Requirements and Instructions for Toll-Free Verification Approval
Starting September 15, 2026, toll-free verification submissions must include separate URL fields for your Privacy Policy and Terms and Conditions. Submissions missing these links will be rejected with error 30493. This applies to new submissions only; existing verifications do not need updates.
Overview
Toll-Free numbers undergo vetting for messaging to ensure compliance with carrier requirements and CTIA guidelines. Toll-Free Verification requires specific data to be submitted for review to help identify the end business sending messages and ensure that they have proper measures in place for compliant traffic. This guide outlines registration requirements to facilitate a streamlined approval process, explains each required piece of information, and provides examples of both compliant and non-compliant submission scenarios to ensure your application meets industry standards.
Note: Refer to the documentation links below for a detailed walk-through of how to use the Messaging Compliance API or Twilio Console for submitting verification requests.
Detailed Table of Contents
Quick Toll-Free Verification Checklist
1: Toll-Free Verification Submission Details & Description
2: Call-To-Action (CTA) & Opt-In Consent
4 Keywords & Automated Responses
5: Data Consistency & Specialized Programs
Quick Toll-Free Verification Checklist
This checklist should be used before submitting a Toll Free Verification to ensure that all elements have been accounted for to help ensure a first time approval.
1. Identity & Profile
- [ ] Legal Name & DBA: Must match IRS records exactly (Format: Legal Name LLC DBA Brand Name).
- [ ] Business Registration Number: Valid 9-digit IRS EIN (U.S.) or international equivalent.
- [ ] Email Domain: Must use a corporate domain (name@yourbusiness.com). Public domains (@gmail, @yahoo) can be considered but will be reviewed with more scrutiny.
- [ ] Live Business Website: Fully accessible website containing active, live links to both the ToS and Privacy Policy.
2. Opt-In & Consent Requirements
- [ ] Clear CTA: Include language inviting, encouraging, or instructing a user how to opt in to the messaging program
- [ ] Specific Opt-In URL: Provide the direct, secure https:// link to the page where phone numbers are collected.
-
[ ] Voluntary Consent: Opt-in cannot be mandatory.
- Action: Checkboxes must load blank and unchecked by default (pre-checked is prohibited).
- [ ] Separate Opt-Ins: Use independent selections for different message consents (e.g., Marketing vs. Transactional).
- [ ] Required Disclosures: Adjacent to the phone field, include: Business Name, message type, frequency, "Message and data rates may apply," and HELP/STOP instructions.
3. Legal Policies
-
[ ] Privacy Policy (PP): Must be a live link near the call-to-action on the opt-in form.
- Requirement: Must contain the following verbatim clause: "All the above categories exclude text messaging originator opt-in data and consent; this information won’t be shared with any third parties."
-
[ ] Terms of Service (ToS): Must be a live, embedded page (no pop-ups).
- Should contain the business identity, product description, frequency, rates, support contact, and STOP instructions.
4. Compliance Keywords
-
[ ] Welcome Confirmation: Sent immediately upon opt-in.
- Example: [Business Name]: Welcome to our text alerts! You are now enrolled to receive recurring automated updates. Message frequency varies. Message and data rates may apply. Reply HELP for help or STOP to cancel.
-
[ ] HELP Keywords: Automated response to HELP, INFO, SUPPORT.
- Example: [Business Name] Support: For help, email support@yourbusiness.com or call 888-555-5555. Message frequency varies. Message & data rates may apply. Reply STOP to cancel.
-
[ ] Opt-Out Keywords: Automated response to STOP, UNSUBSCRIBE, END, QUIT, HALT.
- Example: [Business Name]: You are unsubscribed from our alerts. No more messages will be sent. Reply HELP for help or call [toll free number].
5. Campaign Samples & Alignment
- [ ] Use Case Alignment: Ensure the opt-in method, use case, and sample messages tell a consistent story.
- [ ] Multi-Use Case Mapping: Provide a unique opt-in flow, sample message, and individual description for each selected use case category.
- [ ] Brand & Opt-Out: All messages must include the Business Name and functional opt-out instructions (e.g., "Reply STOP to unsubscribe") at regular intervals throughout the conversation.
- [ ] Real Links: Use real, natively owned destination domains (no generic [link] or [URL] placeholders).
1: Toll-Free Verification Submission Details & Description
Profiles must provide accurate company metadata and messaging behavior for verification approval evaluation.
