SMS marketing regulation protects consumers from spam while allowing legitimate businesses to communicate with customers via text.
SMS marketing regulation protects consumers from spam while allowing legitimate businesses to communicate with customers via text. The main federal law is the Telephone Consumer Protection Act (TCPA), which requires businesses to get explicit consent before sending marketing texts and honor opt-out requests immediately.
Most service business owners hear "SMS compliance" and assume it's complicated legal territory requiring lawyers. The reality is simpler. Follow four core rules and you avoid 95% of compliance problems: get written consent before texting, identify your business in messages, provide clear opt-out instructions, and process opt-outs within seconds.
This guide covers the regulations that actually affect service businesses, what consent really means in practice, how to handle opt-outs correctly, and common violations that trigger fines. The focus is practical compliance you can implement this week, not legal theory.
Before diving into specific regulations, understand why compliance isn't optional.
The financial risk is real. TCPA violations carry penalties of $500-1,500 per text message. Send promotional campaign to 200 people without proper consent and get reported? That's $100,000-300,000 in potential fines. Not a rounding error for small businesses.
Lawsuits happen to ordinary businesses. TCPA lawsuits aren't just for major corporations. Small service businesses get sued. Plaintiff attorneys actively look for violations because statutory damages make cases profitable even when actual harm is minimal.
Your SMS platform can shut you down. Carriers (AT&T, Verizon, T-Mobile) monitor messaging patterns. Unusual complaint rates or obvious violations get your number blocked. Once blacklisted, you can't send texts from that number anymore.
Customer trust matters more than legal risk. Texting customers without permission, ignoring opt-outs, or sending spam damages relationships permanently. Compliance rules exist because consumers hate unsolicited texts.
The good news: Compliance isn't difficult if you build it into your process from the start. It's only complicated when you're trying to retrofit compliance onto existing bad practices.
Several regulations govern SMS marketing. You need to follow all of them, but some matter more than others for service businesses.
What it is: Federal law passed in 1991, updated multiple times. Regulates all types of phone communication including SMS.
Key requirements for SMS marketing:
Prior express written consent required for marketing messages. "Written" includes electronic consent (web forms, text-to-join).
Messages must identify the business sending them. No anonymous marketing texts.
Opt-out mechanism must be provided in every marketing message. Customer can text STOP anytime.
Opt-outs must be processed immediately. Sending even one more message after customer texts STOP violates TCPA.
Who enforces it: FCC (Federal Communications Commission) and private lawsuits. Most TCPA enforcement comes from class action lawsuits, not FCC enforcement actions.
Penalties: $500 per violation, $1,500 per willful violation. Each text message is separate violation.
What it is: Industry best practices established by wireless carriers. Not technically law, but carriers enforce these guidelines by blocking numbers that violate them.
Key requirements:
Clear opt-in process that explains message frequency and costs.
Help and opt-out commands must work (HELP, STOP, UNSUBSCRIBE).
Message content restrictions (no phishing, no illegal content, no deceptive claims).
Rate limiting (can't send thousands of texts per second, appears as spam).
Who enforces it: Wireless carriers. They can filter or block your messages without warning if you violate guidelines.
Penalties: Number blocking, filtering (messages don't deliver), or account termination.
What they are: Some states have additional requirements beyond federal law. Florida, California, and others have specific statutes.
Key state variations:
Some states require consent specifically mentions SMS, not just "electronic communications."
Some states have stricter timing restrictions (no texts before 8am or after 9pm).
Some states require additional disclosures about data usage.
Practical approach: Follow strictest state requirements for all messaging. Easier than tracking state-by-state variations. For comprehensive state-by-state breakdown, review SMS marketing laws by state guide.
Getting proper consent before sending marketing texts is the most important compliance requirement. Most violations stem from inadequate consent.
Valid consent requires:
Written agreement (includes electronic forms, checkboxes, text-to-join responses).
Clear disclosure that person is agreeing to receive marketing texts specifically.
Identification of the business that will send texts.
Statement that consent isn't required for purchase (can't force SMS opt-in to complete transaction).
Disclosure of message frequency (approximate number is fine: "up to 4 messages per month").
Disclosure that message and data rates may apply.
Clear opt-out instructions.
Example of valid consent language:
"By checking this box and providing your mobile number, you agree to receive marketing text messages from [Your Business Name] at the number provided. Message frequency varies. Message and data rates may apply. Reply STOP to opt out anytime. Consent not required for purchase."
