Last updated 2026-07-10

TL;DR
10DLC (10-digit long code) is the carrier-approved standard for business SMS sent from regular 10-digit phone numbers. Since 2023, the major US carriers require every business using these numbers for application-to-person messaging to register their brand and campaigns. Unregistered traffic gets filtered or blocked outright, and the FCC's 2023 rules add legal exposure on top of carrier penalties.
What does 10DLC actually mean?
10DLC stands for 10-digit long code. A long code is a standard 10-digit phone number, the kind that looks like any cell or landline number. Businesses have texted from them for years, mostly because they're cheap and easy to get.
The old system had no verification layer. Anyone could buy a number and blast texts. Carriers got flooded with spam, consumers complained, and filtering algorithms turned so aggressive that legitimate business messages started getting blocked too. The whole channel was degrading.
So the mobile industry, through CTIA (the wireless trade group) and the major carriers, built a registration framework for business-to-consumer SMS on these 10-digit numbers. That framework is 10DLC. It creates a chain of accountability. A business registers who they are (brand registration) and what they're sending (campaign registration), a third-party registry called The Campaign Registry (TCR) vets that information, and carriers use it to decide whether to deliver your messages [1].
The result is a two-layer system. First, brand registration, where you confirm your business identity. Second, campaign registration, where you describe the type of messages you'll send, such as marketing, appointment reminders, or two-factor authentication. Each campaign type carries its own throughput limits and vetting requirements.
How is 10DLC different from short codes and toll-free numbers?
Three number types dominate business SMS in the US, and they work quite differently.
| Number Type | Format | Monthly Cost (approx.) | Throughput | Registration Required |
|---|---|---|---|---|
| Short code | 5-6 digits | $500-$1,000+ | Very high (up to 500 msg/sec) | Yes, through CTIA [2] |
| Toll-free | 8XX-XXX-XXXX | $10-$15/number | Medium | Yes, toll-free verification [3] |
| 10DLC | 10-digit local | $1-$3/number | Low-medium (varies by campaign score) | Yes, TCR brand + campaign [1] |
Short codes are the fastest and most trusted channel, but the cost and setup time (8 to 12 weeks for provisioning) put them out of reach for most small outbound teams. Toll-free numbers have their own verification process and get used a lot for customer service lines. 10DLC sits in the middle. It's cheap, it looks like a local number, and it now requires registration just like the others.
One thing to know. If you're doing conversational one-to-one texting from a sales rep's actual phone, some carriers treat that differently from application-to-person (A2P) messaging. But if your texts originate from a software platform, a CRM, or any automated system, carriers treat it as A2P and 10DLC registration applies [1].
For how SMS rules connect to broader federal law, see our overview of tcpa requirements, since TCPA consent rules apply on top of, and independently from, 10DLC registration.
Why did carriers make 10DLC registration mandatory?
Spam got so bad that carriers had to act or risk losing consumer trust in SMS entirely. That's the whole story in one sentence.
Before 10DLC, the long code channel was anonymous. Bad actors could buy hundreds of numbers, send millions of spam texts, get those numbers blocked, and rotate to fresh ones the same day. Filtering was reactive and blunt. Legitimate businesses running text message marketing campaigns watched their delivery rates tank because their messages looked identical to spam at the network level.
CTIA published its Messaging Principles and Best Practices, which carriers adopted as the foundation for 10DLC [2]. The FCC reinforced this in its July 2023 order on robocall and robotext rules, requiring providers to block texts that appear to violate caller ID rules and directing carriers to maintain do-not-originate lists for text messaging [4]. The FCC also made clear that blocking illegal texts is not only permitted but expected.
The regulatory pressure came from two directions at once. The carriers built their own registration system. The FCC pushed providers to filter hard. Send without registration and you're in the crossfire of both.
What happens if you send SMS without 10DLC registration?
Your messages get filtered or blocked. That's the immediate consequence. T-Mobile was the first carrier to enforce hard blocking of unregistered 10-digit long code traffic, in early 2022. AT&T and Verizon followed with similar policies [1].
Filtering isn't always binary. Sometimes messages get through at reduced rates. Sometimes they're silently dropped with no error returned to your sending platform, so you think you're delivering when you're not. That's worse than a clean block because you don't know the problem exists.