Business & Entity Validation
In accordance with the Toll-Free Verification Policy, the end business that directly engages with the consumer is the brand expected to onboard. If you are an ISV or agency submitting on behalf of a client, you must use the end business's details, including their Legal Name, website, address, and contact information, rather than your own agency's information. Additionally, providing a government business registration number is mandatory, and your Legal Entity Name must exactly match official tax records. U.S. entities must provide a 9-digit IRS EIN matching their official registration, while international organizations must supply their specific registration number, issuing country, and local authority. For more information on BRN please refer to Toll-Free Verification Policy for Collecting Business Registration Number.
Business Credibility & Digital Presence
Verification reviews assess sender credibility to support onboarding transparency. Senders must maintain a legitimate, public online presence aligned with their messaging program.
Review Factors:
- Consistency: Alignment between business name, branding, email domain, and messaging use case.
- Credibility: A functional website with clear contact information and active business details.
- Transparency: Authentic content free of deceptive or autogenerated placeholders.
- Legitimacy: Evidence of an active, verifiable commercial entity.
Important Requirements:
- Submissions with incomplete digital presence, inconsistent branding, or questionable credibility may be rejected.
- All embedded links must use encrypted HTTPS; generic URL shorteners and unauthorized redirects are strongly discouraged.
Note: The brand details below must exactly match your verification information.
Business Name
The end business the customer is engaging with and must match the name that is registered with the associated BRN. This should not be the ISV unless the ISV is the sole content creator, sending messages on their own behalf, or the content is branded with the ISV’s name. If this information is missing, the request will be rejected. Note: Trade names should be included in the DBA field; the Business Name field is for the legal entity name.
- Approved Examples: Owl Shoes
- Rejected Examples: Name of the ISV, N/A
Business Website
The website of the end business should directly correlate with the brand that is being onboarded. Social media links (Facebook, Instagram, X, LinkedIn) or Google Business Profiles may be accepted as alternatives if the business is small and the page is set to public. These social pages and profiles must be reputable, in good standing, and show consistent engagement (including posts, business information, and recent activity) to establish legitimacy. Newly created, inactive, or 'ghost' pages (e.g., those lacking content or with minimal followers) are not acceptable. URLs behind logins, password-protected pages, or unlisted/under-construction sites are not reviewable.
- Approved Examples: URL to the direct end-user business or a reputable, active public social media page.
- Rejected Examples: The URL is not a live website, URL is behind a login/password, the website has the address of the ISV/aggregator, or the social page is inactive/ghost.
Business Address
The physical location of the end business the consumer is engaging with (street, city, state, and zip code).
- Approved Examples: 123 Main St, Seattle, WA, 98119
- Rejected Examples: “N/A”, address of the ISV.
Business Contact
Verification requires the contact information from an end-business representative, not the ISV. Note: This is for verification only; Twilio will not contact the end-business user.
- Approved Examples: First Name: Henry; Last Name: Saul; Email: hsaul@twilio.solutions; Phone: 555-555-5555
- Rejected Examples: N/A or ISV contact details.
Notification Email
The email address used to receive the verification result notification.
- Approved Examples: notification@twilio.com
- Rejected Examples: N/A
Use Case
Select the use case that most accurately reflects your message content to assist reviewers in evaluating your campaign.
Use Cases
| Use Case | Description |
| TWO_FACTOR_AUTHENTICATION | Messages used to verify user identity via a one-time passcode. |
| ACCOUNT_NOTIFICATIONS | Messages notifying users about account activities or updates. |
| CUSTOMER_CARE | Messages for customer support, inquiries, and issue resolution. |
| CHARITY_NONPROFIT | Messages sent by registered charities or non-profit organizations. |
| DELIVERY_NOTIFICATIONS | Notifications regarding the status or arrival of a delivery. |
| FRAUD_ALERT_MESSAGING | Alerts to users about potential fraudulent activity on their account. |
| EVENTS | Messages related to events, such as RSVPs, reminders, and updates. |
| HIGHER_EDUCATION | Messages sent by higher education institutions to students and staff. |
| K12 | Messages sent by K-12 schools to parents, students, and staff. |
| MARKETING | Promotional messages, offers, and advertisements to customers. |
| POLLING_AND_VOTING_NON_POLITICAL | Messages for conducting non-political polls, surveys, or voting. |
| POLITICAL_ELECTION_CAMPAIGNS | Messages related to political campaigns, elections, and voting. |
| PUBLIC_SERVICE_ANNOUNCEMENT | Informational messages for public safety or general awareness. |
| SECURITY_ALERT | Critical alerts regarding security breaches or safety concerns. |
Use Case Summary
Depending on the Use Case Category selected, please provide a comprehensive description of how your messaging content will be sent and exactly how these phone numbers will be used. As a best practice, the more detailed your description is, the higher the likelihood of a smooth approval. For example, if your category is marketing, explain your promotional content approach; for account notifications, outline how critical updates are delivered; and for appointment reminders, detail exactly how users are notified about upcoming bookings. Ultimately, ensure each category is clearly described and carefully tailored to your specific audience.
