Looking to make sure your business is TCPA compliant with text messaging?
This guide covers everything you need to know about TCPA regulations for opt-ins and opt-outs.
Here are the details at a glance:
- Consent: You must obtain express consent from recipients before sending messages
- Opt-out: You must provide recipients with a way to opt out of your messages
- Texting hours: You must only message recipients between 8 a.m. and 9 p.m. in their time zone
- Business name: You must include your business name in all text messages
- Do not contact: You must honor opt-outs and remove people from your list if requested
We dive into each of these points in more detail below.
We also share eight TCPA-compliant text message examples you can use to get started at the bottom of our guide.
TCPA requirements for SMS checklist
Before diving into the TCPA details, let’s start by defining our terms.
The TCPA stands for the Telephone Consumer Protection Act. This law passed in the United States to protect consumers from unethical telemarketing calls. But now that 47% of all businesses use SMS to communicate with customers, it applies to business text messaging as well.
So what rules do you need to follow for TCPA-compliant text messages? And how can you help customers opt in and out effectively?
You must:
- Get consent and keep records for at least five years
- Communicate during business hours
- Include your business name in messages
Let’s break it down.
1. Get consent to send texts
The TCPA says you need ‘prior express written consent’ before sending texts to recipients. This means you need to store solid records of SMS consent in case a dispute arises. You may also want to create a system for double opt-ins — we’ll cover this in the section below.
Keep in mind you can’t buy, sell, or trade recipient consent. It’s illegal to purchase phone numbers from a third-party provider. Plus, your recipients need to know exactly what they’re consenting to. This means they can read your terms and conditions and privacy policy before consenting to messages.
You can get clear written consent from customers through:
- Digital forms: This could be an online form on your site. Or, if you have access to shortcodes, you can get them to opt in by texting a keyword like YES.
- Paper forms: This could be a sign-up sheet passed out during an event. You need to store these papers in a secure location for future reference, especially in case legal disputes come up.
And don’t forget: recipients must always have a way to opt out of your messages if they no longer want your texts.
2. Use compliant opt-in form language
Here’s an example of complete opt-in language:
By checking this box, you consent to receive marketing text messages from [business name] at the number provided. Consent is not a condition of purchase. Message frequency varies. Message and data rates may apply. Reply STOP to cancel. View our [terms] and [privacy policy].
Notice how it includes all the required elements:
- States that consent isn’t a condition of purchase
- States the types of messages the recipient will receive
- Links out to terms and conditions and privacy policy pages
- Shares frequency of texts
- Includes ‘message and data rates may apply’
- Includes business name
- Explains how to opt out
Finally, make sure the checkbox isn’t pre-selected — users need to actively opt in.
3. Only communicate during business hours
The TCPA states it’s illegal to talk with customers outside of business hours, which they define between 8 a.m. and 9 p.m. This means if you send text messages outside of these hours, you risk TCPA violations.
With Quo, formerly OpenPhone, you can schedule texts to go out in the time zone of your recipient. No need to to wait around for the perfect moment to press send.
4. Include your business name in initial messages
The first message you send to recipients should include your business name so customers can immediately tell who’s on the other end. You can also include your personal name.
Here’s an example of this in action:
Hey [name], this is [your name] from [business]. We’re looking forward to seeing you on [date/time] for your appointment. To stop receiving messages from us, type ENDALL.
Keep in mind you don’t need to reintroduce yourself if you’re sending a follow-up message in the same conversation. If it’s been a few weeks or you’re switching conversations, you need to re-disclose your name to stay compliant.
5. Give customers a way to opt out
Making it easy for customers to opt out isn’t just good practice — it’s required by law. As of April 11, 2025, businesses must honor opt-outs within 10 business days, according to the Federal Communications Commission.
Once someone opts out, the FCC allows you to send one final confirmation message acknowledging their request. Quo automatically sends an opt-out confirmation when someone unsubscribes and maintains your do-not-contact list for you.
6. Respect the National Do Not Call Registry
The DNC is a federal list where people can sign up to avoid telemarketing calls and texts. You can’t send marketing messages to anyone on this registry — unless they’ve given you express written consent, which overrides their registry listing.
CTIA best practices for SMS marketing
Getting consent for business text messaging is a serious matter of consumer privacy. That’s why the Cellular Telecommunications Industry Association, a trade association associated with the large US cell carriers, requires double opt-in to err on the side of caution.
Although the CTIA isn’t a legal entity controlled by the FCC, they still have some legal sway. If they catch you violating their guidelines, they can report you to their member carriers. The carriers can then suspend your access to their networks and by extension, their customers.
