10DLC Compliance: What Every Business Needs to Know Before Sending SMS

If your business sends text messages to customers in the United States, 10DLC compliance is no longer optional. As of February 2025, every major U.S. carrier blocks unregistered business texting traffic entirely. No throttling, no warnings. Just blocked messages that never reach your customers.

Whether you send appointment reminders, order confirmations, or two-way customer conversations, understanding 10DLC registration and compliance requirements is essential to keeping your business texting operational.

This guide covers everything you need to know: what 10DLC is, how to register, what it costs, the 2026 regulatory changes you need to watch, and how to stay compliant after registration.

What Is 10DLC?

10DLC stands for 10-Digit Long Code. It refers to standard 10-digit phone numbers (like 555-867-5309) that businesses use to send text messages.

In 2020, U.S. carriers including AT&T, T-Mobile, and Verizon introduced the 10DLC registration system through The Campaign Registry (TCR). The goal was simple: verify that businesses sending automated or bulk text messages are legitimate and that recipients have consented to receive those messages.

Before 10DLC, anyone could send business texts from a regular phone number without verification. This led to a flood of spam, scams, and unwanted messages. The 10DLC framework puts an end to that by requiring every business to register its identity and describe how it plans to use texting.

How A2P 10DLC Differs From P2P Texting

The “A2P” in A2P 10DLC stands for Application-to-Person, which means a software application or business system sends the message to a consumer’s phone. P2P (Person-to-Person) covers the texts a human composes one at a time, like the messages you send friends from your personal phone.

The number itself is identical. A 10-digit number used for A2P looks the same as one used for P2P. The difference is intent and pattern. A2P is automated, recurring, or sent at higher volume from a business identity. P2P is manual and conversational. Carriers separate the two because A2P traffic carries different deliverability, throughput, and abuse risks.

If your business uses a CRM, scheduling tool, alerting system, email-to-SMS gateway, or any software that triggers a text, that traffic is A2P and falls under 10DLC, even when the daily volume is small.

How 10DLC Differs From Short Codes and Toll-Free Numbers

There are three main ways businesses send text messages in the U.S., and each has different registration requirements:

For most small and mid-sized businesses, 10DLC is the right choice. It is significantly cheaper than short codes, uses a familiar local number format, and supports the types of messaging most businesses need, including reminders, notifications, and customer replies.

Who Sets and Enforces 10DLC Rules?

10DLC is an industry-driven standard, not a single government regulation. U.S. mobile carriers (AT&T, Verizon, T-Mobile, and others) define and enforce the rules. They coordinate through The Campaign Registry (TCR), the central database of registered brands and campaigns.

Most businesses never interact with TCR directly. Three layers handle registration on your behalf:

• Messaging providers and CPaaS platforms like Twilio, AWS End User Messaging, Azure Communication Services, Vonage, and Bandwidth submit brand and campaign data to TCR for their customers.
• Telecom aggregators route messages between carriers and senders, applying the registration metadata at delivery time.
• The Campaign Registry (TCR) stores the data, runs vetting checks, and feeds carriers the trust signals they use to assign throughput tiers and apply content filtering.

Carriers use the registry data for four purposes: verify sender identity, assign trust scores, set throughput limits, and apply content rules or penalties when traffic violates policy.

TextBolt operates inside this chain on your behalf. When you sign up, TextBolt submits your brand and campaign details so you do not have to manage TCR directly.

Where Does 10DLC Apply? Geography and Networks

10DLC is a U.S.-centric standard. It applies to A2P traffic sent to U.S. mobile networks using local 10-digit numbers with the +1 country code. The rules cover messages delivered to U.S. subscribers regardless of where the sender is physically located.

If You Are a Sender Outside the U.S.

A business based in Canada, the United Kingdom, India, Australia, or anywhere else that sends SMS to U.S. mobile numbers is subject to 10DLC registration. Carriers do not exempt foreign senders. The rule applies at the destination network, not the origin.

