and that number climbs to $15 million.

Class actions are common. The per-violation amount is small enough that individual plaintiffs rarely sue alone, but large enough that aggregating thousands of them makes the case attractive to plaintiffs' attorneys. TCPA puts no cap on class action liability, so the math gets very large very fast.

Settlements paint the clearest picture of real exposure. A few from public records: Papa John's settled a TCPA class action for $16.5 million in 2013. [9] Sallie Mae settled for roughly $24 million. [10] Those are big companies. Small teams with thinner consent documentation settle for less, but still routinely in the six figures for modest campaigns.

Willfulness is the multiplier that turns a bad day into a catastrophe. Courts have found willfulness where a company kept sending after receiving STOP messages, after a prior lawsuit put it on notice, or after an internal policy documented the non-compliant practice in writing. Good platform configuration alone does not prove willfulness. It can, though, show a good-faith effort that nudges a court toward the lower $500 figure.

Federal court is the main venue since TCPA creates a federal cause of action. State courts can hear TCPA claims too, and several states run their own parallel statutes with separate damage provisions. Florida, California, Washington, and Texas all have state-level laws with extra teeth. [6]

More on this in the penalties-and-lawsuits section, and for current case activity: tcpa news today.

How do you audit your current SMS platform for TCPA and CTIA gaps?

A full SMS compliance audit takes about two hours and runs in a set sequence: check consent records, test your opt-out flow, verify quiet hours, confirm 10DLC status, review DNC suppression, and read your opt-out rates. Most teams never do this until something breaks. By then, you are reacting.

Start with consent records. Pull a random sample of 20 numbers from your active list and try to trace each one back to a specific opt-in record with the seven elements above. If you cannot find a clean record for more than a couple of them, your documentation has a structural problem, not a handful of edge cases.

Next, test your opt-out flow. Send a STOP message from a test number and watch what happens. Does the platform suppress the number immediately? Does it send a confirmation? Does the suppression apply to other campaigns under your account, or only the one that received the STOP?

Check your quiet hours configuration. Is it set to recipient time zone or account time zone? Is there a default you may have overridden by accident, or missed when spinning up a new campaign?

Review your 10DLC registration. Log into The Campaign Registry (thecampaignregistry.com) or your platform's registration dashboard and confirm your brand and at least one active campaign show "VERIFIED" status, not "PENDING" or "REJECTED."

Check your DNC suppression. If you do any outbound SMS prospecting (more than inbound opt-ins), you need a process to scrub numbers against the National DNC Registry, accessible through the Do Not Call Registry at donotcall.gov. [11] If your platform does not do this automatically for your use case, you need a manual process or a third-party scrubbing tool.

Last, look at your campaign-level opt-out rates in the dashboard. Anything above 2 percent on a given campaign is a signal worth chasing down before the next send.

For teams running SMS alongside other outbound channels, the opt-in SMS marketing: the complete compliance guide covers how to keep consent documentation consistent across channels.

What questions should you ask an SMS vendor before signing a contract?

Ask the SMS vendor how consent data is stored and for how long, what happens to your records if you cancel, who owns your 10DLC brand registration, how quiet hours are determined, and which opt-out keywords they honor. Sales demos almost never lead with compliance. You have to push.

How is consent data stored, and for how long? You want "indefinitely," or at least "for the life of the account plus X years," with a clear export process.

What happens to my data if I cancel? Some platforms delete consent records within 30 to 90 days of account closure. Face litigation after switching platforms, and those records are gone.

Do you handle 10DLC registration for me? If yes, is the brand registered in my company's name? If they register it under their own name, your campaign may not be portable.

How do you determine quiet hours, sender time zone or recipient area code? If the answer is sender time zone, that is a real gap.

Do you honor all CTIA opt-out keywords (STOP, QUIT, CANCEL, UNSUBSCRIBE, END) in any capitalization? Get this confirmed in writing.

Do you integrate with the FCC Reassigned Numbers Database? If not, do you have a partner integration? Number recycling is an underappreciated liability.

What is your process when a carrier suspends a campaign? Who owns the appeal, and what is the typical resolution time?