Note: If multiple Use Cases are selected (e.g., Marketing, 2FA, Account Notifications), both a unique description and its unique corresponding opt-in flow and sample message must be provided for each category. Since there is only one Opt-In field on the submission form, if you have multiple opt-in flows, you must compile all screenshots into a single document (like a PDF or Word Doc), host it on a public sharing link (e.g., Google Drive), and submit that single URL.
- Approved Examples: We send automated account security alerts and 2FA codes to registered users. Users opt-in via our mobile app during the account creation process.
- Rejected Examples: Sending alerts to users.
Message Volumes
To facilitate the verification review, you must provide an estimate of the monthly message volume for the toll-free number.
- Projection Requirement: Choose the closest value based on your current volume. If you anticipate growth, select the estimated volume for where you expect to be in 6 months.
- Approved Value Increments: Please select the number closest to your volume from the following list: 10; 100; 1,000; 10,000; 100,000; 250,000; 500,000; 750,000; 1,000,000; 5,000,000; or 10,000,000+.
Additional Details Field
Use this field to provide essential context that can influence the review outcome but is not covered in standard fields. This field helps the Verification Ops team understand unique scenarios and may accelerate approval.
Recommended use cases include:
- Workflow Clarification: Explain complex or non-obvious opt-in flows.
- Data Mismatches: Clarify discrepancies in End Business information, such as email or business details.
- Volume Justification: Provide reasoning when requesting more than 5 numbers (e.g., expected traffic distribution).
- Risk Context: Provide background for business models that may appear higher-risk.
- Program Clarification: Explain cases where the opt-in touches on messaging types (e.g., Informational vs. Promotional) that are managed by different programs to avoid confusion during review.
- Verification Context: Include instructions for reproducing your opt-in flow or clarifications regarding Business Registration Numbers (BRN) vs. Doing Business As (DBA) names.
- Verbal Opt-In Scripts: Include scripts used for verbal consent collection.
2: Call-To-Action (CTA) & Opt-In Consent
The opt-in method is a critical component of registration. Senders must provide a functional URL to the specific site where phone numbers are collected. The toll-free verification team will attempt to validate all web opt-in paths to ensure no forced enrollment exists. If the Call-to-Action (CTA) is not yet live, screenshots from the workflow are allowed as evidence, provided they clearly demonstrate the full compliance criteria.
The Call-To-Action (CTA)
A Call-to-Action (CTA) ensures consumers understand the program before consenting. It is typically language that will invite, encourage, or instruct a user to opt into the messaging program. The CTA must be clear, unambiguous, and include the following compliance elements:
| Compliance Element | Requirement/Detail |
| Business name | Identify the business sending messages |
| Message purpose/type | Marketing, promotional, informational, 2fa, etc. |
| Message frequency | Example: “Message frequency varies,” “1 msg per request,” “4 msgs/month” |
| Pricing disclaimer | “Message and data rates may apply.” |
| Opt-out instructions | “Reply STOP to opt out.” |
| Help instructions | “Reply HELP for help.” |
| Terms & Privacy links | Accessible links required for both Terms & Privacy Policy |
| Separate Consent | Messaging consent must be independent and separate from other distinct use cases, services, and messaging channels (e.g., email). |
Template: Compliant Call-to-Action (CTA)
By checking this box and submitting this form, you consent to receive recurring [message type or purpose] text messages from [Business Name] at the mobile number provided. Message frequency varies. Message and data rates may apply. Reply HELP for help or STOP to opt out. Read our full [Terms of Service link] and [Privacy Policy link].
See Part 6: Visual Opt-In Examples and Layouts for examples of compliant Call-to-Action (CTA) placement and formatting.