Canada and U.S. Territories

• Canada to Canada (domestic): Canadian mobile carriers have not fully adopted the same 10DLC framework for CA-to-CA messaging. Domestic Canadian A2P texting follows separate carrier guidelines and may evolve.
• Canada to U.S.: Canadian 10-digit numbers sending SMS to U.S. recipients are treated as A2P 10DLC traffic and must be registered.
• Puerto Rico and other U.S. territories: Messages delivered through U.S. carrier networks are subject to 10DLC requirements.

If your customer base includes any U.S. mobile numbers, plan for 10DLC registration regardless of where your business is incorporated.

Why 10DLC Exists: Consumer Protection and Business Benefits

10DLC was created to balance two goals: protect mobile subscribers from spam and fraud, and give legitimate businesses a sanctioned, high-throughput channel for SMS.

The Consumer Protection Side

Before 10DLC, carriers struggled to distinguish legitimate business messages from junk and fraud sent over unverified local numbers. The result was a flood of smishing (SMS phishing), spam, and scam campaigns that eroded consumer trust in text messaging. 10DLC adds identity verification and campaign vetting so carriers can see who is sending, what use cases they represent, and how recipients consented.

The Business Benefits Side

Compliance is not only about avoiding penalties. Registered 10DLC traffic gains:

• Higher throughput. Trust scores unlock messages-per-second and messages-per-day tiers far above unregistered traffic.
• Improved deliverability. Carriers prioritize registered traffic in routing and anti-spam systems.
• Predictable costs. Registered senders avoid the per-message surcharges of $0.006 to $0.017 per segment that carriers apply to unregistered traffic.
• Stable sender reputation. A clean compliance history compounds: better delivery rates, faster future approvals, fewer flagged campaigns.
• Reliable delivery for time-sensitive messages like 2FA codes, appointment reminders, and service alerts.

For most businesses, 10DLC is the only practical way to send recurring SMS to U.S. customers at scale without paying short-code fees of $500 to $1,000 per month.

Why 10DLC Compliance Matters in 2026

If you registered in 2024 or early 2025 and think you are all set, think again. The regulatory landscape has shifted significantly heading into 2026.

1. Carrier Enforcement Is Absolute

Since February 1, 2025, carriers block 100% of unregistered A2P (Application-to-Person) 10DLC traffic. This is not partial filtering. If your business is not registered, your messages simply do not get delivered.

2. Fines Are Severe

According to published 10DLC non-compliance fine schedules, T-Mobile charges up to $10,000 per content violation and $1,000 per incident for 10DLC evasion.

3. TCPA Litigation Is Surging

According to the National Law Review, TCPA class action filings spiked 283% in September 2025 alone, with 224 class actions filed in a single month. Q1 2025 saw a 112% increase over Q1 2024. Non-compliant businesses are not just risking carrier fines. They are risking lawsuits. Understanding your obligations under SMS compliance laws is critical.

4. The FCC One-to-One Consent Rule (Vacated)

The FCC originally adopted a one-to-one consent rule in 2023 that would have required each business to obtain its own individual consent from recipients, eliminating shared lead-generation consent forms. However, the 11th Circuit Court vacated the rule, and in September 2025 the FCC formally eliminated the requirement. While this rule is no longer in effect, businesses should still obtain clear, direct consent from recipients as a best practice, since carriers and state laws continue to tighten consent standards independently.

5. New State-Level Laws

States are adding their own layers of regulation on top of federal rules:

• Virginia SB 1339: If a recipient replies STOP or UNSUBSCRIBE to a marketing text, the business must honor that opt-out request for at least 10 years. Violators face fines of $500 to $5,000 per violation
• Texas SB 140 (effective September 2025): Now classifies text messages as telephone solicitations. Consumers can sue directly, with statutory penalties up to $1,500 per violation and treble damages for willful violations

Staying compliant is no longer just about federal rules. You need to track state-specific requirements as well.

Who Needs 10DLC? ICPs and Industries

Any organization that uses software to send recurring or automated SMS from local U.S. numbers needs 10DLC registration. Company size and message volume are not the deciding factors. The deciding factor is whether the texts are application-triggered (A2P) rather than person-to-person.

