SMS Compliance for Marketing and Sales: What You Need to Know

SMS Compliance for Marketing and Sales: What You Need to Know

If you’re thinking about using SMS for marketing and/or sales communication to consumers, it’s important to know the ins and outs of SMS compliance for businesses. While this doesn’t constitute legal advice, the intent of this post is to help you understand some of the rules and regulations governing texting for business, and to answer some common questions around the issue.

Does SMS Work for Sales and Marketing?

Here at Salesmsg, we believe that SMS is something of an untapped frontier for marketing and sales teams. In a world where channels such as telemarketing have all but disappeared and email open rates hover between 12 and 25 percent, there aren’t too many opportunities for companies to make a reliable, direct connection with leads. That’s where SMS comes in: with open rates above 90%, and reply rates of around 45%, there is no better channel for immediately grabbing your potential customer’s attention.

Do Consumers Trust SMS from Companies?

To accurately answer this question, we really need to split it into two separate components:

  1. Do consumers trust SMS from businesses they know?
  2. Do consumers trust SMS from businesses in general?

The answer to question 1 is unequivocal. Fully 80% of consumers already use SMS in some way to interact with businesses. And 74% prefer to interact with a human via text than with a chatbot. (Source)

But the answer to question 2 is much more complex, thanks in large part to the 86 billion spam texts that will be sent by the end of 2021—many purporting to be from reputable organizations. Unfortunately, these scams will succeed with many consumers, driving some $101 million in financial losses over the year. All of which undermines trust in SMS from unknown sources, in much the same way as robocalls have done for telemarketing.

That’s where compliance comes in. The key for companies considering using SMS for Sales and Marketing lies in rules laid out by the CTIA, a trade group that represents the U.S. wireless communications industry.

What are the CTIA’s SMS Guidelines?

The CTIA recommends a set of voluntary principles and best practices for companies seeking to communicate using “wireless messaging”. This category includes Short Message Service (SMS), Multimedia Messaging Service (MMS), and Rich Communications Services (RCS).

While the CTIA’s Principles and Best Practices are not legally binding, they are designed to align with the rules and regulations laid out in the 1991 Telephone Consumer Protection Act (TCPA), the most current piece of legislation governing a consumer’s right to privacy with respect to telecommunications, including voice calls, SMS, and fax messages. 

(Note that the TCPA does not include email. This is governed instead by the 2009 CAN-SPAM Act.)

For businesses seeking to use SMS to communicate with consumers, one of the most relevant sections of the CTIA guidelines is the distinction between Consumer/Person-to-Person (P2P) communication, and Non-Consumer/Application-to-Person (A2P) messaging. 

As the guidelines note “A Non-Consumer is a business, organization, or entity that uses messaging to communicate with Consumers. Examples may include, but are not limited to, large-to-small businesses, financial institutions, schools, medical practices, customer service entities, non-profit organizations, and political campaigns.”

Under that definition, every business, and every individual who sends messages on behalf of that business should consider themselves as non-consumers. Which means, if you’re looking to send compliant text messages to consumers, the CTIA’s A2P recommendations are a great starting point. 

What are those recommendations? We’re glad you asked!

CTIA A2P Recommendations

Broadly, the CTIA’s recommendations for Application-to-Person (A2P) communication fall into 5 major categories: 

  • Consumer consent
  • Privacy and security
  • Content
  • Text-Enabling a Telephone Number for A2P Messaging
  • “Other” Best Practices

While we recommend reading the full CTIA document, these can be summarized as follows:

Consumer consent is about ensuring that consumers are given the opportunity to opt-in and opt-out of receiving communications, and that the process for doing so is clear and fair. Specific best practices include: obtaining express written consent to receive marketing messages (something that the TCPA law requires); and ensuring that consumers have the ability to withdraw consent at any point.

Privacy and security best practices include: maintaining a conspicuous, clear and easy to understand privacy policy; implementing “reasonable security measures” to protect consumer information; and conducting regular security audits.

CTIA content best practices require A2P entities to prevent and combat unwanted or illegal messaging. This includes spam, spoofing and phishing-related messages. Additionally, any links should be clear about where they are directing users, not be intended to cause harm (e.g. by misdirecting a user or downloading malware), and should either clearly identify the site owner, or lead to sites that do. Similarly, messages should not contain or forward to unpublished numbers, unless the owner “is unambiguously indicated in the text message.” 

Text-Enabling a Telephone Number for A2P Messaging. The most technical of the CTIA’s recommended best practices, this centers around only enabling A2P messaging with phone numbers assigned by a telecom or VoIP service provider.

“Other” CTIA best practices include:

  • Documenting all users of shared numbers
  • Not engaging in “Snowshoe Messaging” (a common spam technique that involves sending similar messages from multiple numbers)
  • Not using “Grey Routes” (sending a message from a legal channel but passing it through an illegal channel to reach its destination)
  • Rules around short codes, proxy numbers, and texting from toll-free numbers.

What is SMS Spam?

