SMS opt-in compliance means obtaining explicit written consent from individuals before sending them marketing text messages. Under the Telephone Consumer Protection Act (TCPA), businesses must secure “prior express written consent” that clearly discloses what messages the subscriber will receive, how often, and how to opt out.
Failing to follow opt-in requirements can result in fines of $500 to $1,500 per unsolicited message, plus damage to your brand reputation. This guide covers everything you need to know about SMS consent: legal requirements, consent language templates, implementation best practices, and how to build lasting subscriber trust.
What is SMS Opt-In Compliance?
SMS opt-in compliance is the practice of obtaining documented permission from recipients before sending them text messages for marketing purposes. This consent must meet specific legal standards to protect both consumers and businesses.
Key components of valid opt-in consent:
- Written documentation - Consent must be recorded in writing (digital signatures, web forms, or text keyword responses qualify)
- Clear disclosure - Recipients must understand they are agreeing to receive marketing messages via SMS
- Voluntary agreement - Consent cannot be a condition of purchasing goods or services
- Identifiable sender - Your business name must be disclosed at the time of consent
- Frequency disclosure - Subscribers should know approximately how often they will receive messages
- Opt-out mechanism - Instructions for unsubscribing must be provided
Types of SMS Consent
The TCPA and FCC regulations distinguish between different consent levels:
| Consent Type | Definition | Required For |
|---|---|---|
| Express Written Consent | Documented agreement specifically for marketing messages | Promotional SMS, advertising, sales offers |
| Express Consent | Verbal or implied agreement for informational messages | Appointment reminders, order confirmations, account alerts |
| Prior Express Consent | Permission given before contact, often through providing a phone number | Two-way conversational messaging initiated by customer |
For most marketing purposes, you need express written consent - the highest standard of permission.
TCPA Requirements for SMS Marketing
The Telephone Consumer Protection Act (TCPA) is the primary federal law governing SMS marketing in the United States. Violations carry significant penalties and have led to class-action lawsuits resulting in settlements of tens of millions of dollars.
What the TCPA Requires
To send marketing text messages legally, you must:
- Obtain prior express written consent before sending any promotional message
- Identify your business in every message
- Include opt-out instructions in every message
- Honor opt-out requests immediately (within 10 business days maximum)
- Maintain consent records proving when and how consent was obtained
- Not condition purchase on consent - customers can buy without agreeing to marketing texts
What Qualifies as Written Consent
Under TCPA regulations, written consent can be obtained through:
- Web forms with clear checkbox and disclosure language
- Text keyword campaigns (e.g., “Text JOIN to 55555”)
- Paper forms with signature
- Verbal consent if recorded and documented
The consent must include a “clear and conspicuous disclosure” that the consumer:
- Agrees to receive marketing messages
- Understands they will be sent via automated technology
- Knows consent is not required to make a purchase
TCPA Penalties for Non-Compliance
| Violation Type | Penalty Per Message |
|---|---|
| Negligent violation | $500 |
| Knowing/willful violation | $1,500 |
| Class action potential | Unlimited (based on message volume) |
A single campaign to 10,000 subscribers without proper consent could result in $5 million to $15 million in penalties. These risks make proper opt-in compliance essential for any SMS marketing program.
State SMS Laws: Beyond Federal Requirements
Some states have enacted additional SMS marketing regulations beyond TCPA. Understanding state-specific requirements is critical if you message customers nationwide.
Texas SMS Law (SB 140)
Texas Senate Bill 140, effective September 1, 2025, significantly expanded SMS marketing requirements for businesses texting Texas residents:
- Marketing texts may require registration with the Texas Secretary of State
- A $200 registration fee and $10,000 security bond may apply
- Businesses must comply with Texas No-Call List scrubbing
- Private lawsuits are now more accessible for violations
For complete details on Texas requirements, see our Texas SMS Law compliance guide.
Florida Telephone Solicitation Act
Florida requires additional disclosures for telemarketing, including text messages:
- Sender must disclose the call/text is for solicitation purposes
- Specific opt-out mechanisms must be provided
- Enhanced penalties for violations
CCPA Considerations (California)
While the California Consumer Privacy Act (CCPA) does not directly regulate SMS consent, it does require:
- Disclosure of how phone numbers are collected and used
- Right for consumers to opt out of data sales
- Privacy policy updates reflecting SMS marketing practices
Best practice: Always comply with the most restrictive state requirements that apply to your subscriber base.
Consent Language Templates and Examples
Clear consent language is the foundation of compliant SMS marketing. Use these templates as starting points, then customize for your business and legal review.
Website Opt-In Form Language
Standard disclosure (place near checkbox):
By checking this box, you agree to receive recurring automated marketing text messages from [Business Name] at the phone number provided. Consent is not a condition of purchase. Message and data rates may apply. Message frequency varies. Reply STOP to unsubscribe. Reply HELP for help. View our [Privacy Policy] and [Terms of Service].
Short form disclosure:
I agree to receive marketing texts from [Business Name]. Msg & data rates apply. Msg frequency varies. Reply STOP to cancel.