Getting Consent Right
Industry guidelines categorize compliance and consent into three levels based on message type:
| Consent Level | Message Type | Requirement & Scope | How Consent is Collected | Real-World Examples |
| Implied | Conversational | Customer initiates contact. Permits direct responses only; no proactive messaging. | Consumer texts in a question to the business. |
Compliant: User asks: "Are you open?" Reply: "Yes, until 8 PM."
|
| Express | Transactional & Informational | Customer provides number for notifications (updates/reminders). No marketing. | Provided prior to messaging via digital, physical, or verbal channels. |
Compliant: User enters number for shipping notifications.
|
| Express Written | Marketing & Promotional | Affirmative opt-in required for sales content. | Intentional, affirmative action indicating written agreement (account toggle). |
Compliant: User clicks an optional, blank box for text offers.
|
Opt-In Types
Twilio allows you to select from 5 opt-in types when creating your verification. Choose the method that best matches your customer's signup experience:
| Opt-In Type | Submission Requirement |
| Verbal | Provide the sample verbal consent collection and script in a document. |
| Web Form | Provide the link to the direct opt-in page. (Note: Only include the phone number opt-in page; email opt-in is not acceptable). |
| Paper Form | Provide the physical form. (Scanned copy is acceptable). |
| Via Text | Describe the keyword campaign (what the keyword is, where it's found) in a document. Screenshots/pictures are best. |
| Mobile/QR Code | Provide a document including the QR code image. |
Note: For visual references of compliant layouts for each of these types, see Part 6: Visual Opt-In Examples and Layouts.
Opt-In Image URLs
Consent is a cornerstone of A2P messaging. When providing your Opt-In Image URL, clearly demonstrate how an end-user provides consent. The URL must be publicly accessible (no logins/password-protected pages).
Submission Guidelines:
- Be Detailed: The more detail provided, the easier it is for the Verification Ops team to validate your process.
- Direct Links: Links must direct exactly to the sign-up page or hosted image/document.
| Status | Examples | Guideline Notes |
| Approved | Direct URL to sign-up; publicly accessible image/screenshot of opt-in; hosted document of opt-in process; detailed description of keyword campaign (e.g., 'Keyword: Shoes...'). | Direct, publicly accessible links required. |
| Rejected | Links behind login/password; broken URLs; vague documentation (e.g., 'Customer receives a text of a point of sale receipt' without demonstrating consent). | Avoid vague descriptions and restricted access. |
Consent Applies Per Campaign Use Case
Consent is specific to each campaign / use case that is being supported in the verification. For example if you are opting in for transactional updates does not authorize the brand to send marketing traffic. Senders must collect separate consent for different message categories. Consent is non-transferable and must not be hidden within general terms.
Consent Must Be Optional
Consent needs to be completely optional because carrier compliance standards and consumer protection principles dictate that consumers must maintain explicit control over the messages they receive. If a business conditions access to core services on opting into text streams, it completely removes the user's voluntary choice, forcing them to accept automated messages they may not want.
Forced consent occurs when a business makes opting into text messages a mandatory condition for completing an action. If users are blocked from checking out, finalizing a purchase, creating an account, or accessing primary platform features until they agree to receive automated messages, the campaign registration will be rejected. This rule applies to all use cases—including transactional alerts, customer care updates, and promotional marketing templates alike.
Common opt-in compliance rejections generally fall into a few specific categories, most notably required phone number fields that lack proper disclosure and pre-checked consent boxes. To ensure your submission is approved, please avoid these practices; industry guidelines stipulate that consent must be completely optional and actively selected by the consumer.
Required Phone Number Field
When the phone number field is required on a form and you have an express consent flow this pushes a consumer to be forced into messaging to proceed with the form. When a form's primary purpose is a transaction, SMS enrollment cannot be forced.
Must Agree To Messaging To Proceed
Forms must never block consumers from completing account creation or submitting a request unless they agree to receive text messages. Consenting to a messaging program must always be a completely optional, independent choice, and cannot be made a mandatory condition for accessing your services.
Pre-Checked Consent Boxes
To ensure compliance and avoid an immediate rejection, messaging consent must be kept entirely separate from general terms of service, privacy policies, or other standard sign-up agreements. All consent controls, such as checkboxes or toggles, must be blank or turned off by default, requiring the user to take an active step to opt in.
Dedicated SMS Consent Forms
When a form is dedicated exclusively to subscribing to a text messaging program, it is not considered forced consent. This is because the sole purpose of the form is made unmistakably clear to the user, a standalone SMS consent checkbox may not be required. The necessity of a separate checkbox depends entirely on the overall intent of the form and how the phone number is collected; if enrolling in the messaging program is the single function of the submission, completing the form itself serves as the direct act of express consent.
Scenario A: Standalone Sign-Up Forms (No Checkbox Needed)
If a webpage or form is dedicated exclusively to enrolling users in your SMS program, a separate consent checkbox is typically not required.
- How it works: The user enters their mobile number and submits the form specifically to join your text messaging list.
- Why it’s allowed: Because the sole purpose of the form is SMS enrollment, the direct act of providing a phone number and hitting submit serves as a clear, unambiguous step to opt in.