What doesn't count as valid consent:
Pre-checked boxes (consent must be active choice).
Consent for "communications" without specifying SMS/text messages.
Consent buried in terms of service that customer doesn't actually agree to.
Verbal consent without documentation (you can't prove it).
Purchasing relationship alone (buying from you doesn't give you permission to text them).
Website forms:
Add SMS opt-in checkbox to contact forms, quote requests, appointment bookings.
Place checkbox separate from other consents (email, terms of service). Each consent should be distinct.
Make language clear and specific. Example: "Text me appointment reminders and special offers."
Store opt-in timestamp and IP address. Helpful if you ever need to prove consent.
In-person at point of sale:
Receptionist or staff member asks: "Can we text you appointment reminders?"
Customer says yes and provides mobile number.
System documents: Date, time, staff member name, customer verbal agreement.
Follow up with confirmation text: "Thanks for opting in to [Business] text updates. Reply STOP anytime."
Text-to-join campaigns:
Display signs with "Text JOIN to [number] for special offers."
Customer texts JOIN to your number.
Automated response: "Welcome to [Business] texts! Expect 2-4 messages monthly. Reply STOP to opt out. Msg&data rates may apply."
This automated response serves as confirmation of their opt-in.
Phone conversations:
During service call or appointment booking, staff says: "Would you like appointment reminders via text?"
Customer agrees verbally.
Document in customer record: Date of consent, method (phone), staff member.
Send confirmation text: "You've opted into text reminders from [Business]. Reply STOP to opt out anytime."
The documentation requirement: Whatever method you use, document when and how customer consented. If sued, you must prove consent existed. "I'm sure they agreed to something at some point" doesn't hold up.
Can you text existing customers without new consent? It depends.
Transactional messages (probably okay):
Appointment confirmations and reminders for services they already booked.
Order status updates for purchases they made.
Account notifications directly related to your business relationship.
Payment receipts and billing information.
These aren't "marketing" messages, so TCPA consent requirements are less strict. However, even for transactional messages, best practice is to get opt-in.
Marketing messages (need consent):
Promotional offers and discounts.
New product or service announcements.
General business updates unrelated to their specific transaction.
You need explicit consent for these, even for existing customers.
The safe approach: Assume you need consent for everything. Send one-time text to existing customer list: "Want appointment reminders and special offers via text? Reply YES to opt in." Only customers who reply YES receive future texts.
This protects you legally and respects customer preferences. For detailed opt-in strategies, explore automated SMS marketing setup guidance.
Beyond getting consent, your actual messages must include certain elements.
Business identification: Every message must clearly identify your business by name. No anonymous marketing texts.
Bad: "Special offer today only! 20% off. Book now: [link]"
Good: "It's Mike's HVAC: Special offer today only! 20% off maintenance. Book: [link]. Reply STOP to opt out."
Opt-out instructions: Every marketing message must include opt-out instructions. Standard practice: "Reply STOP to opt out" or "Text STOP to unsubscribe."
Frequency: Include in first message, then every message is best practice. Minimum: include periodically (every 3-4 messages). For appointment reminders and transactional messages, less frequent opt-out instructions acceptable.
HELP keyword: Messages should mention HELP command for customers who need support. "Text HELP for info or STOP to opt out."
When customer texts HELP, automated response provides: business contact info (phone number, email), explanation of service, opt-out instructions.
Federal guidelines: No texts before 8am or after 9pm in recipient's local timezone. Some interpret this as sender's timezone, but safest approach is recipient's timezone.
State variations: Some states (like California) have stricter hours. Check state-specific requirements if you serve specific states heavily.
Practical approach: Send between 9am-8pm recipient's local timezone. Safest window that avoids all timing violations.
Exception for urgent situations: Appointment reminders for same-day appointments or emergency service responses can potentially justify sending outside quiet hours, but document the business justification.
Deceptive or misleading claims: False advertising laws apply to SMS just like other channels. Can't lie about pricing, availability, or service details.
Phishing or fraud: Obvious, but texts requesting sensitive information (passwords, credit card numbers, SSN) violate carrier guidelines even if technically legal under TCPA.
Illegal products or services: Can't promote illegal items, controlled substances without proper licensing, or adult content via standard SMS channels.
Aggressive or harassing content: Repeated messages after customer asks to stop, threatening language, or harassment violate both TCPA and carrier guidelines.