Beyond delivery failure, there's legal exposure. The FCC's 2023 rules require gateway providers to block texts from numbers identified as sending illegal messages [4]. Carriers can report unregistered high-volume senders. Under 47 USC 227, each unsolicited text to a cell number can carry $500 in statutory damages per message, or $1,500 if the violation is willful [5]. TCPA class actions have produced nine-figure settlements. The cash app tcpa class action settlement and the credit one tcpa settlement show how expensive these cases get.
Registration won't protect you from TCPA liability if you're sending without consent. But being unregistered adds a separate layer of risk, and it signals to plaintiff attorneys that you skipped basic industry standards.
How does the 10DLC registration process actually work?
Registration happens in two steps through The Campaign Registry (TCR), the industry-designated hub. Your messaging provider (Twilio, Bandwidth, Sinch, Vonage, and others) connects to TCR and usually handles the submission through their portal, so you won't touch TCR directly.
Step 1 is brand registration. You submit your legal business name, EIN (Employer Identification Number), address, website, and a few other identity fields. TCR verifies this against commercial databases. Most legitimate businesses pass fast, usually within minutes to a few days. The one-time brand registration fee is currently $4 through most providers [1].
Step 2 is campaign registration. A campaign in 10DLC terms is a use case, not a marketing promotion. You're describing the category of messages: marketing and promotions, customer care, two-factor authentication, political messaging, and so on. Each use case has different carrier requirements for consent language and opt-out handling. You'll write sample messages and confirm how you collect consent.
After TCR approves the campaign, carriers vet it independently. T-Mobile charges a one-time campaign vetting fee of $10 for most use cases. Recurring monthly fees apply per campaign, usually $10 to $15 across the major carriers [1]. Your messaging provider passes these through.
The whole process, assuming clean information and a straightforward use case, takes anywhere from a few days to a few weeks. Special use cases like political messaging or sweepstakes need extra vetting and take longer.
What information do you need to complete brand and campaign registration?
For brand registration you'll need:
- Legal business name exactly as it appears on your EIN filing
- EIN (sole proprietors sometimes use SSN, but EIN is strongly preferred)
- Physical business address
- Business website URL
- Vertical (industry category)
- Contact email and phone
For campaign registration you'll need:
- Use case type (marketing, mixed, customer care, etc.)
- Description of your messaging program
- Opt-in workflow description (how subscribers consent)
- Two or three sample message templates
- Confirmation that you support STOP/HELP/UNSUBSCRIBE commands
- Links to your privacy policy and terms of service if you collect opt-ins via a web form
Consent documentation is where teams most often stumble. Carriers want proof of a real, documented opt-in process. If you're texting cold leads without prior consent, no amount of 10DLC registration fixes that, and TCPA exposure stays regardless of registration status [5].
For teams running outbound calls alongside SMS, keeping do not call list compliance and 10DLC consent documentation in the same workflow saves a lot of headache.
What does 10DLC registration cost in total?
A single-campaign setup costs roughly $14 up front and $15 to $25 a month ongoing. That's the whole bill for most small teams. Here's the breakdown for one or two SMS campaigns.
One-time fees:
- Brand registration: $4 (TCR fee, passed through by provider) [1]
- Campaign vetting (T-Mobile): $10 per campaign [1]
Monthly recurring fees (per campaign):
- T-Mobile campaign fee: $10/month
- AT&T campaign fee: roughly $10/month
- Other carriers: variable, often $2 to $5/month combined
- Total carrier monthly fees per campaign: approximately $15 to $25/month depending on your provider's pass-through pricing [1]
That's not a material cost for most teams. The real cost of skipping registration is delivery failure and legal exposure, both of which dwarf these fees by orders of magnitude.
Some providers bundle 10DLC fees into their messaging plan. Others itemize them. Read your provider's pricing page carefully so you're not surprised.
How does 10DLC relate to TCPA compliance?
They're related but separate. TCPA (the Telephone Consumer Protection Act, 47 USC 227) sets the federal consent rules for text message marketing. You need prior express written consent before sending marketing texts to a cell number [5]. The FCC implements TCPA through its rules, most recently tightened in a December 2023 order that closed the "lead generator loophole" by requiring one-to-one consent tied to a specific sender [6].