Scenario B: Integrated Forms (Checkbox Required)
If SMS enrollment is embedded within a broader transaction or service flow, such as account registration, checkout, appointment scheduling, or general contact forms, a separate, standalone SMS consent checkbox is strictly required.
- How it works: Joining the SMS program must be entirely optional. The consent checkbox or toggle must be blank (turned off) by default, requiring the user to actively check it to opt in.
- Why it’s required: Users must be able to complete the primary action of the form (like creating an account or placing an order) without being forced to sign up for text messages.
Consent Cannot Be Collected by Deceptive Means
Your opt-in path must be completely transparent. Hiding text disclosures or tricking users into enrolling will cause your registration to fail. Reviewers strictly watch for these three deceptive practices:
- Hiding the Rules (Obscured Disclosures): You cannot use tiny fonts, low-contrast text colors, or bury your SMS disclaimers deep at the bottom of the page to hide the fact that you are collecting phone numbers for texting.
- Combining Opt In (Consent Bundling): You cannot link an email signup and an SMS signup together. If a user only wants to register for your email newsletter, you cannot force them to subscribe to text messages at the same time. They must be allowed to opt into email independently.
- Silently Enrolling Users (No Clear Call-to-Action): You cannot automatically add someone to an automated texting loop just because they typed their phone number into a basic contact form. Collecting a phone number without a clear, prominent label explicitly stating it will be used for text messaging is strictly prohibited and results in an immediate rejection.
Providing Proof When Opt-In Isn't Publicly Visible
For opt-ins occurring in secure or offline environments, please provide a publicly accessible link demonstrating your consent flow, whether it involves paper forms, verbal scripts, or internal dashboards. To do this, host a screenshot of the form or script on a public file-sharing platform (such as Google Drive or OneDrive), ensuring the sharing permissions are set to "Anyone with the link can view." Once generated, paste that URL directly into the Opt-In field.
- Within secure environments, such as behind a login or dashboard.
- On physical paper intake forms.
- Via verbal scripts (e.g., IVR or agent scripts).
- Within internal mobile app flows.
Terms Of Service Standards
Upon submission, verifications must be accompanied by a Privacy Policy and Terms of Service that comply with industry standards. Submitting both URLs is mandatory.
Important: The Privacy Policy and Terms of Service submitted in your verification request must match the versions presented to consumers at the point of opt-in. What is displayed on your Call-to-Action (CTA) is what is expected in these fields. If the submitted URLs differ from those accessible on your opt-in page, your verification will be rejected. We must be able to verify where the Terms of Service and Privacy Policy are hosted for the specific program being registered.
Effective September 15, 2026: These fields are mandatory inputs for your verification submission.
Note: The provided Privacy Policy and Terms and Conditions URLs must be publicly accessible, specifically relevant to the business being verified, and consistent with the documents presented to the end consumer.
Terms of Service SMS Program DisclosuresTerms must be visible or accessible via a link near the Call-to-Action (CTA).
The following criteria should generally include:
- Program or Business Name: Clearly identify the specific business identity responsible for dispatching the text messages.
- Message Frequency Disclosure: Explicitly outline how often the subscriber will receive text alerts (this element is not required for single-message transaction programs).
- Product Description: Provide a clear summary detailing the exact type of text traffic being generated (e.g., account system updates, delivery updates, or retail promotional offers).
- Customer Care Contact Information: Provide working support pathways where users can reach customer care helper teams directly (e.g., a customer care email address or telephone support line).
- Opt-Out Information: Explicitly state the cancellation keyword parameters instructions (such as standard wireless keywords like STOP).
- "Message and data rates may apply" disclosure: Senders must feature this exact boilerplate phrase verbatim. Note: For automated SMS responses where character limits are strict, abbreviations like 'Msg & data rates may apply' are acceptable.
- Carrier Liability Disclosure: State that Wireless carriers are not liable for delayed or undelivered messages.
- Proximity of Legal Links: Direct text links labeled explicitly as Terms of Service and Privacy Policy must be placed within close proximity of the Call-to-Action (CTA)/opt-in section. Hiding these links inside separate pop-up windows, dropdowns, or far away from the phone collection field is not permitted.
Example SMS Terms of Service
By providing your mobile phone number and enrolling in the [Program Name] program, you agree to receive recurring [Message Type] text messages from [Business Name]. Message frequency varies. Message and data rates may apply. Reply STOP to cancel or HELP for help. For additional assistance, contact [Customer Care Email Address] or [Customer Care Phone Number]. Wireless carriers are not liable for delayed or undelivered messages. Participation in this program is subject to our [Privacy Policy] and [Terms of Service].
