10DLC Compliance: What Every Business Needs to Know Before Sending SMS

If your business sends text messages to customers in the United States, 10DLC compliance is no longer optional. As of February 2025, every major U.S. carrier blocks unregistered business texting traffic entirely. No throttling, no warnings. Just blocked messages that never reach your customers.

Whether you send appointment reminders, order confirmations, or two-way customer conversations, understanding 10DLC registration and compliance requirements is essential to keeping your business texting operational.

This guide covers everything you need to know: what 10DLC is, how to register, what it costs, the 2026 regulatory changes you need to watch, and how to stay compliant after registration.

What Is 10DLC?

10DLC stands for 10-Digit Long Code. It refers to standard 10-digit phone numbers (like 555-867-5309) that businesses use to send text messages.

In 2020, U.S. carriers including AT&T, T-Mobile, and Verizon introduced the 10DLC registration system through The Campaign Registry (TCR). The goal was simple: verify that businesses sending automated or bulk text messages are legitimate and that recipients have consented to receive those messages.

Before 10DLC, anyone could send business texts from a regular phone number without verification. This led to a flood of spam, scams, and unwanted messages. The 10DLC framework puts an end to that by requiring every business to register its identity and describe how it plans to use texting.

How 10DLC Differs From Short Codes and Toll-Free Numbers

There are three main ways businesses send text messages in the U.S., and each has different registration requirements:

For most small and mid-sized businesses, 10DLC is the right choice. It is significantly cheaper than short codes, uses a familiar local number format, and supports the types of messaging most businesses need, including reminders, notifications, and customer replies.

Why 10DLC Compliance Matters in 2026

If you registered in 2024 or early 2025 and think you are all set, think again. The regulatory landscape has shifted significantly heading into 2026.

1. Carrier Enforcement Is Absolute

Since February 1, 2025, carriers block 100% of unregistered A2P (Application-to-Person) 10DLC traffic. This is not partial filtering. If your business is not registered, your messages simply do not get delivered.

2. Fines Are Severe

According to published 10DLC non-compliance fine schedules, T-Mobile charges up to $10,000 per content violation and $1,000 per incident for 10DLC evasion.

3. TCPA Litigation Is Surging

According to the National Law Review, TCPA class action filings spiked 283% in September 2025 alone, with 224 class actions filed in a single month. Q1 2025 saw a 112% increase over Q1 2024. Non-compliant businesses are not just risking carrier fines. They are risking lawsuits. Understanding your obligations under SMS compliance laws is critical.

4. The FCC One-to-One Consent Rule (Vacated)

The FCC originally adopted a one-to-one consent rule in 2023 that would have required each business to obtain its own individual consent from recipients, eliminating shared lead-generation consent forms. However, the 11th Circuit Court vacated the rule, and in September 2025 the FCC formally eliminated the requirement. While this rule is no longer in effect, businesses should still obtain clear, direct consent from recipients as a best practice, since carriers and state laws continue to tighten consent standards independently.

5. New State-Level Laws

States are adding their own layers of regulation on top of federal rules:

• Virginia SB 1339: If a recipient replies STOP or UNSUBSCRIBE to a marketing text, the business must honor that opt-out request for at least 10 years. Violators face fines of $500 to $5,000 per violation
• Texas SB 140 (effective September 2025): Now classifies text messages as telephone solicitations. Consumers can sue directly, with statutory penalties up to $1,500 per violation and treble damages for willful violations

Staying compliant is no longer just about federal rules. You need to track state-specific requirements as well.

10DLC Registration Requirements

Registration happens in two phases: Brand Registration and Campaign Registration. Both go through The Campaign Registry (TCR), which acts as the intermediary between your business and the carriers.