The statute itself says it's unlawful "to make any call (other than a call made for emergency purposes or made with the prior express consent of the called party) using any automatic telephone dialing system or an artificial or prerecorded voice ... to any telephone number assigned to a paging service, cellular telephone service" [5]. Courts and the FCC have consistently read this to cover text messages.
10DLC registration is a carrier-level requirement, not a statutory one. But the two link tightly in practice. Carriers use your campaign registration to judge whether your program has proper consent practices. A campaign flagged for consent issues can lose its registration. And if you're sending without TCPA-compliant consent, you face class action risk whether or not you've registered with TCR.
Think of it this way. 10DLC registration is your admission ticket to the carrier network. TCPA compliance is what keeps you out of federal court. You need both.
For a fuller picture of the legal side, our piece on tcpa walks through the consent standards in detail.
Can small businesses and solo operators register for 10DLC?
Yes, and you should. There's no minimum size requirement. A one-person operation texting 200 leads a month still needs 10DLC registration if those texts go through any A2P messaging platform.
Sole proprietors without an EIN can register, but TCR treats them as a lower-trust brand tier, which cuts your throughput limits. Get an EIN first (free from the IRS, takes minutes online) and you register from a stronger position [7].
Some small teams try to fly under the radar by keeping send volumes low. That's risky for two reasons. Carriers filter based on registration status, not volume thresholds, so a small unregistered sender still gets blocked. And TCPA exposure is per-message, so a modest campaign to 500 people without proper consent creates $250,000 in potential statutory damages at $500 each.
LeadCompliant offers a free compliance kit covering 10DLC checklist items alongside consent documentation templates, useful if you're setting this up for the first time and want a structured process rather than piecing it together from provider docs.
For outbound teams also cold calling, the cold calling rules carry their own compliance layer worth reviewing in parallel.
What are the most common 10DLC registration mistakes?
The mistakes that cause delays or rejections fall into a few clear patterns.
Mismatched business information is the most common. If the name on your TCR registration doesn't match your EIN filing exactly, brand verification fails. Check your IRS documentation before you start the form.
Vague campaign descriptions get rejected. "We send messages to our customers" tells carriers nothing. Describe your opt-in mechanism, your message frequency, and your content type specifically.
Missing opt-out language in sample messages is a frequent rejection reason. Every sample message you submit should include a STOP opt-out reminder, or at minimum your campaign description should explain how opt-outs are handled in your flows.
Using a use case category that doesn't match your actual content creates problems down the line. Register as "customer care" and then send promotional content, and you've committed a policy violation that can get your campaign suspended.
Not having a privacy policy is a blocker for web-collected opt-ins. Carriers want proof you told subscribers what they're consenting to. A one-page privacy policy on your website is enough, but it needs to exist and be linked.
For teams managing scrub processes, cleaning your contact lists against the mobile phone do not call list before you text is a basic step that reduces downstream complaints and carrier flags.
How do carriers score and monitor registered 10DLC campaigns?
Registration isn't a one-time pass. Carriers, T-Mobile especially, run a reputation scoring system that factors in subscriber complaints, opt-out rates, message content patterns, and sending behavior over time [1].
T-Mobile's scoring system (the T-Mobile Brand Score) runs from 1 to 100. Higher scores get higher throughput limits, meaning more messages per second. Low scores cut throughput and can eventually lead to campaign suspension. Nobody outside T-Mobile publishes the exact formula, so treat it like a credit score. Pay attention to the factors you can control.
Those factors include:
- Keeping opt-out rates low (sending to consented, engaged audiences)
- Honoring STOP requests within the required timeframe
- Not sending outside the hours subscribers expect
- Keeping message content consistent with your registered use case
- Not rotating through large numbers of registered numbers to dodge throttling
Carriers share data. A campaign flagged on one carrier's network creates risk on the others. This is why the industry treats 10DLC as an ongoing compliance obligation, not a box you check once.
For scrubbing your list before sending and managing do not call telemarketer list requirements that apply to your contacts, run those processes alongside your 10DLC monitoring.