See Part 6: Visual Opt-In Examples and Layouts for examples of how to properly position legal links near your opt-in form.
Privacy Policy Requirement
Message Senders are responsible for protecting consumer information and complying with applicable privacy laws. You must maintain a privacy policy for all programs and make it easily accessible from the initial call-to-action (CTA). When a privacy policy link is displayed, it must be labeled clearly and provide up-to-date, accurate information about program details and functionality.
- Restrictions on Mobile Opt-In Data Sharing:
Selling, renting, transferring, or sharing consumer opt-in consent is strictly prohibited. Message Senders must not use opt-in lists that have been rented, sold, transferred, or shared to send messages.
- The Non-Sharing Clause:
If your privacy policy mentions data sharing in any capacity, you must include the following verbatim clause within the privacy policy associated with the business's messaging program:
"All the above categories exclude text messaging originator opt-in data and consent; this information won’t be shared with any third parties."
3: Production Message Samples
Submit 2–5 unique sample messages that accurately demonstrate the content your customers will receive. Ensure each sample strictly aligns with the use case description provided in your submission. You must provide a unique sample message for every selected use case.
Submission Format Instructions
The system requires specific formatting for processing. Use the structure below, ensuring each use case starts on a new line.
Format:
USE CASE: Your sample message here with [Variable].
Example:
TWO-FACTOR AUTHENTICATION: [Your Business]: Your login code is [1234].
MARKETING: [Your Business] Hello [Name], view our deals at https://yourbusiness.com/deals.
Note: Ensure the Use Case label is in ALL CAPS followed by a colon. Keep brackets only for dynamic variables.
Tips For Strong Sample Messages
- Use brackets for variables: Show your dynamic content parameters clearly using closed brackets (e.g., [Name], [1234], or [Date]). Please do not submit raw developer script or database code.
- Include your business name: Natively insert your registered business name or plain corporate moniker—ideally within the first few characters of the text—so it is immediately clear who is sending the message.
- Show full domain structures: If your messages include links, your sample templates must show the exact full domain name (e.g., https://yourbusiness.com/status). Avoid using vague placeholders like [link] or [URL], as reviewers need to see an auditable domain footprint.
- Add opt-out language: You must include a functioning, explicit exit phrase (e.g., "Reply STOP to unsubscribe" or "Text STOP to cancel") in at least one submitted sample template block.
Sample Message Matrix
| Use Case | Compliant Example ('This works') | Non-Compliant Example ('This doesn't') |
|---|---|---|
| Two-Factor Authentication | [Your Business]: Your verification login code is [1234]. This code expires in 5 minutes. | Your login code is 8842. (Fails: Missing business name and opt-out language). |
| Order Tracking | [Your Business] Alerts: Your order #[123] has shipped! Track it here: https://yourbusiness.com/track. Reply STOP to opt out. | Your package has shipped. Track it here: bit.ly/track99. (Fails: Uses public URL shortener, missing business name, and opt-out language). |
| Promotional Marketing | [Your Business] Flash sale! Hello [Name], use code DEV20 at checkout for 20% off. View details: https://yourbusiness.com/deals. Reply STOP to cancel. | Flash Sale! Click here for 50% off: bit.ly/123xyz. (Fails: Uses public URL shortener, missing business name, and opt-out instructions). |
Core Industry Sample Message Templates
Two-Factor Authentication (2FA) / One-Time Passwords (OTP)
- Sample Message: [Your Business] Security: Your verification login code is [1234]. This code expires in 5 minutes. Please do not share this code with anyone. Reply STOP to cancel.
Account Notifications
- Sample Message: [Your Business] Notification: Hello [Name], your monthly usage statement for [Date] is now available for review online. View statement balance details here: https://yourbusiness.com/billing. Reply STOP to opt out.
Promotional Marketing
- Sample Message: [Your Business]: Developer Perks! Hello [Name], enjoy 15% off your entire online upgrade purchase today using promotional coupon code CODE15 at checkout: https://yourbusiness.com/shop. Reply STOP to unsubscribe.
4 Keywords & Automated Responses
To ensure full compliance with network rules, automated handset replies must meet strict criteria before being approved. Senders can use the evaluation matrix below to cross-audit each message type against carrier-mandated elements:
Opt-In & Confirmation Message
Required if managing opt-in manually.