SMS spam is any unwanted message from a sender who is not a personal acquaintance, and who you did not give specific consent to receive messages from. The type of message is unimportant: without consent, even a message asking for consent for further communication is spam, and therefore illegal.

What is A2P 10DLC? How Does It Help?

As we know already, A2P stands for “application-to-person”, while “10DLC” stands for “10-digit long code”. Putting those two pieces together, we arrive at an abbreviation for a US system specifically for sending messages to 10-digit phone numbers. For businesses, this represents a really big deal: until recently, 10-digit numbers were reserved for person-to-person (P2P) communications. This led businesses to turn to short codes for their bulk messaging needs. With a maximum of six digits in any short code, shared numbers became common, creating issues with tracking senders. Combined with the higher message throughput volumes permitted by carriers on these codes, that created a situation where spam was increasingly prevalent.

Thankfully, A2P 10DLC solves this, which is why we are embracing it whole-heartedly. 

Under A2P 10DLC framework, businesses must identify who they are to the carrier networks. They also must register the types of messages they intend to send. This helps carriers to identify bad actors, and reduces the amount of spam their users receive.

[Check out our full overview of A2P 10DLC.]  

So How Do I Prevent My Marketing or SalesTexts from Being Considered Spam?

Keeping the A2P 10DLC provisions and the CTIA best practices in mind, there are several considerations for any sales or marketer seeking to use SMS as a legitimate tool for reaching consumers. Additionally, carriers may have their own rules that go above and beyond the CTIA’s recommendations.

  1. Register your 10-digit number and the types of messages you intend to send. This will create legitimacy in the eyes of the carriers, helping your messages reach their intended recipients.
  2. Recognize that you are a representative of your organization, and act accordingly.

Even if you’re a sole proprietor, you’re technically an A2P sender in the  eyes of the law. Broadly, that makes it illegal for you to send unsolicited texts.

  1. Secure written opt-in for every contact you wish to contact. What is SMS Spam? The following section has several examples of how to achieve this, but the golden rule is “No consent. No message.”
  2. Don’t send spam-like content. Even with consent, sending misleading messages and deals can run afoul of carrier rules and be flagged as spam. Similarly, avoid including links that bring users to unexpected sites, or that trigger automatic downloads to a user’s device.

How Do I Ensure Opt-In for my SMS Messaging?

There are a number of great examples and use cases for soliciting opt-in permisiion from a consumer. So many, in fact, that we’ve created an entire post just around this topic, which will be coming soon to this very space!

One example that we outline in more detail in that post is to embed an SMS chat widget on the homepage of your website. By using the widget to invite a customer to provide a phone number for you to follow up via text, you are not only capturing valuable lead data, but also gaining explicit opt-in permission into the bargain!

Taking this example a step further, many organizations choose to use their first text to a new contact (one who has already opted-in via another source, such as the widget described above), to confirm that they want to receive messages. This step, known as double opt-in, is considered a best practice because it reduces the risk of providing unsolicited messaging to someone in the event that a wrong number was provided, either accidentally or intentionally. At Salesmsg, we offer the ability to require double opt-in for every contact in your organization’s database. This greatly reduces your risk exposure, while also providing peace of mind that no employee can send an SMS to a contact who has not provided explicit permission to receive texts from your organization.

For more tips on ensuring opt-in, be sure to check back soon for that post!

Ensuring SMS Compliance: Conclusion

The main point for most marketers and sales professionals to know about sending compliant SMS is that opt-in is key. Without it, you’re going to run afoul of carriers very quickly, and perhaps even the law.

Ensuring that contacts have the ability to opt out is also critical. That’s why it’s another feature that can be automated using Salesmsg’s suite of SMS tools. By automatically setting and managing a consumer’s opt-out preference, you can ensure you never accidentally breach TCPA laws.

With the advent of the A2P 10DLC  framework, SMS looks set to become an even more important tool for sales and marketing professionals seeking to win the war for consumer attention. By knowing the rules and following the steps above, you can build upon the trust a consumer placed in you. Taking care to craft messaging that is not just permitted, but welcome, is the key to remaining compliant while also driving engagement and (hopefully!) sales.

Automate Your Compliance With Salesmsg

To ensure that you’re always in compliance, consider working with a partner like Salesmsg. A premier two-way business text messaging software platform, Salesmsg enables you to easily send, receive, and manage SMS message conversations from a single dashboard, while seamlessly keeping track of changing opt-in statuses across your organization. It also integrates seamlessly with more than 1,000 third-party apps, including popular CRM platforms like HubSpot, Marketo, and ActiveCampaign. 

Salesmsg offers basic and advanced pricing plans (both costing pennies per text message) that include a range of features, such as SMS broadcasting (up to 1,000 texts at a time), customer onboarding, and premier support.

To learn more about how Salesmsg can help you reach consumers faster, more often, and while remaining fully compliant with all the necessary rules and regulations governing SMS messaging, contact us today.

Text us at (888) 409-2298 or start your free trial today