Ask for a sample audit log export before you sign. A vendor that cannot show you what a consent record looks like in their export format has not thought through litigation readiness.

For teams using SMS in lead generation, including how consent flows from a third-party lead form into your platform, lead generation compliance news covers the shifting standards there.

Frequently asked questions

Does using a compliant SMS platform protect me from TCPA lawsuits?

No. The platform cuts operational errors, but TCPA liability rests with the entity that sends the message. Send to numbers without valid prior express written consent and you are liable, no matter which platform you used. The platform is a tool; consent management is your responsibility. A good platform makes your compliance defensible. It does not make it automatic.

What is the difference between TCPA compliance and CTIA compliance for SMS?

TCPA is a federal law enforced through the FCC and private lawsuits, with damages of $500 to $1,500 per message. CTIA is the wireless trade group whose guidelines carriers enforce by contract. CTIA violations lead to message filtering or campaign suspension, not lawsuits. You need both: TCPA to stay out of court, CTIA to keep your messages reaching subscribers.

What opt-out keywords must an SMS platform recognize under CTIA guidelines?

CTIA requires platforms to honor STOP, QUIT, CANCEL, UNSUBSCRIBE, and END as opt-out commands, plus HELP as a command that returns support information. These must work regardless of capitalization. A platform that only matches exact uppercase 'STOP' is non-compliant with CTIA best practices and creates real liability if subscribers who sent variations get messaged again.

Is double opt-in required for TCPA compliance?

No, TCPA does not require double opt-in. Single opt-in with a proper disclosure at the point of consent satisfies the statute. CTIA strongly recommends double opt-in, though, and many carriers favor campaigns that use it. The practical reason to use it is a second timestamped consent record, which is useful evidence if your consent practices ever get challenged in court.

What is 10DLC and do I have to register my SMS campaign?

10DLC (10-digit long code) is the standard local number format for commercial A2P SMS. Since 2021, major U.S. carriers require businesses to register their brand and campaign through The Campaign Registry before sending at scale. Unregistered traffic gets filtered or blocked. This is a carrier requirement, not a TCPA one, but undelivered messages and inconsistent opt-out delivery create secondary compliance problems.

How do TCPA quiet hours work for SMS campaigns sent across multiple time zones?

TCPA quiet hours for SMS are 8 a.m. to 9 p.m. in the recipient's local time zone, not the sender's. A platform that enforces them by your account's time zone leaves you exposed for subscribers in earlier zones. The safe move is to schedule campaigns for 9 a.m. to 8 p.m. Eastern for a national audience, which keeps you inside the legal window for the whole continental U.S.

Can I text numbers from a purchased list if the list vendor says they are opted in?

Not safely. TCPA requires prior express written consent that names your company specifically, or a clearly identified category of sellers including you. Generic consent to 'marketing partners' captured by a third party does not reliably satisfy the standard. Courts have rejected such consent chains repeatedly. Use purchased or co-registered lists and you carry the litigation risk if those numbers later claim they never consented to hear from you.

A defensible record has the opt-in timestamp, subscriber phone number, IP address, the URL or keyword used, and the exact disclosure text shown at opt-in. For double opt-in campaigns, add the confirmation reply timestamp. For opt-outs, log the STOP keyword received and the suppression timestamp. Many platforms store some of this; few store all of it in an exportable format litigation attorneys can actually use.

What happens if a carrier suspends my SMS campaign for CTIA violations?

Your messages stop being delivered, which takes your SMS channel offline. Reinstatement requires a written appeal to the carrier or through your platform, explaining the violation and the fix. Resolution usually takes days to weeks, and you cannot reliably send even compliant messages during that time. Prevention through proper 10DLC registration, low opt-out rates, and content policy compliance hurts far less than the appeal process.

How does the FCC Reassigned Numbers Database help with TCPA compliance?

The FCC's Reassigned Numbers Database, launched in 2021, lets callers and texters check whether a number has been reassigned to a new subscriber after the previous one disconnected it. If you have consent from the old subscriber but the number now belongs to someone else, texting it is a potential TCPA violation. Checking before you send cuts exposure from number recycling, an underappreciated risk on long-tenured lists.