- Keywords: START, OPTIN, UNSTOP, IN, YES
Required for all recurring campaigns. Must include:
- Brand Name or Program Name
- "Message and data rates may apply"
- Help contact info
- Opt-out instructions
- Frequency disclosure (e.g. "Message frequency varies")
| Field | What's Required | Example |
| Opt-In Confirmation | Must include: Business Name/Program Name, "Message and data rates may apply", Help contact info, Opt-out instructions, and Frequency disclosure. | "Welcome to {Business Name}! You'll receive up to {Frequency} msgs/month. Msg & data rates may apply. Reply HELP for help, STOP to cancel." |
Opt-Out Keywords & Message
Required if managing opt-outs manually.
- Keywords: STOP, UNSUBSCRIBE, END, QUIT, HALT (max 255 chars).
- Message: Must acknowledge the request, state your brand name, and confirm no more messages will be sent.
| Field | What's Required | Example |
| Opt-Out Message | Acknowledge request, state brand, confirm no further messages. | "You are unsubscribed from {Business Name} {Description} Alerts. No more messages will be sent. Reply HELP for help or {toll free number}." |
Help Keywords & Message
Required if managing help messages manually.
- Keywords: HELP, INFO, SUPPORT (max 255 chars).
- Message: Provide support options (email, website, or phone) and include your brand name.
| Field | What's Required | Example |
| Help Message | Provide a way to get support. | "{Business Name} {Description} Alerts: Help at {source of help #1} or {toll free number}. Msg & data rates may apply. {Message frequency}. Text STOP to cancel." |
5: Data Consistency & Specialized Programs
Before submitting your application details, have your team verify that your registration profile completely clears these critical consistency and data integrity metrics.
Make Sure Your Data Matches Up
Data consistency is essential for approval. Reviewers will verify the following metrics:
- Email Domain: Corporate businesses must show matching corporate email domains (name@yourbusiness.com). Submitting corporate business information via free, public provider endpoints like @gmail.com or @yahoo.com may trigger an automatic systemic fraud hold.
- Website Status Check: Senders must provide a live website link that loads completely and displays clear paths to legal information. Parked domains, dead pages throwing server timeout failures, or landing sites featuring generic "Under Construction" template designs result in immediate rejection.
- No Third-Party Redirects: All web paths nested inside message templates must point directly to root domains natively owned by the registered corporate entity. Shortened tracking loops or masking redirects are not permitted.
- Toll-Free Number Limits: Up to 5 numbers is the standard limit for an entity. Requests exceeding 5 numbers for the same business name require a 'Multi-Line Request Justification' in the additional information field. Failure to document this justification will result in batch rejection.
Specialized Program Requirements
Certain interaction use cases involve strict programmatic guidelines to prevent automated carrier route blockages:
Robust Age-Gated Verification
For the services that require an age-gated process as part of the CTA, the collection form must implement an electronic age gate forcing a manual MM/DD/YYYY input, or verify via double opt-in. Simple confirmation indicators like "I am over 21" are insufficient for a robust age-gate. If your content is age-gated (e.g., 18+), you must set the Age Gated Content field to true; otherwise, set this field to false.
See Part 6: Visual Opt-In Flow Examples and Layouts for an example of an age gate.See Part 6: Visual Opt-In Examples and Layouts, image 10 for an example of a compliant age gate.
Political Messaging Programs
- Campaign Verify Token Requirement: 527 tax-exempt political organizations must provide a valid Campaign Verify (CV) token. The token must be issued specifically for Toll-Free messaging; tokens generated for Short Code, 10DLC, RCS, or other channels are invalid.
- Governing Authority Alignment: Campaigns should be registered with the Federal Election Commission (FEC) or the applicable local, state, or tribal election governing authority.
- Dedicated Lines Mandatory: Programs must utilize a dedicated Toll-Free number associated with a single political organization, committee, party, or candidate. Sharing or pooling numbers across multiple political entities is prohibited.
- Data Sharing Prohibition: Subscriber data and opt-in consent must not be shared, rented, or traded with other campaigns, political committees, or "likeminded" political causes. Consent applies strictly to the single entity that collected it.
Consumer-Initiated Viral Messaging
Consumer-initiated viral messaging (e.g., gift card delivery, app invitations, referral programs, or “share with a friend” features) occurs when an individual consumer directs a one-time message to a specific recipient. Because the consumer—not the business—initiates the message, you must adhere to the following compliance standards:
Core Requirements
- Consumer-Driven & Manual: Messaging must be initiated entirely by the consumer. They must individually identify and select each recipient. Mass contact imports, address book uploads, and "Invite All" buttons are strictly prohibited.
- Prior Recipient Consent: The platform must require the consumer to affirmatively verify that they have obtained the recipient’s prior consent before the message is sent on their behalf.