Common Sender Profiles

• SaaS and CPaaS platforms that enable SMS features for their customers, including marketing automation, support tools, and booking platforms.
• Local service businesses that text customers about appointments, confirmations, or visits, including clinics, salons, dental practices, law firms, and field service providers.
• E-commerce and direct-to-consumer brands that send order updates, shipping notifications, and promotional campaigns.
• Enterprise organizations that send 2FA codes, security alerts, fraud warnings, and transactional updates over SMS.

Industries Most Affected by 10DLC

10DLC is industry-agnostic, but it is operationally critical in verticals that depend on SMS as a core communication channel:

• Retail, e-commerce, and quick-service restaurants: marketing blasts, flash sales, loyalty updates, and order notifications.
• Healthcare and wellness: appointment reminders, telehealth links, and care-plan reminders. Healthcare senders also face additional content restrictions on protected health information that sit alongside (and separate from) 10DLC registration.
• Financial services and fintech: transactional alerts, fraud warnings, account updates, and authentication codes.
• Real estate, home services, and field service: lead follow-up, showing confirmations, technician dispatch, and job-status updates.
• Education and public sector: emergency notifications, schedule changes, and informational alerts to students, parents, residents, or staff.

These sectors share two traits: high SMS read rates make texting commercially valuable, and loss of deliverability has direct operational or revenue consequences.

10DLC Registration Requirements

Registration happens in two phases: Brand Registration and Campaign Registration. Both go through The Campaign Registry (TCR), which acts as the intermediary between your business and the carriers.

What You Need Before You Start

Gather these documents and details before beginning the registration process:

• EIN (Employer Identification Number) or Tax ID
• Legal business name (must exactly match your website, email domain, and government filings)
• Business address and phone number
• Website URL with a live, accessible site
• Published Terms of Service that includes SMS-specific language covering message frequency, HELP/STOP instructions, and consent disclosures
• Privacy Policy accessible on your website

One of the most common reasons for rejection is a mismatch between your legal business name on TCR and the name on your website or email domain. Double-check these before submitting.

Brand Registration

Brand registration verifies your business identity with the carrier networks. You submit your company details and TCR assigns a Trust Score based on factors like your EIN validity, business age, and online presence.

Your Trust Score directly affects your messaging throughput:

Timeline: Brand registration typically takes 2 to 5 business days.

Campaign Registration

After your brand is approved, you register one or more campaigns. A campaign describes a specific type of messaging your business sends.

You will need to provide:

• Use case category (for example, marketing, appointment reminders, account notifications, two-factor authentication)
• 3 to 5 sample messages that are specific, include your brand name, and end with opt-out language like “Reply STOP to opt out”
• Opt-in proof showing how recipients consent to receive messages
• Privacy policy and terms of service URLs

Good campaign description example: “TextBolt sends appointment reminder text messages to customers who opt in through our website booking form. Messages include the appointment date, time, and location. Recipients can reply STOP at any time to opt out.”

Bad campaign description example: “Customer notifications and updates.”

Vague descriptions are one of the top reasons campaigns get rejected. Be specific about what you send, who receives it, and how they opted in.

Timeline: Campaign approval ranges from 1 to 4 weeks depending on the carrier and use case complexity.

Pre-Registration Planning: A 7-Step Framework

Most rejected 10DLC applications fail because of preventable gaps in preparation, not policy violations. Working through this framework before you submit reduces back-and-forth with TCR and your messaging provider.

