Industry Standards for opt-ins for US Short Codes

Per Twilio’s Acceptable Use Policy, your company is required to comply with wireless carrier compliance rules, industry standards, and all applicable laws, in the use of any Twilio-provided short code. One key compliance requirement is ensuring that the recipients of your text messages (your recipients) have expressly consented or “opted-in” to receiving text messages as part of your campaign. There are several ways that your recipients can opt-in to receiving messages from you as part of your text messaging campaign. In each case, however, your campaign’s opt-in message flow must meet compliance standards set by the law, industry standards, and wireless carriers. The industry compliance standards for US short code opt-ins can be found in the CTIA Short Code Monitoring Handbook. As a courtesy, we’ve outlined them below.  

Handset Opt-In

Use this for ending a text message from a mobile phone to a short code.

When a recipient signs up from a mobile handset, a double opt-in process is advised, but not required. The message flow might look like this:

Recipient: {Keyword}
Short code: Welcome to {Campaign Name} {Description} Alerts! Msg&data rates may apply.  {Message frequency} Reply HELP for help, STOP to cancel.

  • The “description” should be a single word to define the kind of alerts, e.g. “Account Alerts,” “News Alerts,” “Promo Alerts,” etc.
  • The message frequency must be specific, but can be any interval, for example: “1 message per day,” “4 messages per month,” “2 messages per transaction,” etc. If the message frequency will vary based on user interaction, “1 message/user request” is standard.

Non-Handset Opt-in

For asking to receive text messages and giving your mobile number to a website, mobile app, paper form, via verbal agreement, or otherwise opting in without using a handset.

When a recipient initially signs up by any means other than from a mobile handset, a double opt-in process may be used but is no longer required for recurring message programs.  The message flow might look like this:

(Recipient signs up without using mobile handset, and receives a text message from the short code asking to confirm opt-in)

Short code: Text YES to join {Campaign Name} {Description} Alerts. Msg&data rates may apply. {Message frequency} Reply HELP for help, STOP to cancel.
Short code: Welcome to {Campaign Name} {Description} Alerts! Msg&data rates may apply.  {Message frequency} Reply HELP for help, STOP to cancel.

Note: Rather than confirming opt-in with a text message keyword such as YES, recipients may confirm by entering a verification code online instead. Once the verification code has been entered, a compliant welcome message must be sent to the handset.

Opt-In Mockup Requirement

As of January 2019 the telecom providers are now requiring that all short code applications be submitted with a mockup showing where users are being advertised the short code service. This can be a mockup of a website, signage, or, in the case of verbal opt-ins, a script. Twilio will be unable to submit your application to the carriers without a valid opt-in mockup. Here are the required elements in a short code mockup:

  • Service description and name
    • Example: Sign up to receive shipping notifications from Twilio!
  • Fee disclosure
    • Example: Message and data rates may apply.
      • NOTE: In the US the above verbiage is required verbatim, carriers will not approve mockups that include the word "standard" as this implies the existence of premium rate messaging, which is no longer allowed in the US.
      • NOTE: In Canada the word "standard" must be included.
  • Frequency
    • Example: "One message per login", "Message frequency varies", "Three messages per delivery"
  • Customer care contact information
    • Example: "Reply HELP for help"
  • Opt out instructions
    • Example: "Reply STOP to opt out"
  • Link to Mobile Terms of Service
  • Link to Privacy Policy

Additional Requirements

While these guidelines are based on industry standards, we recommend that your review the full set of standards outlined in the CTIA Short Code Monitoring Handbook. Additionally, you should expect that your short code campaign will be audited at some point by a carrier or industry organization. In our experience, U.S. short code campaigns are typically audited for compliance with the CTIA Short Code Monitoring Handbook, but please note that each carrier reserves the right to suspend short code service for any user at any time, so compliance with the above guidelines is not a guarantee against suspension of service by a carrier.

In addition to wireless carrier compliance standards, there may be compliance requirements under U.S. law, including the Telephone Consumers Protection Act of 1991 (TCPA) or the Healthcare Insurance Portability and Accountability Act (HIPAA), depending on the nature of your text messaging campaign. These requirements may include things such as ensuring that the consent you receive from your recipients is in writing or ensuring that use of your services is not conditioned upon consenting to receive your text messages, or both. The specific legal compliance requirements will depend on the details of your text message campaign, and you should consult with your legal counsel to ensure that your text messaging campaign complies with the wireless carriers standards, industry standards, and with the law applicable to your campaign.

Have more questions? Submit a request
Powered by Zendesk