The TCPA doesn’t require double opt-in for recurring texts, but the CTIA does. For this reason, we recommend you cover your bases with a double opt-in confirmation text for any marketing-related texts.
Double opt-in means exactly what you think it does: getting consent from customers twice in a row. This means even if recipients offer consent by submitting their phone number, you still need to ask them for consent again and reconfirm their preferences in the first text message you send.
This confirmation text must include:
- A way for recipients to imply consent, like ‘text YES to opt into messages’
- A description of the messages you’re going to send so recipients know what they’re opting into — like text marketing campaigns or messages for informational purposes
- How often you expect to message the recipient, like once per month or twice per week
- The phone number or shortcode customers can use to get help, like ‘reply HELP for more information’
- Clear opt-out instructions when recipients no longer want to receive messages, like ‘to stop receiving messages, reply STOP’
We provide a few examples of compliant texts later on in this guide.
TCPA exceptions for express written consent
Opt-in consent and implied consent are normally the only two methods of sending TCPA-compliant texts. However, there are a few exceptions depending on your industry.
Businesses in these industries can send the following messages without express recipient consent:
- Financial organizations can send account or security updates to members
- Healthcare companies can send instructions for post-operative care or lab results
- Pharmacies can send notifications regarding subscription fulfillment and availability
- Utility companies can send updates regarding outages, upgrades, or maintenance services
- Educational institutions can send information about closures, absences, and health risks
As you can see, texts sent for emergency purposes don’t always follow the TCPA’s guidelines for consent. However, the CTIA still recommends gaining consent and honoring opt-outs for informational texts like appointment confirmations.
Implied consent explained for conversational text messages
In most cases, recipients need to provide you with express written consent before you send any text messages. However, if you’re a small business sending conversational texts, this may not be necessary for TCPA compliance.
Let’s break it down:
- Conversational text messages: Two-way text conversations where the customer is the first person to initiate contact. For example, if you lease apartments and text back and forth with your tenants, you’re engaging in conversational text messaging.
- Implied consent: Your customer messaged you first, which means they want to receive a text back from you. This means you have implied consent and can reply to their message with relevant information.
You also have implied consent if there’s a preexisting relationship between your business and a recipient. If a customer purchased something from you before, for example, you have a preexisting relationship and thereby implied consent.
To summarize: If a recipient texts your business first requesting information, you have enough implied consent to respond without additional verbal or written permission.
Just keep in mind your responses must be relevant to the conversation. You can’t start upselling your products if the customer only wants to know about your business hours, for example.
Consequences of not following TCPA compliance rules
What happens if you don’t follow TCPA guidelines? Depending on the severity of your violation, you may have to pay hundreds or more in fines. The TCPA provides for statutory damages of up to $500-$1,500 per violation — for each unsolicited call or text message.
These penalties can add up quickly. In 2013, Steve Madden settled a class action lawsuit for up to $10 million after sending promotional texts to over 200,000 customers without proper consent.
The bottom line? TCPA texting guidelines aren’t just business texting etiquette — they’re a cornerstone of texting compliance that comes with serious consequences.
As you’ve read, one-to-one conversations are much easier to manage and rarely run the risk of violations. But for organizations sending SMS marketing campaigns, the consequences can be much harder to avoid.
If you don’t focus on double opt-ins or honor your recipient’s opt-out requests, you may be risking multi-year lawsuits and fines costing millions of dollars.
8 examples of TCPA-compliant opt-in scripts
What’s the best way to encourage customers to sign up for your text messages? Using a compliant opt-in script to help recipients make an informed decision.
Below are some TCPA-compliant SMS opt-in examples you can adopt for your own company.
- Hi [name], thanks for visiting our store and signing up for messages. If you would like to receive coupons and promotional texts, reply YES. Replying STOP opts out of all messages.
- [Business name]: Thanks for being a loyal customer. Reply YES to receive monthly coupons, four messages per month. Send HELP for help. Send STOP to opt out.
- Thanks for contacting [business name]! Reply YES if you consent to receiving text messages from us. You can opt out of all text messages by submitting STOP MSG.
- You indicated you would like to receive appointment reminders and informational texts from [business name]. To opt in, reply YES. To opt out, reply END.
- Thanks for signing up for [business name] messages. By texting YES, you agree to receive four messages per month with exclusive discounts. Find our terms and privacy policy at [link]. Unsubscribe with STOP.