1. Map every SMS use case. Inventory each way your business sends texts to U.S. numbers: marketing, appointment reminders, order updates, 2FA, customer service replies, internal alerts. Decide which use cases share a campaign and which need separate registrations. Mixing marketing into a transactional campaign is a common rejection cause.
2. Gather brand documentation. Confirm that your legal business name, EIN or tax ID, address, and website domain match exactly across government filings, your website footer, and your email domain. Mismatches are the most common rejection reason.
3. Design compliant opt-in flows. For each campaign, document where and how users consent (web form, point-of-sale, SMS keyword join, verbal script). Capture screenshots of forms with the consent disclosure visible. Keep timestamps and the exact disclosure language used.
4. Draft realistic sample messages. Submit templates that closely match what you actually send. Carriers now use AI filtering to compare live messages against registered samples, and significant drift triggers flags. Include your business name and opt-out instructions in every sample.
5. Segment high-risk content carefully. If you operate in lending, cryptocurrency, gambling, cannabis, debt collection, or specialized healthcare, work directly with your messaging provider before submitting. These verticals face additional carrier scrutiny and may require specialized campaign types or be ineligible for some content categories.
6. Plan ongoing delivery monitoring. Decide which dashboards, error codes, and carrier feedback signals you will monitor after launch. Most CPaaS platforms expose delivery rates, error codes (such as 30007 for carrier filtering), and per-carrier breakdowns. Assign someone to review these weekly.
7. Build a policy-change watch. Carriers update throughput rules, content policies, and fee structures throughout the year. Subscribe to your provider’s policy updates and reassess your campaigns at least quarterly. Plan for state-level law changes too.

Following this framework helps you pass registration on the first try and build a sustainable, high-trust messaging program rather than scrambling after rejections.

How to Prove Opt-In Consent

Consent documentation is the single most important factor in 10DLC compliance. Missing or unclear consent details are the number one cause of registration rejections.

Here are the most effective ways to prove opt-in consent, ranked by reliability:

1. Website Forms

Contact forms, booking forms, or signup forms on your website are the strongest proof of consent. Include an unchecked checkbox with clear disclosure language:

“By submitting this form, you agree to receive text messages from [Business Name]. Message frequency varies. Message and data rates may apply. Reply STOP to opt out.”

2. Terms of Service Page

Your Terms of Service or Terms and Conditions page should include a dedicated texting section that covers consent, frequency, and opt-out instructions.

3. SMS Keyword Opt-In

Allow customers to text a keyword like “JOIN” or “SUBSCRIBE” to your business number to opt in. This creates a clear, timestamped record of consent.

4. Verbal Consent

For businesses that onboard customers over the phone or in person, verbal consent is acceptable. Use a consistent script:

“May I send you text message reminders about your appointments at [Business Name]? Standard message and data rates apply, and you can reply STOP at any time to opt out.”

5. Point-of-Sale or In-Person Signup

Physical signup forms at your business location work as well. Keep copies or digital records of signed consent forms.

Why Consent Logging Matters

Regardless of which method you use, keep a record of every opt-in with the following details:

• Timestamp of when consent was given
• Method of consent (web form, keyword, verbal, and so on)
• The specific language the customer agreed to

This creates an audit trail that protects your business if a carrier, the FCC, or a plaintiff’s attorney ever questions your compliance.

10DLC Compliance Rules You Must Follow

Registration is just the first step. Ongoing compliance requires following carrier content and behavior rules with every message you send.

Message Content Rules

• Always include your business name in messages so recipients know who is texting them
• Always include opt-out instructions like “Reply STOP to opt out”
• Avoid SHAFT content: Sex, Hate, Alcohol, Firearms, and Tobacco. Messages containing these topics face heavy restrictions or outright blocking
• Do not use URL shorteners (like bit.ly). Carriers flag these as potential phishing
• Avoid excessive capitalization, special characters, and symbols. Text like a normal person, not a spammer
• Match your actual messages to your registered samples. Carriers now use AI filtering to compare your live messages against what you submitted during registration. Significant drift can trigger flags
• Watch for forbidden content categories beyond SHAFT. Carriers also block or restrict messages related to high-risk financial products (payday loans, debt collection, get-rich-quick schemes), illegal substances, gambling without proper licensing, and adult content. Some categories require specialized campaign types; others are blanket-prohibited

Opt-Out Handling

• Honor STOP requests immediately. There is no grace period
• Send a single confirmation message after opt-out (for example, “You have been unsubscribed. No further messages will be sent.”)
• Never message someone who has opted out, even if they are a current customer
• Support HELP and INFO keywords: When a recipient texts HELP or INFO, your system should auto-reply with your business name, a brief description of the program, support contact, and opt-out instructions. STOP gets the most attention but HELP is also required by carriers

Throughput Limits

Your messaging speed depends on the Trust Score assigned to your brand during 10DLC registration. A higher Trust Score means you can send more messages per day. Most registered businesses start at a default tier and can request a review through their messaging provider to increase their limits over time. Consistent compliance and a clean messaging history are the best ways to improve your throughput.