What You Need Before You Start

Gather these documents and details before beginning the registration process:

• EIN (Employer Identification Number) or Tax ID
• Legal business name (must exactly match your website, email domain, and government filings)
• Business address and phone number
• Website URL with a live, accessible site
• Published Terms of Service that includes SMS-specific language covering message frequency, HELP/STOP instructions, and consent disclosures
• Privacy Policy accessible on your website

One of the most common reasons for rejection is a mismatch between your legal business name on TCR and the name on your website or email domain. Double-check these before submitting.

Brand Registration

Brand registration verifies your business identity with the carrier networks. You submit your company details and TCR assigns a Trust Score based on factors like your EIN validity, business age, and online presence.

Your Trust Score directly affects your messaging throughput:

Timeline: Brand registration typically takes 2 to 5 business days.

Campaign Registration

After your brand is approved, you register one or more campaigns. A campaign describes a specific type of messaging your business sends.

You will need to provide:

• Use case category (for example, marketing, appointment reminders, account notifications, two-factor authentication)
• 3 to 5 sample messages that are specific, include your brand name, and end with opt-out language like “Reply STOP to opt out”
• Opt-in proof showing how recipients consent to receive messages
• Privacy policy and terms of service URLs

Good campaign description example: “TextBolt sends appointment reminder text messages to customers who opt in through our website booking form. Messages include the appointment date, time, and location. Recipients can reply STOP at any time to opt out.”

Bad campaign description example: “Customer notifications and updates.”

Vague descriptions are one of the top reasons campaigns get rejected. Be specific about what you send, who receives it, and how they opted in.

Timeline: Campaign approval ranges from 1 to 4 weeks depending on the carrier and use case complexity.

How to Prove Opt-In Consent

Consent documentation is the single most important factor in 10DLC compliance. Missing or unclear consent details are the number one cause of registration rejections.

Here are the most effective ways to prove opt-in consent, ranked by reliability:

1. Website Forms

Contact forms, booking forms, or signup forms on your website are the strongest proof of consent. Include an unchecked checkbox with clear disclosure language:

“By submitting this form, you agree to receive text messages from [Business Name]. Message frequency varies. Message and data rates may apply. Reply STOP to opt out.”

2. Terms of Service Page

Your Terms of Service or Terms and Conditions page should include a dedicated texting section that covers consent, frequency, and opt-out instructions.

3. SMS Keyword Opt-In

Allow customers to text a keyword like “JOIN” or “SUBSCRIBE” to your business number to opt in. This creates a clear, timestamped record of consent.

4. Verbal Consent

For businesses that onboard customers over the phone or in person, verbal consent is acceptable. Use a consistent script:

“May I send you text message reminders about your appointments at [Business Name]? Standard message and data rates apply, and you can reply STOP at any time to opt out.”

5. Point-of-Sale or In-Person Signup

Physical signup forms at your business location work as well. Keep copies or digital records of signed consent forms.

Why Consent Logging Matters

Regardless of which method you use, keep a record of every opt-in with the following details:

• Timestamp of when consent was given
• Method of consent (web form, keyword, verbal, and so on)
• The specific language the customer agreed to

This creates an audit trail that protects your business if a carrier, the FCC, or a plaintiff’s attorney ever questions your compliance.

10DLC Compliance Rules You Must Follow

Registration is just the first step. Ongoing compliance requires following carrier content and behavior rules with every message you send.

Message Content Rules

• Always include your business name in messages so recipients know who is texting them
• Always include opt-out instructions like “Reply STOP to opt out”
• Avoid SHAFT content: Sex, Hate, Alcohol, Firearms, and Tobacco. Messages containing these topics face heavy restrictions or outright blocking
• Do not use URL shorteners (like bit.ly). Carriers flag these as potential phishing
• Avoid excessive capitalization, special characters, and symbols. Text like a normal person, not a spammer
• Match your actual messages to your registered samples. Carriers now use AI filtering to compare your live messages against what you submitted during registration. Significant drift can trigger flags

Opt-Out Handling

• Honor STOP requests immediately. There is no grace period
• Send a single confirmation message after opt-out (for example, “You have been unsubscribed. No further messages will be sent.”)
• Never message someone who has opted out, even if they are a current customer

Throughput Limits

Your messaging speed depends on the Trust Score assigned to your brand during 10DLC registration. A higher Trust Score means you can send more messages per day. Most registered businesses start at a default tier and can request a review through their messaging provider to increase their limits over time. Consistent compliance and a clean messaging history are the best ways to improve your throughput.