Processing opt-outs correctly is non-negotiable. This is where many businesses violate TCPA accidentally.
TCPA requirement: Opt-out requests must be honored "immediately" or within reasonable time (interpreted as minutes to hours, not days).
What this means practically:
Customer texts STOP at 2pm. By 2:05pm they're removed from all message lists. Sending one more message at 2:10pm violates TCPA even if you "didn't see it yet."
Automated opt-out processing is required. You can't manually check for STOP messages once daily. System must recognize and process automatically.
Opt-out keyword variations: Your system must recognize STOP, UNSUBSCRIBE, CANCEL, QUIT, END, and reasonable variations. Customer shouldn't have to guess exact command.
"Stop," "STOP," "stop please," "unsubscribe me," "cancel texts" should all trigger opt-out.
After customer opts out, send immediate confirmation: "You've been unsubscribed from [Business] texts. You won't receive further messages. Text START to resubscribe."
This confirmation message is allowed under TCPA. It's the last message you're permitted to send.
Maintain permanent opt-out list. Customer who opted out can't automatically be re-subscribed if they make purchase or interact with your business again. They must explicitly opt back in.
Never share or sell opt-out lists. Obvious but worth stating. Customer who opted out from your texts hasn't opted out from your sister company or partner. Treat lists separately.
Document opt-out timestamps. If ever questioned, you need to prove when customer opted out and that you stopped messaging them.
Customer calls and says "stop texting me." Email says "remove me from text list." Social media comment says "unsubscribe me."
You must honor these even though they didn't text STOP. Opt-out requests via any channel must be processed. Best practice: Confirm via text that you've processed their opt-out request.
Most TCPA violations fall into predictable categories. Avoid these and you avoid most legal risk.
What it looks like: Business buys phone number list and starts texting. Business texts all customers without getting SMS permission. Business assumes purchase equals permission to market.
Why it happens: Misunderstanding of consent requirements. Belief that "we have business relationship" means permission to text.
How to avoid: Never text for marketing purposes without explicit SMS consent. Document all opt-ins with timestamp and method.
What it looks like: Customer texts STOP. Business doesn't notice for 3 days. Meanwhile, automated campaign sends 2 more messages. Each message after STOP is separate TCPA violation.
Why it happens: Manual opt-out processing, poor integration between SMS platform and campaign management, lack of automated recognition of STOP keywords.
How to avoid: Use SMS platform with automatic opt-out processing. Sakari automatically processes STOP keywords and removes contacts from all campaigns immediately.
What it looks like: Website checkbox pre-checked for SMS consent. Consent language hidden in terms of service. Consent language unclear about SMS specifically.
Why it happens: Wanting high opt-in rates without respecting customer choice. Poor legal guidance on consent requirements.
How to avoid: Make SMS consent explicit, separate, and clear. Never pre-check boxes. Use plain language explaining what customer is agreeing to.
What it looks like: Customer changes phone numbers. Number gets reassigned to new person. You keep texting the number. New number holder never consented but receives your messages.
Why it happens: Phone numbers get recycled. What was customer's number 6 months ago is now someone else's number.
How to avoid: Regularly scrub phone lists against carrier databases that track reassigned numbers. Remove inactive numbers. Process opt-outs immediately when someone says "wrong number."
What it looks like: Marketing messages don't include "Reply STOP to opt out" or similar instructions. Customer can't easily unsubscribe.
Why it happens: Forgetting requirement or wanting to prevent opt-outs.
How to avoid: Include opt-out instructions in every marketing message. Make unsubscribing as easy as possible.
Your SMS platform should handle compliance automatically. Here's what to verify.
Automatic opt-out processing:
Platform recognizes STOP, UNSUBSCRIBE, and variations automatically.
Removes contact from all campaigns within seconds.
Sends confirmation message automatically.
Maintains permanent opt-out list.
Consent documentation:
Records opt-in date, time, method, and source for each contact.
Stores this information indefinitely for legal defense if needed.
Allows exporting consent records.
Quiet hours enforcement:
Prevents messages from sending before 8am or after 9pm in recipient's timezone.
Allows you to set custom quiet hours if you want stricter limits.
Queues messages that would violate quiet hours and sends at next allowed time.
Required keywords:
Automatically responds to HELP with business contact information.
Automatically responds to START for customers who want to resubscribe after opting out.
Compliance reporting:
Shows opt-in sources and dates for audit purposes.