Route Integrity: Stay on the Sanctioned Path

Your A2P traffic must travel over registered 10DLC routes, not over P2P routes or “grey routes” that bypass 10DLC controls. Some senders or providers attempt to mask A2P traffic as P2P to avoid registration costs or throughput limits. Carriers detect these patterns and respond with fines, campaign termination, and long-term reputation damage that follows the brand across multiple numbers and campaigns.

If you use a messaging provider, confirm they route through registered, sanctioned channels. Cheap rates that look too good often signal a grey-route operator, and the long-term cost (delivery failures, blocked campaigns, blacklisted numbers) far exceeds the short-term savings.

What Happens If You Don’t Register?

The consequences of skipping 10DLC registration are severe and immediate:

1. Messages blocked entirely. Since February 2025, unregistered 10DLC messages are not delivered. Your customers never see them.
2. Carrier fines. T-Mobile fines up to $10,000 per violation. AT&T and other carriers have their own penalty structures.
3. Per-message surcharges. Unregistered traffic incurs carrier surcharges of $0.006 to $0.017 per message segment, adding up quickly.
4. Campaign suspension. Carriers can suspend your messaging campaigns entirely.
5. Phone number blacklisting. Your business number can be permanently flagged, meaning even after registration, your delivery rate may suffer.
6. Legal exposure. With TCPA lawsuits up 95%, non-compliant businesses are prime targets for litigation.

The bottom line: the cost of non-compliance far exceeds the cost of registration.

How to Stay Compliant After Registration

Registration is not a one-time event. Ongoing compliance requires regular attention:

• Monitor your delivery rate regularly. A sudden drop may indicate carrier filtering or a compliance flag
• Update campaign details if your messaging changes. Adding a new use case (like promotional messages alongside appointment reminders) requires updating or creating a new campaign registration
• Re-verify consent records periodically, especially for contacts added through older methods
• Maintain opt-in and opt-out logs as an audit trail. Keep records with timestamps, consent method, and language
• Watch for state-level law changes. New states are introducing text-specific legislation regularly
• Review carrier policy updates at least quarterly. TCR and individual carriers update requirements, throughput limits, and fee structures throughout the year

If your business uses email-to-SMS for automated notifications or allows multiple staff members to text from one business number, make sure every team member understands basic compliance rules. A single non-compliant message from one employee can trigger penalties for your entire campaign.

How TextBolt Keeps Your Business Texting Compliant

TextBolt is built for businesses that need simple text messaging without dealing with complex API integrations or technical setups. With TextBolt’s email-to-text service, your team sends texts directly from Gmail or Outlook.

What TextBolt Provides

• 10DLC registration handled during onboarding. TextBolt processes your brand and campaign registration, typically within 48 hours
• Built-in STOP keyword support. The platform includes STOP keyword handling to help you manage opt-outs
• Full message audit trail. Every message is timestamped and logged, giving you records if a carrier or regulator ever asks
• Up to 98% delivery rate* with 10DLC compliant carrier-approved routing
• 10 user accounts with no per-user fees, so your entire team can send texts from their own email
• Transparent credit-based pricing. Each outgoing text segment costs 1 credit. No hidden carrier surcharges

What You Are Responsible For

As outlined in TextBolt’s terms of service, the platform provides the infrastructure, but as a user you are responsible for:

• Obtaining proper consent from recipients before sending any messages
• Complying with TCPA, CAN-SPAM, and A2P 10DLC requirements for your specific use case
• Honoring opt-out requests promptly and keeping records of opt-outs
• Using the service for legitimate business purposes only
• Maintaining the security of your account and connected service credentials
• Complying with the terms of service of each connected third-party service (Google Calendar, Google Contacts, and others)

For full details, review TextBolt’s terms of service before getting started.

Start your free 7-day trial and send your first compliant text message in minutes.

*Delivery rates vary based on carrier policies, message content, and compliance factors.