What changed with the FCC's 2023 and 2024 SMS rules?
The FCC has been tightening SMS rules steadily. Three developments matter most for outbound teams.
First, the July 2023 order on robocalls and robotexts required gateway providers to block texts that appear to originate from numbers on the FCC's do-not-originate list, and to maintain their own blocking lists [4]. That gave carriers formal regulatory backing to block unregistered or suspicious traffic hard.
Second, the December 2023 TCPA one-to-one consent order closed the lead generator loophole. Previously a consumer could give consent to a lead gen website and that consent could be shared with dozens of sellers. The new rule requires consent be given specifically to each seller who will contact the consumer [6]. Note the litigation history here. In 2021 the Supreme Court decided Facebook v. Duguid, which narrowed the definition of an autodialer but did not address one-to-one consent. The FCC's 2023 consent rule rests on its own authority instead. Implementation of the one-to-one consent requirement was stayed in early 2025 pending further judicial review, so check current status before you build your consent architecture around it.
Third, the FCC has been pushing carriers to extend STIR/SHAKEN-style authentication to text messaging, which would create a digital signature chain for A2P SMS similar to what exists for voice calls [4]. This is still developing, but it signals that the authentication layer for business texting will only get stricter.
The practical takeaway: the rules around outbound SMS are tightening, not loosening. Getting 10DLC registered now is the minimum. Building genuinely documented consent processes is the real protection.
Frequently asked questions
Is 10DLC registration legally required by the FCC?
10DLC registration is a carrier requirement enforced by the mobile industry, not a direct FCC mandate. But FCC rules from 2023 require gateway providers to block illegal text traffic and maintain blocking lists, which gives carriers regulatory backing to filter unregistered senders. The FCC's TCPA rules (47 USC 227) apply independently and require consent regardless of registration status. In practice, unregistered senders face both carrier blocking and potential FCC enforcement exposure.
What is The Campaign Registry (TCR) and do I work with them directly?
The Campaign Registry is the industry-designated vetting hub for 10DLC brand and campaign registrations, created by CTIA and the major carriers. Most businesses register through their messaging service provider (Twilio, Bandwidth, Sinch, etc.) rather than directly with TCR. The provider submits your registration to TCR through an API. You pay TCR fees (typically $4 for brand registration) through your provider, who passes them through.
How long does 10DLC registration take?
Brand registration usually completes in minutes to a few days if your business information matches commercial database records. Campaign registration at the TCR level typically takes one to three business days. After that, each carrier does its own vetting, which can add a few days to a couple of weeks depending on the use case. Standard marketing campaigns move faster than special use cases like political messaging or sweepstakes, which can take four to six weeks.
Do I need a separate campaign registration for each type of message I send?
Yes. Each distinct use case needs its own campaign registration. Sending appointment reminders and promotional offers requires two separate campaign registrations, not one. Mixing content types under a single campaign registered for one purpose violates carrier policies and can get your campaign suspended. The additional cost per campaign is modest, roughly $10 to $25 per month, so register accurately rather than lumping everything together.
What happens to my messages if my 10DLC campaign gets suspended?
Suspension typically means immediate filtering or blocking of your outbound messages by one or more carriers, sometimes with no error returned to your sending platform. You won't necessarily know it's happening from your dashboard. Reinstatement requires fixing the issue that caused suspension and re-submitting for carrier review, which can take days or weeks. High suspension rates can also lower your brand score permanently, reducing throughput even after reinstatement.
Can I use the same 10DLC campaign registration across multiple phone numbers?
Yes. One registered campaign can be associated with multiple 10-digit numbers from the same brand. This is common for teams that want to send at higher aggregate volume or assign individual numbers to sales reps. There are limits on how many numbers you can associate per campaign, and some carriers cap throughput per number regardless of how many numbers are in the campaign. Check your provider's documentation for current number limits per campaign.
What is a 10DLC campaign use case and which one should I pick?
A use case is a category that describes the type of messages you'll send. Common options include marketing and promotions, customer care, two-factor authentication, account notifications, and mixed use. Pick the category that best matches your primary message content. Mixed use is tempting because it sounds flexible, but it has stricter vetting and lower throughput limits than dedicated single-use campaigns. If your messages are primarily promotional, register under marketing and promotions.