What Happens If You Don’t Register?

The consequences of skipping 10DLC registration are severe and immediate:

1. Messages blocked entirely. Since February 2025, unregistered 10DLC messages are not delivered. Your customers never see them.
2. Carrier fines. T-Mobile fines up to $10,000 per violation. AT&T and other carriers have their own penalty structures.
3. Per-message surcharges. Unregistered traffic incurs carrier surcharges of $0.006 to $0.017 per message segment, adding up quickly.
4. Campaign suspension. Carriers can suspend your messaging campaigns entirely.
5. Phone number blacklisting. Your business number can be permanently flagged, meaning even after registration, your delivery rate may suffer.
6. Legal exposure. With TCPA lawsuits up 95%, non-compliant businesses are prime targets for litigation.

The bottom line: the cost of non-compliance far exceeds the cost of registration.

How to Stay Compliant After Registration

Registration is not a one-time event. Ongoing compliance requires regular attention:

• Monitor your delivery rate regularly. A sudden drop may indicate carrier filtering or a compliance flag
• Update campaign details if your messaging changes. Adding a new use case (like promotional messages alongside appointment reminders) requires updating or creating a new campaign registration
• Re-verify consent records periodically, especially for contacts added through older methods
• Maintain opt-in and opt-out logs as an audit trail. Keep records with timestamps, consent method, and language
• Watch for state-level law changes. New states are introducing text-specific legislation regularly
• Review carrier policy updates at least quarterly. TCR and individual carriers update requirements, throughput limits, and fee structures throughout the year

If your business uses email-to-SMS for automated notifications or allows multiple staff members to text from one business number, make sure every team member understands basic compliance rules. A single non-compliant message from one employee can trigger penalties for your entire campaign.

How TextBolt Keeps Your Business Texting Compliant

TextBolt is built for businesses that need simple text messaging without dealing with complex API integrations or technical setups. With TextBolt’s email-to-text service, your team sends texts directly from Gmail or Outlook.

What TextBolt Provides

• 10DLC registration handled during onboarding. TextBolt processes your brand and campaign registration, typically within 48 hours
• Built-in STOP keyword support. The platform includes STOP keyword handling to help you manage opt-outs
• Full message audit trail. Every message is timestamped and logged, giving you records if a carrier or regulator ever asks
• HIPAA-safe messaging mode for healthcare businesses. However, TextBolt is not a HIPAA-covered entity and does not independently guarantee HIPAA compliance. Organizations subject to HIPAA should consult their compliance officers and contact legal@textbolt.com about a Business Associate Agreement (BAA) if required
• Up to 98% delivery rate* with 10DLC compliant carrier-approved routing
• 10 user accounts with no per-user fees, so your entire team can send texts from their own email
• Transparent credit-based pricing. Each outgoing text segment costs 1 credit. No hidden carrier surcharges

What You Are Responsible For

As outlined in TextBolt’s terms of service, the platform provides the infrastructure, but as a user you are responsible for:

• Obtaining proper consent from recipients before sending any messages
• Complying with TCPA, CAN-SPAM, and A2P 10DLC requirements for your specific use case
• Honoring opt-out requests promptly and keeping records of opt-outs
• Using the service for legitimate business purposes only
• Maintaining the security of your account and connected service credentials
• Complying with the terms of service of each connected third-party service (Google Calendar, Google Contacts, and others)

For full details, review TextBolt’s terms of service before getting started.

Start your free 7-day trial and send your first compliant text message in minutes.

*Delivery rates vary based on carrier policies, message content, and compliance factors.