Identify Message Senders.  Don't be mysterious. Clearly state who you are in message introductions to avoid confusion.  This needs to be done on the first message interaction. Example: “Hi [Recipient], we are from [Sender] reaching out to remind everyone to go vote on [Date].”

Call-to-Action (CTA) Encouraging Opt-ins.  A CTA is a prompt that asks users to opt into the messaging program by taking some specified action and can include phrases such as Sign Up, Click Here, Donate, Support, Subscribe, Learn More, or Buy Now, to name a few.  Example:  “Click here to learn more about this awesome deal!”.

Opt-in/Consent Disclaimer.  The message must include language advising the user how to give their consent, aka how to opt-in, to the program.  Gaining explicit one-on-one consent is crucial for compliance, and you want to make sure people willingly agree to receive your messages. It is illegal to share or sell this permission. Carriers expect a one-to-one consent record for all message types, and indirect consent lists may trigger audits and scrutiny. It is not permitted to enroll a user in multiple programs with a single opt-in. Provide full transparency so that users are aware of, and only receive, messages from programs they have opted into.

Examples of Consent: the user enters their phone number through a website, clicks a button on a mobile webpage, or initiates a text message exchange with responsive information.

Evidence of Consent: The sender provides a timestamp of the consent acquisition, the IP address used to grant consent, the user’s phone number for which consent was granted, or the identity of the individual who consented.

Confirmation. Upon consent for recurring messages, send a confirmation message telling the user how often they can expect to hear from you, as well as the other details of the program. An example of the wording regarding frequency: “By selecting this checkbox, you agree to receive updates a maximum of 5 times a month from [Brand].” 

Terms and Conditions.  Detailed terms and conditions can be provided in full below the CTA or accessible via an included link. They must include disclosure of the program (brand) name, product description, message frequency, message, and data rates (if non-FTEU), customer care contact information, and opt-out information.  

Age Verification.  Messages related to controlled substances or adult content may undergo additional scrutiny by carriers. To ensure compliance, such messages must implement strong age verification methods, such as electronic confirmation of age and identity. Examples of effective age gates include asking users to reply with their birthdate or using a web opt-in form that includes a birthday field. However, simply asking users to confirm their age by replying "YES/AGREE" is not considered a robust age verification method.

Privacy Policy. Senders must safeguard user data and adhere to privacy laws. They must have a clear privacy policy for all programs, easily accessible from the initial CTA. The privacy policy link should be clearly labeled. Terms, conditions, and privacy policy disclosures must always offer current and accurate information about program details and functionality.

Opt-Out Process. Make it simple for people to say no and opt-out out at any time.  To prevent complaints and SPAM reports, offer conspicuous and frequent opt-out instructions. Users should have the ability to opt-out at any time and senders must acknowledge and honor opt-out requests.   Disclose to the user all of the ways that they can opt-out.  Senders should support multiple mechanisms to opt-out, including phone call, email, or text.    One of the most common opt-out mechanisms is the utilization of a specific keyword noted at the end of the message, such as STOP, END, CANCEL, QUIT,  or UNSUBSCRIBE, that the user can text to opt-out.  Senders must acknowledge the user’s decision and send a confirmation of the user's opt-out request to the user. 

Register Your Messages. Keep your messages from getting lost. All messaging traffic must be registered to ensure smooth delivery. Unregistered traffic risks being blocked, leading to potential carrier fees or fines. Specific verifications and registrations are necessary if using toll-free or 10-Digit Long Code (10DLC), although some providers may not permit them at all, so ask your provider ahead of time what their policy is in this regard. 

Fraud.  Fraud is the illicit acquisition of money, personal information, financial data, or security credentials from another. Invalid traffic per FCC rules and traffic with the intent to steal, harm, or impersonate, are deemed fraudulent types of voice calling and text messaging. Customers who transmit fraudulent traffic may face the risk of having their traffic blocked, and other enforcement actions might be taken as well.

There is a difference between Person-to-Person (P2P) and Application-to-Person (A2P) messaging that necessitates vigilance in fraud prevention and mitigation practices, especially in the relatively less regulated environment of text messaging.

Consumer (P2P) messaging, detailing throughput, volume, unique sender and recipient criteria, balance, repetition, and the role of automation stands in contrast to Non-Consumer (A2P) messaging, which encompasses automated messaging to and from businesses, organizations, and entities.

Customers should safeguard against unwanted messages, unsolicited bulk commercial messages, phishing attempts, unauthorized content, and messages lacking proper opt-ins. Customers should also prevent text messaging SPAM, avoid content related to S.H.A.F.T. categories, ensure explicit user consent, refrain from using publicly available URL shorteners, incorporate opt-out functionality within messages, facilitate user opt-out, and use a single domain for URLs in messages. 

Customers are advised to adhere to best practices for Toll-Free (A2P) messaging, CTIA messaging principles, and the CTIA Short Code Monitoring Handbook, which can be found here.