Search Results

A2P Regulations & Conduct

Carrier Codes of Conduct

Aerialink is committed to creating a healthy messaging ecosystem that serves all participants and to keeping our customers informed about recent changes in the industry, including the CTIA Messaging Principles and Best Practices, available here.

All customers sending A2P traffic are subject to the FCC TCPA and any other applicable state or federal law, the guidelines for A2P traffic set by the CTIA and individual carrier codes of conduct to be executed and enforced at each carrier’s discretion. Failure to comply with carrier codes of conduct may result in damage to the carrier’s trust in the associated content provider or brand, traffic suspension or a permanent ban of traffic from the offender.

Carriers can and do include their own, additional rules and regulations beyond the FCC TCPA and the CTIA Best Practices Guidelines. We recommend that you read through these carrier codes of conduct for details of each carrier’s unique expectations for successful delivery of content on their network. Additionally, the regulations of the carriers and CTIA guidelines have been consolidated on this page for ease of reference. The information below may be updated or changed without notice as the telecommunications ecosystem continues to evolve, so please check this page regularly for updates.

While this page is intended to be a comprehensive representation of all CTIA and carrier expectations, carriers may make changes at any time and without notice. This is therefore not a replacement for reading the carrier documentation itself, nor is it a replacement for independent legal consultation for TCPA compliance.

For an even more thorough, complete understanding of best-practices in the mobile ecosystem, we recommend reading through all Federal & Industry Regulations

Additional AT&T 10DLC Requirements

The following additional terms apply to 10DLC programs running on the AT&T network:

  • AT&T 10DLC programs are currently in a registration “grace period” during which all groups and organizations are encouraged to register their SMS campaigns. This grace period has been extended to address specific use cases and allow for additional campaign registration. AT&T will provide thirty days’ notice prior to ending the grace period.
  • Unregistered traffic is subject to P2P spam policies and traffic throughput restrictions. While unregistered senders do not pay TCR fees, they will pay the highest possible message termination fees for AT&T due to their unregistered status.
  • All A2P campaigns must be administered on a separate NNID from P2P traffic.
  • While campaign-level filtering is currently in effect, additional throughput will be available to certain message classes effective September 1st, 2021.
  • Registered senders pay lower message termination fees and are less likely to be marked as spam.
  • Registration does not guarantee message delivery. Campaigns whose end-users file complaints with AT&T may be subject to remedial treatment, including suspension or blocking of unwanted, fraudulent or malicious messages.

Additional T-Mobile 10DLC Requirements

The following additional terms apply to 10DLC programs running on the T-Mobile network:

  • 10DLC does not support delivery receipts (DLR) for Free-to-End-User (FTEU) campaigns.
  • All customers should be prepared to prove ownership of the 10DLC number(s) they intend to use for any and all campaigns, and prove that the numbers in question are enabled for both SMS and voice services.
  • A Letter of Authorization (LOA) is required for those customers whose numbers are assigned to an NNID not under/different from iconectiv. The iconectiv team submits LOA and exception requests to T-Mobile on customers’ behalves.
  • There are two T-Mobile exception processes requiring additional application. If one or both special exceptions apply to applicant brands, please contact your Aerialink Account Director or to complete the applicable forms and submit the exception request on your behalf.
  • T-Mobile has established daily messaging caps for brands. Please reference this chart for more information regarding message caps and their relation to vetting scores.

10DLC Registration Agreement

The following agreement, passed through from The Campaign Registry, is applicable to all Aerialink customers registering to run traffic on 10DLC:

Customer represents and warrants to iconectiv TruReach Deliver Aerialink (“Aerialink”) that: (a) the person registering and operating the Customer’s account is over the age of eighteen (18) and has the power and authority to enter into and perform Customer’s obligations under this Agreement; (b) all information provided by Customer to Aerialink is truthful, accurate and complete; (c) if Customer provides a credit or charge card for payment of fees for the Service, Customer is the authorized signatory of the credit or charge card provided to Aerialink to pay the fees; (d) Customer shall comply with all terms and conditions of this Agreement, including, without limitation, the provisions set forth in this Section 4; (e) Customer has provided and will maintain accurate and complete registration information with Aerialink, including, without limitation, Customer’s legal name, address and telephone number; (f) Customer’s access to and/or use of the Campaign Registry does not and will not constitute a breach or violation of any other agreement, contract, terms of use, or similar policy or understanding to which Customer is or may be subject; (g) Customer shall comply with all laws attendant upon its performance of its obligations under this Agreement. (h) Customer and/or the Brand have obtained, and will maintain, all applicable consents, approvals, or permissions required by applicable law, including, without limitation, the Telephone Consumer Protection Act (“TCPA”), 27 U.S.C. § 27, as amended from time to time, to transmit or otherwise send messages to any End Customer; and (i) Customer and/or Brand is operating in accordance with rules, regulations, best practices and guidelines published by MNOs.

Content Provider Responsibilities

All Aerialink customers are responsible for following the guidelines listed below to maintain A2P messaging compliance in addition to adhering to our Acceptable Use Policy.

All Aerialink customers using A2P messaging routes are responsible for:

  1. Obtaining express consent prior to sending messages to any recipients. See Consent Per Content Type below for the required level and type of consent applicable to your messaging content.
  2. Providing an opt-out method, permitting end-users to decline to receive any further messages.
  3. Ensuring messages do not violate CTIA or carrier rules or regulations for acceptable A2P messaging.*
  4. Understanding carriers’ right to re-evaluate messaging use-cases at any time and shut down existing messaging programs at their discretion.
  5. Maintaining of compliant rules and regulations equal to or greater than those imposed by the CTIA, carriers and Aerialink for their own traffic or any A2P traffic resold to customers.
  6. Obtaining use-case information from all clients and maintaining the right and ability to audit said programs and provide this information to Aerialink upon request for their own traffic or any A2P traffic resold to customers.
  7. Avoiding the inclusion of any Protected Health Information content within any part of any messages, including MMS content.
  8. Providing appropriate security and privacy controls to protect subscribers and maintain opt-in and opt-out integrity and full confidentiality of end-user information.
  9. Providing terms of service and privacy policy acccessible at point of opt in and on any/all associated landing websites.
  10. Completing 10DLC registration to receive an AT&T 10DLC Message Class] before attempting to send A2P traffic on long codes to AT&T subscribers.
  11. Ensuring all websites whose URL is accessed through message content unambiguously identify the website owner and include a postal mailing address and other contact information.

* Note that these rules and regulations are subject to change. Those changes will be reflected in the Aerialink Acceptable Use Policy.

Compliant Best-Practices

The following recommendations, while not explicitly mandated, help to ensure compliance with CTIA and carrier guidelines, as well as maintain best deliverability with lowest risk of incurring carrier blocks.

  1. Use as few numbers for your campaign as possible. While there are some use-cases which require the use of multiple numbers (e.g. your company has different departments and you want a different TFN for each), limit the use of one number per clear use-case (e.g. one number per department rather than two). This helps to allay carrier concerns of snowshoeing.
  2. Keep branding, URL domains and messaging consistent. Multiple names, differing or changing URLs and mis-matched content cause confusion and concern.
  3. Keep phrasing conversational. Messages that sound like the transcribed words of a carnival barker will always appear spammy, even if they are legitimate.
  4. Obtain consent directly. Consent should be obtained directly from the end-user to receive the text messages you intend to send.
  5. Maintain expected frequency. If your advertising told end-users they would receive messages once a month, hold to that. If your advertising doesn’t indicate frequency at all, it might be time to add it.
  6. Keep messages short - messages exceeding the supported character length will be sent in multiple installments and may cause the end-user to feel like they’re being spammed.
  7. Offer STOP/HELP instructions in-message.
  8. In the event you change your sender number for a recurring message program, message subscribed end-users from the old number informing them of the number they can expect to see in the future, then send no further messages from the old number.
  9. Ensure all published campaign details are kept accurate and up-to-date.

Prohibited Provider Behavior

The following traits are considered by the carriers to be suspicious and indicative of spam or fraudulent traffic. As such, campaigns found to be doing the following are not complying with best practices guidelines:

  1. Snowshoeing - utilizing a large block of numbers to spread high-velocity traffic among them to avoid carrier spam filters.
  2. Ignoring or Avoiding Opt-Outs - any attempts to make it difficult for an end-user to opt out run the risk of noncompliance with the FCC TCPA, as are instances of ignoring opt-out attempts made in a reasonable manner.
  3. URL Cycling, Redirects and Forwarding - campaigns utilizing strange or misleading URL behavior to manipulate end-user consent, attention or capture information.
  4. Unpublished Contact Numbers - unless the owner of the number is unambiguously identified in the text message.
  5. Number Cycling - dropping blocks of numbers which have been burned by the carriers and replacing with fresh numbers to simply repeat the process.
  6. Running or Enabling Prohibited Use Cases - resellers are responsible for vetting and preventing prohibited use cases on their account.
  7. Sharing, Selling or Renting Consent or any other collected information to or with third parties.
  8. Grey Routes for A2P - “Grey Routes” not authorized to send non-consumer (business, A2P) messages cannot be used for those purposes.
  9. Intentional Filter Evasion - providing mechanisms intended to assist messages in evading anti-SPAM controls regardless of use-case is not permitted.
  10. Dynamic Routing - sender codes and numbers should have a single route by which they deliver messages to destination end-users. These routes should not change dynamically to avoid SPAM controls.
  11. Shared Codes - a code of any type should be dedicated to one content provider only.

Per the FCC TCPA, express consent must be obtained prior to sending messages. The form which that consent must take varies depending on the nature of the campaign and its content. Reference the table below for a better understanding of consent needed to meet carrier expectations.

Defined AsBack-and-forth conversation via text.Ongoing informative business messages requested by consumer.Sales or marketing promotional messages, including promotional materials (e.g. coupon codes) included within otherwise informational texts.
ExampleA consumer initiates a text to a business and the business returns a direct response and no further prompting - e.g., a text requesting a business’s hours of operation.Appointment reminders, customer welcome texts, alerts. The first text sent by the business fulfills the consumer’s request.Any number of use-cases recommending and/or incentivizing end-user recipients to patronize or otherwise give attention to products, businesses, organizations, services.
First MessageSent by consumer.Sent by consumer or business.Sent by business.
CorrespondenceTwo-way conversationOne-way alert or two-way conversationOne-way message

No verbal or written permission required.

Prior to messaging, consumer consent required via text; verbally; or clear and conspicuous form, website or written documentation

Prior to messaging, consumer consent required via form or website including explicit checkbox explaining they will receive promotional text messages. Consent must never be a condition of service or purchase.

Informational & Promotional CTA & Opt-In

The CTA is the point at which the consumer is made aware of the campaign and provided a method or directions for how to opt in or otherwise consent to receive messages. CTAs must always be clear and conspicuous and never misleading so that customers fully understand what they are consenting to when they opt in. In some cases, the CTA and the point of opt-in or consent may be one in the same, such as a description beside a checkbox explaining that checking the box will opt the consumer into receiving text messages. In order to ensure your CTA and opt-in are clear and conspicuous, not misleading and are adhering to legal and industry requirements of proper consent, we recommend following these guidelines:

  1. Always the purpose of the text messages the end-user will receive and the nature of the content they can expect.
  2. Provide the source number (long code, toll-free number, short code) from which the end-user can expect to receive messages.
  3. Ensure the organization or individual behind the messages is clear in the CTA, opt-in and initial message.
  4. Explain any and all associated fees and charges explicitly (“message and data rates may apply”)
  5. Provide access to opt-out instructions, company or mobile terms & conditions and company privacy policy.
  6. Keep the CTA and opt-in separate from the Terms & Conditions.
  7. If you are unsure whether your use-case is Informational or Promotional, follow guidelines for Promotional messages.
  8. Perform a double opt-in in cases where consent was initially collected outside of SMS channels.
  9. Update opt-in instructions in any/all CTAs whenever necessary to ensure they always work correctly.