Text Keyword Campaign Confirmation
When subscribers text a keyword to join your list, send this confirmation:
[Business Name]: Thanks for subscribing! You’ll receive [frequency, e.g., “up to 4 msgs/month”] with exclusive offers and updates. Reply STOP to opt out. Msg&data rates may apply. Reply HELP for help.
Point-of-Sale Verbal Consent Script
For in-person opt-ins, train staff to say:
“Would you like to receive text messages from [Business Name] with exclusive offers and updates? You can opt out anytime by replying STOP.”
Document the consent with:
- Customer phone number
- Staff member who obtained consent
- Date and time
- Location
Double Opt-In Confirmation
For maximum compliance protection, implement double opt-in:
Initial signup response:
[Business Name]: Please confirm your subscription by replying YES. You’ll receive marketing texts. Msg&data rates apply. Reply STOP to cancel.
After YES reply:
[Business Name]: You’re confirmed! Welcome to our VIP text list. Expect [frequency] with exclusive deals. Reply STOP anytime to unsubscribe.
Implementing Opt-In Compliance in Your CRM
Proper technical implementation ensures your consent collection is documented and defensible. Here is how to set up compliant opt-in workflows.
Essential Data to Capture
For every opt-in, record:
- Phone number (in E.164 format: +1XXXXXXXXXX)
- Consent source (web form, keyword, paper, verbal)
- Exact consent language shown at time of opt-in
- Timestamp (date and time in UTC)
- IP address (for web forms)
- Campaign or form identifier
- Consent scope (what types of messages they agreed to receive)
Web Form Configuration
Required elements:
- Unchecked checkbox (never pre-checked)
- Clear disclosure text visible near checkbox
- Links to privacy policy and terms
- Phone number validation
- Timestamp capture on submission
Example form flow:
Phone Number: [___________]
[ ] I agree to receive marketing text messages from [Business Name]
at the number provided. Message frequency varies. Message and
data rates may apply. Reply STOP to unsubscribe.
[View Terms] [View Privacy Policy]
[Subscribe Button]Keyword Campaign Setup
For “Text [KEYWORD] to [Number]” campaigns:
- Register the keyword with your SMS provider
- Create auto-response with full disclosure
- Require confirmation reply (YES/CONFIRM) for double opt-in
- Log the opt-in with timestamp and keyword used
- Store message history including the confirmation exchange
Consent Record Storage
Maintain consent records that include:
Contact ID: 12345
Phone: +15551234567
Consent Status: Opted In
Consent Source: Web Form - Homepage Signup
Consent Date: 2025-01-15 14:32:18 UTC
IP Address: 192.168.1.100
Consent Language Version: v2.3
Campaign Scope: Promotional offers, exclusive deals
Last Message Sent: 2025-01-28
Opt-Out Date: [null]Store this data for a minimum of 5 years (the TCPA statute of limitations is 4 years).
Managing Opt-Outs and Revocations
Proper opt-out handling is as important as proper opt-in collection. The FCC requires businesses to honor revocations “within a reasonable time,” interpreted as within 10 business days.
Required Opt-Out Keywords
Configure your system to recognize these standard opt-out keywords:
- STOP
- STOPALL
- UNSUBSCRIBE
- CANCEL
- END
- QUIT
Opt-Out Processing Workflow
- Receive opt-out keyword from subscriber
- Immediately update DNC status in your database
- Send one-time confirmation (permitted under FCC rules):
“[Business Name]: You’ve been unsubscribed. You will receive no more marketing messages. Reply HELP for support.”
- Log the opt-out with timestamp
- Suppress from all future campaigns including automated sequences
Handling Non-Standard Opt-Outs
Under the FCC’s “reasonable method” standard, consumers can revoke consent through any reasonable means, not just STOP. Monitor for messages like:
- “Please don’t text me anymore”
- “Remove me from your list”
- “I don’t want these messages”
- “Unsubscribe me”
Train your team or configure AI monitoring to catch these natural-language opt-outs and process them promptly.
Re-Opt-In Procedures
If a subscriber who previously opted out wants to rejoin:
- Require new explicit consent - cannot automatically re-add
- Document the new opt-in separately from original
- Confirm resubscription via text
- Note the gap in your records (opted out [date] to [date])
Building Trust Through Compliant SMS Practices
Compliance is the minimum standard. Building genuine subscriber trust requires going beyond legal requirements to deliver real value.
Set Clear Expectations
During opt-in, be specific about:
- Message frequency - “Up to 4 messages per month” is better than “message frequency varies”
- Content types - “Exclusive discounts and new product alerts”
- Value proposition - Why should they subscribe?
Deliver Consistent Value
Every message should provide clear value:
- Exclusive offers not available elsewhere
- Early access to sales or new products
- Useful information like appointment reminders or order updates
- Time-sensitive alerts they would want to know
Avoid sending messages just to meet a quota. If you have nothing valuable to share, do not send a message.
Respect Frequency Limits
Even with consent, over-messaging damages trust:
| Message Type | Recommended Maximum |
|---|---|
| Promotional | 4-6 per month |
| Transactional | As needed |
| Appointment reminders | As needed |
| Total messages | 8-10 per month |
Monitor opt-out rates. If they exceed 2% per campaign, reduce frequency or improve content relevance.