Tracks opt-out rates and timing.
Alerts if complaint rates spike (indicates potential compliance problem).
Sakari compliance features: Sakari includes automatic opt-out processing, consent documentation, quiet hours enforcement, and compliance reporting built into the platform. No additional configuration required.
For businesses integrating with CRM, HubSpot SMS integration maintains compliance while syncing customer data.
Use this checklist to verify your SMS marketing setup is compliant.
Before sending any messages:
[ ] Obtained explicit written consent from all recipients [ ] Documented when and how each person opted in [ ] Verified all phone numbers are mobile (not landlines) [ ] Created clear opt-out process [ ] Selected SMS platform with automatic compliance features [ ] Set up quiet hours (8am-9pm or stricter)
In every marketing message:
[ ] Business clearly identified by name [ ] Opt-out instructions included [ ] Message sent during allowed hours [ ] Content is truthful and not deceptive [ ] Links work on mobile devices
Ongoing compliance maintenance:
[ ] Opt-outs processed automatically within seconds [ ] Opt-out list maintained permanently [ ] Consent records stored indefinitely [ ] Phone list scrubbed quarterly for reassigned numbers [ ] Complaint rates monitored monthly [ ] Staff trained on compliance requirements
Documentation to maintain:
[ ] Opt-in forms and language used [ ] Opt-in records with timestamps [ ] Opt-out records with timestamps [ ] Message templates showing compliant content [ ] Platform compliance features configuration
Understanding consequences helps prioritize compliance.
TCPA lawsuit process:
Plaintiff attorney finds violation (often through client who received unwanted texts or didn't opt out).
Files lawsuit claiming $500-1,500 per message sent in violation.
Attempts class action to include all recipients of campaign.
Business must prove consent for every recipient or settle.
Settlement costs often $50,000-250,000 depending on scale of violation.
Carrier blocking:
Wireless carrier detects spam patterns or receives complaints.
Blocks your phone number from their network.
All your messages to customers on that carrier fail.
Getting unblocked requires proving compliance and may not succeed.
Alternative: Get new number and rebuild, losing existing opt-in list.
FCC enforcement:
Less common than lawsuits but possible.
Fines up to $10,000 per violation for willful violations.
Requires pattern of violations, not one-off mistakes.
Reputational damage:
Customers who receive unwanted texts tell others.
Online reviews mention spam texts.
Trust damage affects business beyond legal consequences.
The good news: Follow the core requirements (consent, identification, opt-out, timing) and you avoid nearly all these risks. Compliance violations are almost entirely preventable.
Day 1: Audit current practices
Do you have documented consent for everyone you're texting?
Does your SMS platform process opt-outs automatically?
Do messages include business identification and opt-out instructions?
Are you respecting quiet hours?
Day 2: Fix consent collection
Add clear SMS consent language to website forms.
Create text-to-join campaign for existing customers to opt in properly.
Document how consent is collected for in-person customers.
Day 3: Update message templates
Add business identification to all templates.
Add "Reply STOP to opt out" to all marketing messages.
Verify all templates comply with timing restrictions.
Day 4: Configure platform compliance features
Enable automatic opt-out processing.
Set quiet hours enforcement (8am-9pm minimum).
Configure HELP and STOP auto-responses.
Day 5: Train staff
Explain consent requirements to everyone who collects customer information.
Show how to document opt-ins properly.
Explain importance of immediate opt-out processing.
Week 2: Clean existing list
Review current contact list for documented consent.
Remove anyone without clear consent record.
Send opt-in request to existing customers: "Want text updates? Reply YES to opt in."
Most service businesses can achieve full compliance within 2 weeks of focused effort. The ongoing maintenance is minimal once proper processes are established.
For additional campaign strategies that maintain compliance, review SMS marketing automation approaches for service businesses.
Ready to start compliant SMS marketing that protects your business while connecting with customers effectively? Start your free trial with Sakari and implement built-in compliance features that handle opt-outs, quiet hours, and consent documentation automatically.
Your email address will not be published
This guide covers what you need to set up automation, which workflows to build first, and how to avoid the mistakes that waste budget and burn...
If you’ve never considered text message marketing for your business, it might be time. Learn three simple reasons why you should start using SMS...
Text message marketing and email marketing succeed in distinctly different situations, and the most effective businesses understand when to use each...
With our 14-day free trial, you can dive in and explore all these features, with no commitment.