Do state laws add additional SMS compliance requirements beyond TCPA?

Yes. Florida's Mini-TCPA (Fla. Stat. § 501.059) restricts calls and texts to 8 a.m. to 8 p.m. local time, an hour tighter than federal law. California's CCPA and the Washington My Health My Data Act add consent and data-handling requirements. Several states also run their own do-not-call registries. A national SMS campaign means checking state rules for your largest subscriber populations, more than federal standards.

What are the actual dollar costs of a TCPA SMS violation?

Statutory damages are $500 per message for negligent violations and $1,500 per message for willful ones. Each text to each number is a separate violation. A single campaign sending to 10,000 unconsented numbers could carry $5 million in theoretical exposure. Real settlements have ranged from six figures for small campaigns to tens of millions for large class actions, with Papa John's paying $16.5 million in 2013 and Sallie Mae paying about $24 million.

Is SMS marketing to existing customers safer under TCPA than cold outreach?

Somewhat, but not automatically. An established business relationship (EBR) is a defense against some DNC violations, but it does not replace prior express written consent for autodialed or prerecorded marketing texts. Use an ATDS to send promotional texts and you need written consent even from existing customers. Transactional messages (order confirmations, appointment reminders) carry lower risk, but the line between transactional and promotional gets litigated constantly.

What is the difference between a short code, a 10DLC number, and a toll-free number for SMS compliance?

Short codes (5-6 digits) go through carrier vetting directly and suit high-volume campaigns; they carry the highest carrier trust but cost $500 to $1,000 per month. 10DLC numbers are standard 10-digit numbers registered through The Campaign Registry, cheaper but subject to per-message fees. Toll-free numbers require toll-free verification with carriers. All three require TCPA consent from subscribers. The differences are in carrier approval and throughput limits, not in the consent you need.

Sources

  1. Cornell Legal Information Institute, Telephone Consumer Protection Act (47 U.S.C. § 227): TCPA requires prior express written consent for autodialed marketing texts; the FCC's 2012 order eliminated oral consent for this category
  2. Electronic Code of Federal Regulations, 47 C.F.R. § 64.1200 (TCPA implementing rules): TCPA quiet hours are 8 a.m. to 9 p.m. recipient local time; no marketing texts to numbers on the National DNC Registry without written consent or EBR
  3. FTC, Business Guidance on CAN-SPAM and electronic consent: Electronic signatures satisfy written consent requirements under the E-SIGN Act, making web form and keyword opt-ins legally valid
  4. The Campaign Registry, 10DLC brand and campaign registration: Carriers required 10DLC registration for A2P commercial SMS starting in 2021; unregistered traffic is filtered or blocked
  5. Florida Legislature, Florida Statutes § 501.059 (Florida Telemarketing Act / Mini-TCPA): Florida restricts calls and texts to 8 a.m. to 8 p.m. local time, one hour tighter than federal TCPA quiet hours
  6. Federal Register, FCC Report and Order on one-to-one consent (FCC 24-14, January 2024): FCC's January 2024 one-to-one consent ruling targeted generic consent-list practices in lead generation; the rule was stayed pending further review
  7. Reassigned Numbers Database (FCC-administered): The FCC launched the Reassigned Numbers Database in 2021 to help senders avoid texting numbers reassigned to new subscribers
  8. U.S. Courts, federal court records for Agne v. Papa John's TCPA class action settlement (2013, $16.5M): Papa John's settled a TCPA class action for $16.5 million in 2013, illustrating class-action exposure for bulk SMS campaigns
  9. Consumer Financial Protection Bureau newsroom, Sallie Mae / Navient TCPA settlement records (approx. $24M): Sallie Mae settled a TCPA class action for approximately $24 million, one of the larger early settlements under the statute
  10. FTC, National Do Not Call Registry: Telemarketers and SMS senders conducting outbound prospecting must scrub numbers against the FTC's National DNC Registry
  11. Cornell Legal Information Institute, 47 U.S.C. § 227(b)(3) statutory damages provision: TCPA statutory damages are $500 per violation for negligent violations and $1,500 per violation for willful or knowing violations, per message per number

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit