Most service businesses approach SMS compliance backward. They read about TCPA regulations, get overwhelmed by legal language, and either avoid SMS marketing entirely or wing it and hope for the best. Both approaches cost you money: the first in lost opportunity, the second in potential fines up to $1,500 per message.
The reality is simpler than most compliance articles make it sound. You need to do five things correctly: get proper consent, identify your business in messages, provide easy opt-out, keep records, and understand the difference between promotional and transactional messages. Do these five things and you're 95% compliant. Skip any of them and you're at serious risk.
This checklist shows you exactly what to implement, how to document it, and which compliance tasks your SMS platform should handle automatically versus what you need to manage yourself. These requirements apply whether you're sending appointment reminders to 50 dental patients or promotional campaigns to 5,000 HVAC customers.
Every SMS marketing program needs these five elements. Miss any one and you're violating federal law regardless of how good your intentions are.
1. Valid consent before the first message
You cannot text someone for marketing purposes without their explicit consent. "We've done business before" doesn't count. "They gave us their phone number" doesn't count. You need documented consent specifically for text messages.
Valid consent methods:
Invalid consent methods:
A dental practice added a simple consent checkbox to their new patient forms: "I agree to receive appointment reminders and occasional dental health tips via text message. Message frequency varies. Reply STOP to opt out." This one sentence gave them valid consent to text all new patients while staying completely compliant.
2. Clear business identification in every message
Recipients must know who's texting them. For promotional messages, you must identify your business in the message itself. For transactional messages (appointment reminders), identification can be less formal but should still be clear.
Compliant identification examples:
Non-compliant identification:
3. Simple opt-out in every promotional message
Every promotional or marketing message must include clear opt-out instructions. The standard "Reply STOP to opt out" works and is what customers expect. Don't get creative with opt-out wording; stick to the standard.
Compliant opt-out examples:
Required opt-out behavior:
Transactional messages (appointment reminders for scheduled appointments) don't require opt-out in every message, but you should include occasional reminders that customers can opt out if they want.
4. Accurate record-keeping
You must maintain records proving consent for every person you text. If someone claims they never consented, you need to produce documentation showing how and when they opted in. Without records, you have no defense.
Required records:
Store these records for at least 4 years after the last message sent. Most SMS platforms handle this automatically, but verify your platform maintains these records before launching campaigns.
5. Understand promotional vs. transactional rules
The compliance requirements differ significantly based on message type. Get this wrong and you might apply the wrong rules to your messages.
Transactional messages (lighter compliance requirements):
These don't require opt-out language in every message (though it's good practice to include occasionally) and have more flexible identification requirements.
Promotional messages (stricter compliance requirements):
These require business identification, opt-out instructions, and documented consent specifically for marketing messages in every message.
Gray area messages: Quote follow-ups can be transactional if the customer requested the quote. Educational tips are promotional unless the customer specifically requested them. When in doubt, treat it as promotional (stricter requirements).
Your SMS platform should automatically handle most compliance requirements. If your current platform doesn't provide these features, you need a different platform before scaling your SMS marketing.
Must-have platform features:
Automatic consent tracking: System records how and when each contact opted in, stores the consent method and date, links consent to the specific phone number.
Automated opt-out processing: When someone texts STOP, system immediately stops messages, sends confirmation, flags the contact as opted out, prevents future messages to that number.
Required field enforcement: Platform won't let you send messages without business identification, prevents sending to contacts without documented consent, requires opt-out language in promotional campaigns.
Message logs and history: Complete record of every message sent, delivery status, opt-in/opt-out dates, consent documentation.
Compliance reporting: Easy access to consent records, opt-out processing logs, message archives for audits.
A plumbing company switched from a basic SMS tool to a compliance-focused platform after receiving a complaint. The new platform automatically handled consent tracking, opt-out processing, and record-keeping that their previous tool required manual management. The compliance automation saved them 3-4 hours weekly and eliminated the risk of human error causing violations.
Use this checklist to implement compliant SMS marketing. Each item includes what to do and how to document it.
1. Audit your current contacts
Review everyone in your SMS database. Do you have valid consent for each person? If not, you need to get consent before texting them for marketing purposes.
Action: Create a spreadsheet of all contacts, note consent method for each, identify anyone without valid consent.
2. Create clear consent language
Write specific consent language for your opt-in forms, website, and paper forms. State what customers will receive and approximately how often.
Example: "I agree to receive appointment reminders, service updates, and occasional promotional offers from [Your Business] via text message. Message frequency varies. Reply STOP to opt out. Message and data rates may apply."
3. Add consent to all customer touchpoints
Implement consent collection everywhere you interact with customers:
4. Set up text-to-join campaigns
Create a keyword customers can text to join your list: "Text REMIND to 555-123-4567 for appointment reminders and service specials."
Include this on business cards, yard signs, invoices, your website, and email signatures.
5. Configure automated opt-out responses
Program your SMS platform to automatically respond to STOP, UNSUBSCRIBE, CANCEL, QUIT, and similar keywords. Response should confirm opt-out immediately.
Example response: "You're unsubscribed from [Your Business]. You won't receive further messages. Thanks for being a customer."
6. Create compliant message templates
Build message templates that include required compliance elements. Use proven SMS copy frameworks that incorporate compliance naturally.
Template structure: "[Business Name] [Message content]. [Call-to-action]. Reply STOP to opt out."
7. Train your team on compliance
Anyone sending messages needs to understand:
8. Verify platform record-keeping
Confirm your SMS platform automatically stores:
Test: Try to send a message to someone without consent. Your platform should block it.
9. Set up compliance monitoring
Designate someone to review:
10. Document your compliance procedures
Create a written document describing:
This documentation proves you have compliance systems in place if ever questioned.
11. Implement retention policy
Decide how long to keep records and enforce it consistently. Recommendation: 4 years minimum for consent records and message logs.
12. Review state-specific requirements
Federal law sets the baseline, but some states have additional requirements. Check regulations for states where you do business.
Key states with stricter rules: California, Florida, Illinois, Washington.
Different service industries face different compliance situations. Here's how compliance applies to common scenarios.
Home services (HVAC, plumbing, electrical, pest control)
Common situation: Customer calls for emergency service. Can you add them to your marketing list?
Answer: No, not for promotional messages. You can send transactional messages about the specific service request (appointment confirmation, technician arrival time, service completion). For promotional messages (seasonal specials, maintenance reminders), you need separate consent.
Solution: After completing emergency service, send: "Thanks for choosing [Business]. Want to receive maintenance reminders and service specials via text? Reply YES to opt in."
Healthcare (dental, medical, chiropractic)
Common situation: Sending appointment reminders to all patients.
Answer: Appointment reminders for scheduled appointments are transactional and have lighter requirements. But you still need consent to text patients. HIPAA adds complexity; don't include protected health information in messages.
Best practice: Get text message consent as part of new patient paperwork. Keep messages generic: "Your appointment is tomorrow at 2pm" not "Your root canal is tomorrow at 2pm."
Hospitality (hotels, restaurants)
Common situation: Guest provides phone number at booking. Can you send pre-arrival texts and promotional offers?
Answer: Booking-related messages (confirmation, check-in info) are transactional if they booked directly with you. Promotional messages (special offers, future stay promotions) require separate marketing consent.
Solution: Add consent checkbox at booking: "Receive exclusive offers and travel deals via text." Keep transactional and promotional messages separate.
Professional services (accounting, legal, consulting)
Common situation: Existing client relationship. Can you text about services?
Answer: Client relationship doesn't automatically permit marketing texts. Appointment reminders for scheduled meetings are transactional. Marketing your services requires consent.
Best practice: Ask directly: "Would you like to receive quarterly tax tips and planning reminders via text? Reply YES if so." Get clear yes before sending marketing content.
Many businesses discover they've been sending messages without proper consent or documentation. Here's how to fix it without making things worse.
Step 1: Stop all questionable messaging immediately
Don't send another promotional message to anyone without verified consent while you're fixing things. Continue only essential transactional messages (confirmed appointments, responses to customer inquiries).
Step 2: Audit your entire contact list
For every contact, determine:
Step 3: Separate contacts into compliant and non-compliant
Compliant: Documented consent, proper method, clear records Non-compliant: No consent documentation, questionable consent, purchased lists
Step 4: Get consent from non-compliant contacts
Send one message to non-compliant contacts: "We want to keep you updated via text about [services/offers/reminders]. Reply YES to opt in. If we don't hear from you, we'll only text about scheduled appointments. Reply STOP to opt out entirely."
Only text those who respond YES for marketing purposes going forward.
Step 5: Implement proper procedures
Work through the 12-point checklist above. Make sure every future contact has proper consent before receiving any messages.
Step 6: Document your correction
Keep records showing:
This documentation shows good faith effort to comply if ever questioned.
An HVAC company discovered they'd been texting all customers from the past 5 years without documented consent. They immediately stopped promotional messages, audited their 3,200-person list, found only 840 with proper consent, sent a re-consent message to the rest, and got 380 additional opt-ins. They continued with 1,220 compliant contacts rather than risk penalties by texting everyone. Three months later, proper consent collection at job completion rebuilt their list to 1,600 contacts, all compliant.
Understanding the real consequences of non-compliance helps you prioritize this correctly. The Telephone Consumer Protection Act (TCPA) allows significant penalties.
Federal penalty structure:
State enforcement: Some states can impose additional penalties and have more aggressive enforcement than federal regulators.
Class action lawsuits: The bigger risk for small businesses. If you text 1,000 people without consent and 50 of them join a class action lawsuit, you could face hundreds of thousands in legal fees and settlements even if penalties are reduced.
Real examples:
Papa John's: $16.5 million settlement for sending texts without consent Jiffy Lube: $47 million settlement for unsolicited text messages
Political campaigns: Multiple six-figure settlements for TCPA violations
Most small business violations never reach lawsuit stage, but even one complaint to the FTC can trigger an expensive investigation. Insurance typically doesn't cover TCPA violations, meaning you pay directly.
How violations typically start:
Prevention is dramatically cheaper than defense. Implement proper procedures now rather than hoping you don't get caught.
You don't need to implement everything simultaneously. Start with the highest-risk items and build from there.
Today (first 4 hours):
Hour 1: Audit your current SMS program
Hour 2: Stop any clearly non-compliant activity
Hour 3: Check your message templates
Hour 4: Set up basic consent collection
Tomorrow (4-6 hours):
Next 30 days:
A pest control company implemented this 48-hour start plan. Day 1: Discovered they had consent for only 30% of their text list, stopped texting the rest, verified their platform handled opt-outs. Day 2: Created consent forms, trained staff, began rebuilding list properly. Within 90 days, they had 65% of their original list re-opted in with proper consent, all fully compliant. The short-term list size reduction was worth eliminating the legal risk they'd been carrying.
SMS marketing compliance isn't complicated once you understand the requirements. Get proper consent, identify your business, provide easy opt-out, keep records, and understand message type differences. Do these things consistently and you're operating within legal requirements while building effective SMS campaigns.
The good news: compliance and effectiveness go together. Messages sent to people who actually want to hear from you perform better than blast campaigns to purchased lists. Systematic SMS marketing with proper consent generates higher engagement, better ROI, and zero legal risk.
Start with the checklist, implement proper procedures, and then focus on what matters: writing messages that drive business results. Compliance becomes automatic when your systems are set up correctly.
Ready to implement compliant SMS marketing that actually drives results? Start your free trial with Sakari to access built-in compliance features, automatic consent tracking, and message templates that include all required elements. You'll have compliant SMS campaigns running within a week.