- Reply YES to receive updates and messages from [business name]. Reply STOP to cancel, and HELP for help.
- By submitting YES, you are consenting to receive marketing messages from [business name]. Reply STOP to unsubscribe and HELP for more information.
- Nice to meet you, [name]! By replying YES, you’re indicating you want to receive two-way text messages from our team. You can opt out at any time by sending STOP.
Remember: The first message you send to a customer must contain opt-out information. And don’t forget to send along disclaimers about the type of messages you plan to send and how often you plan to send them.
For more information on putting together a compliant opt-in form, check out our guides covering templates for consent to receive text messages and SMS privacy policy template.
TCPA-compliant opt out example texts
Customers should be able to withdraw their consent for text messages by opting out at any time. You can do this in several ways. The easiest and most popular is by letting customers text STOP, QUIT, UNSUBSCRIBE, CANCEL, or something similar to end messaging immediately.
Based on guidelines from the TCPA and CTIA, you also need to:
- Send opt-out instructions at least once per month
- Let recipients request more information about your campaign or business by texting HELP or something similar
You also should avoid generic link shorteners to send opt-out info or any other details. Instead, use branded links from a tool like Rebrandly so carriers don’t accidentally filter your messages.
Once a customer decides to opt out of your messages, you should send one final text to confirm you received their request.
Here are some scripts you can use to send compliant opt-out information:
- Don’t want to receive these messages from us? Reply STOP to end messages.
- To no longer receive communications from us, reply UNSUBSCRIBE.
- You may opt out of our message campaign anytime by replying END.
We’ve also collected some follow-up scripts you can use to let customers know you got their opt-out request:
- NAME, you’ve opted out of messages from COMPANY. To receive messages again in the future, reply START.
- Sorry to see you go, NAME! Thanks for being a valuable customer. You may resubscribe at any time by replying BEGIN.
- We have received your opt-out request. You will no longer receive messages from COMPANY. Send SUBSCRIBE to opt back into messages.
If you use Quo for business calling and texting, our platform automatically sends this text message when someone opts out:
You have successfully been unsubscribed. You will not receive any more messages from this number. Reply START to resubscribe.
Managing TCPA opt-in/opt-out consent at scale
It can be difficult to balance these rules and regulations as your business scales. This is especially true if you’re operating in multiple states or cities with different phone numbers.
This is where Quo’s platform really shines. Rated as the #1 business phone system for growing teams and enterprises, we’re on a mission to help you build better customer relationships and easily manage TCPA compliance for business calls and texts.
We can help with:
- Adding opt-in and opt-out disclosures to conversational text messages. You can store your favorite message templates as snippets to send compliant messages at a glance.
- Helping customers opt in or out of messages directly on their phones. We automatically share a message anytime a contact opts out or resubscribes on your behalf.
- Automating TCPA-compliant messages even when you’re not on the clock. You can easily manage compliance across specific touchpoints like delivery or appointment confirmations. Manage one-to-one messages with implied consent using built-in auto-replies.
- Scheduling texts during business hours so you can comply with specific TCPA requirements. With Quo, you can queue messages to go out between 8 a.m. and 9 p.m.
- Completing US carrier registration to lower the risk of mobile companies filtering your messages on their network, including major carriers like AT&T.
If you’re curious to see why thousands of businesses use Quo, you can sign up for a seven-day free trial to test the platform for yourself. Then, you can port in your existing number(s) to keep every customer touchpoint both legal and compliant.
FAQs
TCPA opt-in is when someone gives you written permission to send them marketing texts. This consent needs to clearly explain what they’re signing up for and let them know that agreeing isn’t required to buy anything from you.
No, TCPA doesn’t cover emails. They fall under the CAN-SPAM Act instead, which regulates spam emails.
The TCPA is a federal law with serious penalties. If you break it, you can be fined $500 to $1,500 for each violation and face lawsuits. The CTIA is an industry group that makes rules for wireless carriers. If you break their rules, the carriers might suspend your messaging service, but you won’t get sued.
You can’t text or call people on the National Do Not Call list, those who have opted out of your messages, or numbers that now belong to another caller. You also need permission in writing before sending marketing texts or making marketing calls with automation.
The FCC tried to pass a rule in 2023 that would’ve stopped comparison shopping websites and lead generators from getting one blanket consent to share your info with dozens of companies at once. Instead, you’d have to check individual boxes to agree to hear from each specific business
A federal court struck it down in January 2025 for overstepping the FCC’s authority. For now, businesses follow the standard TCPA consent rules that were in place before 2024.