Personalize Appropriately
Use subscriber data to send relevant messages:
- Purchase history - Recommend related products
- Preferences - Honor stated interests
- Behavior - Respond to engagement patterns
- Location - Send relevant local offers
Personalization shows you value the relationship, not just the phone number.
Respond to Replies
If you use two-way messaging, respond promptly:
- Acknowledge questions within business hours
- Escalate issues to appropriate team members
- Track conversations in your CRM for context
Two-way communication builds relationships that one-way broadcasts cannot.
SMS Opt-In Compliance Checklist
Use this checklist to audit your SMS marketing compliance:
Consent Collection
- Opt-in forms include clear disclosure language
- Checkboxes are unchecked by default
- Consent is not required to complete purchases
- Business name is clearly identified
- Message frequency is disclosed
- Opt-out instructions are provided at signup
- Links to privacy policy and terms are included
Data Management
- Consent timestamp is captured for every opt-in
- Consent source is documented
- IP address is logged for web opt-ins
- Exact consent language version is recorded
- Records are retained for minimum 5 years
- Database can be audited for consent proof
Message Compliance
- Business name appears in every message
- Opt-out instructions included (Reply STOP to unsubscribe)
- Messages match consented content scope
- Sending times respect local time zones
- Frequency stays within disclosed limits
Opt-Out Handling
- Standard keywords (STOP, etc.) are monitored
- Opt-outs processed within 10 business days (preferably immediately)
- One-time confirmation sent after opt-out
- Opted-out numbers suppressed from all campaigns
- Natural language opt-outs are monitored
- Re-opt-in requires fresh consent
Carrier Compliance
- A2P 10DLC brand registration complete
- Campaign registration submitted and approved
- Trust score monitored and maintained
- CTIA best practices followed
For more on A2P 10DLC requirements, see our complete A2P 10DLC guide.
Frequently Asked Questions
What is the difference between opt-in and express written consent?
Opt-in is a general term meaning the subscriber agreed to receive messages. Express written consent is the specific legal standard required by TCPA for marketing SMS - it must be documented in writing, include clear disclosure, and be given voluntarily without being a condition of purchase.
Can I text customers who gave me their phone number for a purchase?
No. Providing a phone number for order confirmations or customer service does not constitute consent for marketing messages. You need separate, explicit consent that specifically mentions marketing or promotional text messages.
How long do I need to keep opt-in records?
Keep consent records for at least 5 years. The TCPA has a 4-year statute of limitations, and having records beyond that window provides additional protection. Store the timestamp, source, consent language, and any confirmation messages.
What happens if someone opts out but then texts me back?
A reply after opting out does not automatically re-consent them to marketing messages. If they want to resubscribe, they must go through your opt-in process again. You can respond to their specific question but cannot add them back to marketing campaigns without new consent.
Do transactional messages require the same consent as marketing messages?
Transactional messages (order confirmations, shipping updates, appointment reminders) require consent but not necessarily the same level of express written consent as marketing messages. However, the line between transactional and marketing is often disputed - when in doubt, get express written consent.
Can I send one promotional message to someone without consent?
No. Even a single promotional text without consent violates TCPA and can result in $500-$1,500 in penalties. There is no “introductory message” exception for SMS marketing.
How do I handle consent for multiple brands or campaigns?
Consent is typically brand and campaign-specific. If you operate multiple brands or want to send different types of campaigns, either get consent for each separately or use broad language that covers all intended use cases. Be transparent about what subscribers are agreeing to receive.
What if my customer claims they never opted in?
This is why documentation is critical. If challenged, you must prove:
- When they opted in
- How they opted in
- What consent language they agreed to
- That you have a record of their opt-in action
Without this proof, the legal presumption favors the consumer.
Automating Compliance with SMBcrm
Managing opt-in compliance manually becomes increasingly difficult as your subscriber list grows. SMBcrm provides built-in tools to automate compliant SMS marketing:
Consent capture and storage: Web forms automatically record timestamps, IP addresses, and consent language versions with every opt-in.
Opt-out automation: Keyword triggers (STOP, UNSUBSCRIBE, etc.) automatically update contact records and suppress from future campaigns.
DNC list management: Maintain global suppression lists that work across all campaigns and automations.
Compliance reporting: Export consent records for audits or legal review with complete documentation.
Workflow automation: Build compliant sequences with proper timing, personalization, and exit conditions based on subscriber behavior.
For a comprehensive overview of SMS marketing strategy, see our complete SMS marketing guide. To understand carrier registration requirements, read about A2P 10DLC compliance.
Proper opt-in compliance protects your business from significant legal risk while building the foundation for trusted customer relationships. When subscribers know you respect their consent and deliver genuine value, they remain engaged and responsive to your messages.
Start your SMBcrm free trial to implement compliant SMS marketing with built-in consent management, automated workflows, and comprehensive reporting.
Ready to Send Compliant SMS Campaigns with Confidence?
SMBcrm includes built-in consent management, opt-out automation, and compliance reporting to keep your messaging on the right side of regulations.
