TCPA compliance for SMS marketing
The Telephone Consumer Protection Act has real teeth — $500 per message for unintentional violations and $1,500 per message for willful ones. CampaignCNX+ automates the parts of TCPA compliance that can be automated and flags the parts that can't, so your SMS marketing program stays out of the settlement column.
— What TCPA requires
TCPA governs how businesses and campaigns contact consumers by text. The core requirements haven't changed — consent, easy opt-out, time-of-day limits, sender identification, and record-keeping. The platform handles four of those on the send path; consent is still your responsibility, but we log it so you can prove it.
Automated TCPA compliance
/01
STOP, HELP, and UNSUBSCRIBE honored immediately across every campaign. Confirmation sent. Contact removed from future campaigns.
/02
Time-zone-aware 8 a.m.–9 p.m. window per recipient. Messages outside the window are held until it opens.
/03
Run lists against the federal DNC registry via DataZapp as an add-on. Flagged contacts drop out of sends.
/04
The composer validates that required opt-out language is present before the campaign is allowed to go out.
/05
Sender identification runs through registered 10DLC brand and campaign records. Toll-free quick-start handles same-day.
/06
Consent timestamp, source, every outbound message, every opt-out — logged and exportable if you ever need to defend a campaign.
How TCPA compliance is enforced
The review screen doesn't just show the recipient count and total cost — it's also the point where the platform confirms the send is TCPA-clean.
Contacts who've said STOP are removed from the recipient count before review.
If DNC lookup has been run, flagged contacts drop out too.
The composer checks for required opt-out language. No STOP language, no send.
Recipients outside their local window queue until the window opens. Everyone else ships on time.
What the TCPA actually says
The Telephone Consumer Protection Act of 1991 was written for autodialed phone calls, but it covers SMS — and the FCC has been progressively tightening interpretation since 2012. For a text-marketing program, four things matter in practice:
CampaignCNX+ enforces (3) and (4) at the send path automatically. (1) and (2) are program responsibilities — but the platform stores the consent timestamp and source per contact so you have the audit trail when you need it.
A few things worth knowing if you're building a serious program:
TCPA compliance FAQ
It handles the automatable parts — opt-outs, quiet hours, STOP language validation, DNC lookup, 10DLC sender identification, and audit logging. Consent is still your responsibility (you need documented opt-in before you text someone), but the platform stores the timestamp and source so you can prove it.
No — DNC lookup is an add-on at $0.015 per lookup via DataZapp. You run it on import or before a campaign that needs it. Once a contact is DNC-flagged in the system, they stay flagged and drop out of future campaigns automatically.
10DLC is the carrier registration path for application-to-person messaging. It's the recommended path for any serious program. We handle the brand and campaign registration during onboarding. It runs in parallel with toll-free quick-start so you can send the same day you open an account.
Per recipient, based on the contact's time zone. The platform enforces 8 a.m.–9 p.m. local time. A campaign scheduled for noon Eastern doesn't land at 9 a.m. Pacific — it waits for Pacific 8 a.m.
Yes. Consent records, message history, and opt-outs all export as CSV. If you ever face a complaint, you have the documentation without having to reconstruct it.
Opt-outs filter at send time — not at schedule time. A scheduled campaign will not deliver to anyone who has opted out between the time you scheduled it and the time it fires.
Partially. Non-commercial political speech is exempt from some of TCPA's most restrictive autodialer provisions, but the FCC has been steadily narrowing that exemption — and the 2024 closing of the political robocall loophole reinforced that political senders should treat consent, quiet hours, and STOP handling the same as commercial senders. The safe path: get written consent, send only 8 a.m.–9 p.m. local, and honor opt-outs.
$500 per message for negligent violations, $1,500 per message for willful or knowing violations. Class actions are common — at scale, a non-compliant 10,000-recipient send is a potential $5–$15 million exposure. Most consumer-side TCPA litigation is brought by specialized plaintiff's firms that actively scan for non-compliant senders.
CAN-SPAM regulates commercial email and uses an opt-out framework — you can email someone first and they can ask you to stop. TCPA regulates phone calls and SMS and uses a stricter opt-in framework — you must have express written consent before the first message. Different statutes, different consent regimes, different penalty structures.
A clear, affirmative agreement to receive automated texts from a specifically named sender, including a disclosure that consent isn't a condition of purchase. In practice: an opt-in form the recipient signed or completed, a keyword opt-in they texted in, or an unchecked checkbox they actively ticked. Pre-checked boxes and buried-in-TOS language don't qualify under the FCC's current interpretation.
Start sending
Take the toll-free quick-start: purchase a verified phone number, import your opt-in list, and send your first TCPA-compliant text message the same afternoon. For programs serious about long-term deliverability and DNC hygiene, 10DLC carrier registration is the recommended path and runs in parallel while you're already sending.