Does 10DLC registration mean my messages won't be filtered anymore?
Registration reduces filtering risk significantly but doesn't eliminate it. Carriers still filter based on message content, sending patterns, and complaint rates even for registered campaigns. Sending spam-like content, ignoring opt-outs, or rapidly escalating send volume can trigger filtering despite registration. Think of registration as a baseline trust signal, not a spam immunity card. Good sending hygiene matters as much after registration as it did before.
If I'm only texting people who opted in, do I still need to register?
Yes. 10DLC registration is required for all A2P messaging on 10-digit long codes, regardless of consent status. Consent is a TCPA requirement. Registration is a carrier network requirement. They're separate obligations. A fully consented list sent through an unregistered number still faces carrier filtering. A registered campaign with no real consent still faces TCPA liability. Both boxes need to be checked.
What is a 10DLC brand score and does it affect my delivery rates?
T-Mobile assigns each registered brand a score from 1 to 100 based on factors including business identity verification and sending behavior. The score directly controls throughput limits: higher scores allow more messages per second per number. A brand score of 1 to 49 is considered low trust and gets minimal throughput. Scores of 75 or above get standard or enhanced throughput. AT&T and Verizon use their own internal scoring; only T-Mobile's is publicly documented.
Can my messaging provider register on my behalf, or do I have to do it myself?
Your provider can handle the technical submission, but the brand and campaign information must accurately represent your business. You supply your EIN, legal name, campaign description, sample messages, and consent documentation. The provider submits it. If you let a provider register vague or inaccurate information on your behalf, you bear the risk when carriers audit or when complaints arise. Review every field before your provider submits.
Are there any exemptions to 10DLC registration for small send volumes?
No. There's no official volume threshold below which registration is waived. T-Mobile and AT&T both enforce registration requirements regardless of message volume. Some very low-volume personal messaging may be treated differently, but any systematic business messaging through a platform is A2P traffic and subject to registration. The fees are low enough that there's no practical argument for skipping registration to save money.
How does 10DLC registration interact with DNC list compliance?
They operate in parallel. The National Do Not Call Registry and wireless number rules under the FCC and FTC govern which numbers you may contact. 10DLC registration governs whether carriers will deliver your messages. Scrubbing your list against DNC registries before sending reduces complaints, which protects your carrier reputation score. But DNC scrubbing doesn't substitute for TCPA consent, and neither DNC compliance nor 10DLC registration protects you if you're violating the other set of rules.
What sample messages should I submit during campaign registration?
Submit two to three messages that accurately represent what you'll actually send. Include your business name, a clear description of the offer or message purpose, and an opt-out instruction such as 'Reply STOP to unsubscribe.' Don't submit idealized marketing copy if your real messages will be more conversational. Carriers compare registered sample messages against actual traffic, so submitting accurate samples reduces the risk of future campaign flags.
Sources
- The Campaign Registry, 10DLC Overview and Pricing: 10DLC brand registration fee is $4, T-Mobile campaign vetting fee is $10, and monthly carrier fees apply per campaign
- CTIA, Messaging Principles and Best Practices: CTIA published messaging principles that carriers adopted as the foundation for 10DLC; short code provisioning takes 8-12 weeks
- Somos, Toll-Free Number Registry and Verification: Toll-free numbers have a separate verification process from 10DLC and cost approximately $10-$15 per number per month
- 47 USC 227, Telephone Consumer Protection Act, Cornell Legal Information Institute: TCPA prohibits using an ATDS to text cell numbers without prior express consent; statutory damages are $500 per violation, $1,500 for willful violations
- IRS, Employer Identification Number (EIN) Application: EIN applications are free and can be completed online in minutes through the IRS website
- FCC, Consumer Guides on Unwanted Calls and Texts: FCC guidance on consumer rights against unwanted texts and the legal framework carriers operate under
- FTC, National Do Not Call Registry: The National Do Not Call Registry is a separate compliance requirement from 10DLC registration and applies to telemarketing contacts
- Somos, Short Code Registry and Provisioning: Short codes for business SMS cost $500-$1,000+ per month and require carrier approval before provisioning