Message filtering refers to the blocking of messages that are unwanted or illicit. Filtering may occur to enforce Twilio’s policies, or to comply with regulations and wireless carriers’ messaging policies.
This article is about steps and specific guidelines to reduce the risk of messages being filtered. For general information about message filtering, see How Does Message Filtering Work?
The best way to prevent your messages from being filtered is to follow the guidelines in Twilio’s Acceptable Use Policy, Messaging Policy, the CTIA's Best Practices, and avoid sending spam or fraudulent traffic. If your use case is a forbidden use case for messaging in the United States, that will also lead to filtering in the US.
If you're sending to more than one country, check Twilio’s SMS Guidelines for the countries you are sending messages to. Twilio keeps these pages up to date with rules and best practices for each country.
Below are some guidelines that will greatly reduce the chances that your messages will be filtered.
- Consent and opt-in
- Use case and sender selection
- Message contents
- Avoid account takeover
- I think my messages are being filtered by mistake. What can I do?
Consent and opt-in
- Ensure that you only send messages to mobile users who have provided consent (opted-in) to receive messages from you.
- Ensure that your messages clearly identify who is sending the message, and how to opt-out. If you are contacting the same recipients multiple times per month, you do not need to provide opt-out instructions in every message, but you must do it at least once per month.
- The opt-out language you include in your messages must include a widely accepted keyword for opt-out. In the US and Canada this is typically STOP, e.g. "Reply STOP to unsubscribe." Using alternative phrases like "text 2 to opt out" is not compliant, and will result in filtering.
- If you are sending messages to users repeatedly over a long period of time, you should check in with your recipients at least once every 18 months to ensure they still want to receive messages from you. The mobile number you are sending messages to may have changed owners, or the recipient may not remember giving consent to receive messages from you.
- You should process the daily deactivation file. Once a customer deactivates their phone number, you no longer have consent to send to that number.
- Monitor your opt out, and consumer complaints data for any spike in activity. This is an indicator that there is something that needs corrected in your consent or opt out mechanisms. Carriers will start filtering heavily, or completely block traffic as phone numbers receive complaints/high opt out rates.
Use case and sender selection
- Check Twilio’s SMS Guidelines for the country you are sending messages to. Twilio keeps these pages up to date with best practices for each country.
- Before sending messages to the United States or Canada, ensure that your use case is not among the Forbidden message categories for SMS and MMS in the US and Canada.
- In general, use only as many Twilio phone numbers as are required for your business. Twilio's Messaging Policy forbids "snowshoeing" message sending across multiple phone numbers for the purposes of evading message filtering systems. Examples of valid reasons to use multiple Twilio numbers is having numerous business locations, or matching Twilio numbers with users in different geographic locations.
- All traffic is considered application-to-person (A2P), and the carriers in the country you are sending to may require that this traffic be sent from a short code (What is a short code?) or from a pre-registered Alphanumeric Sender ID, if available. These are both ways that carriers can review your messaging use case in advance, and offer better delivery as a result. In addition, some countries (such as France) have prohibitions against local numbers from that country being used for A2P traffic. In such cases, Alpha Sender ID (if available) or a number from a different country is a good solution for 1-way A2P messaging. If in doubt, check the SMS Guidelines page for the country in question.
- If you are sending abandoned shopping cart messages to users in the US, there are specific compliance requirements – see "Specific Use Case Requirements" on the SMS Guidelines page for the US for more details.
- URL shortening: Do not send links that have been shortened using shared public URL shorteners, such as TinyUrl or free Bitly links. United States carrier policies discourage the use of shared public URL shorteners, and state that your URL shortener should be both proprietary and properly branded (details here). Other countries might not totally forbid using shared public URL shorteners, but it is not advisable. If you want to include shortened URLs in your messages, we recommend using a dedicated short domain. For details, see How can I send shortened URLs (links) in my messages?
- If possible, when sending URLs/links in your messages, use domains that you control. Similar to the shortened URL guidance above, when sending links it is best to use a URL that is specific to your business. For example, if you control the domain mybusiness.net, you can be certain that only your business is using this domain, and nobody else could be sending URLs with that domain name that could link to objectionable content. Using URLs that may also be used by other services/individuals is permitted and is not guaranteed to result in filtering. However, it increases filtering risk, as another user of that same URL domain could send something spammy or objectionable and get that domain flagged by filtering systems. Obfuscated URLs are common in spoofing/phishing attempts, and will be filtered.
- Don’t use emojis, or unnecessary special characters/capitalization, and watch your grammar and spelling. Typically, these messages are structured in a way to attempt to evade detection of unwanted messaging, and your messages will be filtered.
- Do not send content that is illegal in your sending area, or is forbidden by carriers. See Forbidden message categories for SMS and MMS in the US and Canada for additional information.
Avoid account takeover
If your Twilio Account SID and Auth Token accidentally fall into the wrong hands (for example, posted in public code on a site like Github), your account could be used to send bad messaging traffic. We strongly recommend you keep your Twilio account credentials safe to prevent account takeovers.
- For technical guidance on how to keep your credentials safe, see Store Your Twilio Credentials Securely (Twilio Docs).
- If you suspect your account has been compromised, please see Proactive Steps for Customers Experiencing Account Takeover.
I think my messages are being filtered by mistake. What can I do?
Twilio works hard to ensure that customers do not see filtering on legitimate messaging that follows all applicable rules. However, no automatic system is perfect. If you have reviewed the above information thoroughly, and you believe your messages are compliant with Twilio and carrier policies, please collect 3 or more examples of Message SIDs that have the “undelivered” status with error 30007 within the previous 7 days, and then contact our Support team. We can help review your messaging and determine if an error was made, and put you in touch with our Compliance team if needed.
For more information on message filtering, see How Does Message Filtering Work?