- One-Time Limitation: Outreach is strictly limited to a single, one-time message. This use case cannot be used for recurring outreach, automated follow-ups, or enrolling recipients into ongoing messaging programs.
- Clear Identity & Purpose: The message must clearly identify the consumer sending the invitation and explicitly state the purpose, ensuring the recipient understands why they received it.
- Mandatory Disclosures & Opt-Outs: The opt-in screen must display message frequency, data rate disclaimers, HELP instructions, and links to your Privacy Policy and Terms of Service. Senders must include a functional STOP mechanism inside the text message string and immediately honor all opt-out requests.
- Zero-Incentive Policy: To ensure messaging remains voluntary, consumers cannot receive compensation, rewards, discounts, credits, or referral bonuses in exchange for sending invitations.
Production Message Example
"Jane Smith sent you a $50 Twilio Gift Card. Hope you enjoy this gift card! Redeem: [link]. One-time message sent at Jane Smith’s request. Reply STOP to opt out."
Important: A viral message invitation does not constitute consent for recurring communication. Receiving an invitation does not authorize future informational or marketing texts; direct, independent consent must be obtained before enrolling a recipient in any recurring program.See Part 6: Visual Opt-In Examples and Layouts (Example #16) for a compliant visual reference.
Abandoned Shopping Cart Notifications (ASCN) Submissions
For abandoned cart reminder programs require the following compliance measures:Consent & Disclosures: Shopping cart reminders must be explicitly disclosed within the program description, user-facing Call-to-Action (CTA), and SMS Terms of Service. A text-based double opt-in confirmation is required before any shopping cart reminder messages can be sent. An alternative allowed method is the mobile deep link opt-in, which is also considered a double opt-in.
- Privacy & Tracking: Your corporate Privacy Policy must clearly detail how shopping cart abandonment and web activity are tracked (e.g., via cookies or website activity tracking plugins).
-
Message Constraints:
- Limit to exactly one reminder per unique abandoned cart event.
- Send the automated alert strictly within 48 hours of the cart abandonment event.
- Direct links must point directly to the merchant’s website, online storefront, or standard e-commerce checkout experience.
- Purchases must not be completed directly through SMS keyword responses, dollar amount replies, text form submissions, or any other message-based payment collection methods
See Part 6: Visual Opt-In Examples and Layouts, image 12 for an example of this method.
Charitable Organization Programs
Charitable organizations may utilize Toll-Free messaging to communicate with supporters, coordinate volunteers, promote fundraising, distribute event details, and send organizational updates.
-
Eligibility & Privacy Requirements:
- Tax Status: Organizations should qualify as a tax-exempt charitable organization under Section 501(c)(3) of the Internal Revenue Code.
- Accreditation: Senders should maintain accreditation from an independent nonprofit evaluation entity (e.g., Charity Navigator or BBB Wise Giving Alliance).
- Consent Separation: Separate explicit consent must be obtained before sending recurring fundraising messages following a one-time donation.
- Data Sharing Prohibition: Mobile numbers and opt-in consent data are strictly non-transferable. Senders are prohibited from sharing, renting, or leasing subscriber lists with any other third party, nonprofit, or "likeminded" charitable organization.
Fundraising & Donation Campaigns
The following rules apply to political, charitable, and all other approved programs that solicit donations through SMS.
Donation Collection Requirements:
- Mandatory Disclosures: Fundraising and donation opportunities must be explicitly disclosed in the program description, Call-to-Action (CTA), SMS Terms of Service, and the opt-in confirmation message.
- Payment Restrictions: Donations must not be collected, authorized, or completed via SMS keyword responses, dollar amount replies, or other text-based payment methods.
- Secure Redirection: Messages must direct supporters to an external, secure HTTPS donation webpage or approved checkout experience to complete their contribution.
Use Cases That Aren't Allowed
Certain message content types are completely blocked on Toll-Free numbers by carrier filters, regardless of your opt-in consent parameters. Senders are responsible for ensuring their industry vertical is permitted prior to verification submission. Refer to our Help Article on Forbidden Message Categories in the US and Canada for more information.
For more details about industry network parameters, see the CTIA Messaging Monitoring Program Handbook and the CTIA Messaging Principles and Practices on industry guidelines for the USA and Canada.
Need more help? If your campaign gets rejected, our Toll-Free Campaign Rejection FAQ explains common rejection reasons and walks you through the resubmission process
6: Visual Opt-In Examples
The following opt-in examples illustrate common compliant visual structures for Call-To-Action elements to help meet regulatory audits. Please note that these represent standard use-case flows and do not cover every possible example.