Opt-Out Requirements

It is required for all text messaging programs to provide a way for consumers to revoke their consent to receive messages, or “opt out” of messaging programs. To ensure this is observed, all messaging programs must:

  • Clearly and conspicuously display opt-out instructions at point of opt-in as well as in the CTA or Terms and Conditions and regular intervals of content service messages (min. once monthly) for recurring message programs.
  • Provide an SMS-based opt-out method. It is recommended to offer other methods as well, including phone or email in addition to text.
  • Ensure any/all published opt-out instructions are kept up-to-date and work as-described.
  • Recognize universal keywords STOP, END, QUIT, CANCEL, UNSUBSCRIBE as valid method of opt-out in addition to any/all otherwise published/displayed opt-out methods. Customer use of these keywords or other displayed opt-out methods must trigger an opt-out event.
  • Respond to an opt-out event with a confirmation that an end-user has opted out, regardless whether they were subscribed at the time they sent the message.
  • Recognize the aforementioned universal keywords regardless of any other accompanying combination or permutation of text content, punctuation, capitalization without inference and trigger the opt-out event for that end-user.
  • Remove end-users from any subscriber lists to prevent the end-user receiving any additional messages after opt-out except for the opt-out confirmation message triggered by the opt-out event.
  • Allow end-users to opt out at any time without penalty beyond the loss of benefit provided by the canceled subscription itself.
  • Understand that carriers, hubs and Aerialink reserve the right to impose opt-outs at a network level for any reason. (Note that this exists already on the carrier-level for toll-free numbers.)
  • Monitor and process published carrier deactivation/deactivated number lists daily.

Network-Side Toll-Free Keywords

For toll-free numbers, end-users who send “STOP” will be opted out on the carrier side. This means that they will receive a carrier response to “STOP.” Additionally, they have the option of opting back in using one of two carrier keywords - “UNSTOP” or “START” - both of which lift the carrier-side block the “STOP” had placed.

Prohibited Use Cases

Within the mobile messaging space, some marketing campaigns or segments are considered problematic by the carriers due to a high volume of subscriber complaints and propensity to be associated with deceptive practices - in other words, “high risk” and therefore prohibited use cases.

As stated by the CTIA, “Message Senders should use reasonable efforts to prevent and combat unwanted or unlawful messaging traffic, including spam and unlawful spoofing. Specifically, Message Senders should take affirmative steps and employ tools that can monitor and prevent Unwanted Messages and content, including for example content that: (1) is unlawful, harmful, abusive, malicious, misleading, harassing, excessively violent, obscene/illicit, or defamatory; (2) deceives or intends to deceive (e.g., phishing messages intended to access private or confidential information); (3) invades privacy; (4) causes safety concerns; (5) incites harm, discrimination, or violence; (6) is intended to intimidate; (7) includes malware; (8) threatens Consumers; or (9) does not meet age-gating requirements. Message Senders should take steps to ensure that marketing content is not misleading and complies with the Federal Trade Commission’s (FTC) Truth-In-Advertising rules.”

The landscape of SPAM has changed and carriers are taking a zero-tolerance approach to traffic that exposes subscribers to shady companies who use texts to tempt end-users into taking certain opt-ins. From “wipe out debt” to job scams asking consumers to share personal information or hand over money, many of these SPAM texts are sent by fee-charging businesses that make unrealistic promises to help with consumers’ money worries and prey on people in debt.

The following use-cases have been deemed high-risk and will be blocked by carriers even when the program claims to support opt-in and opt-out mechanisms. That’s right - even if there is an opt-in and an opt-out, the use-case could still be problematic. In the case of affiliate marketing, for instance, the consumer can text “STOP,” but what exactly are they stopping? More often than not, they are opting out of a single number, but their own number has been shared to the subscriber lists of hundreds or thousands of numbers across multiple content providers. This is the primary reason why affiliate marketing is high-risk and blocked by carriers.

Ultimately, carriers reserve the right to reject programs at their discretion on all messaging routes including short codes, toll-free numbers and standard (local) numbers. Please note that as new SPAM campaigns are identified every day, the below list may change or evolve at any time.

  • Lead/Commission Generation, Affiliate Marketing
  • Third-Party Loan Forgiveness, Loan Matching, Loan/Debt Consolidation, Debt/Student Debt Relief
  • High-Risk Financial Services*
  • Finance/Investment Opportunities
  • Tax Relief
  • Credit Report Scoring, Credit Repair/Related Content
  • Work From Home, “Get Rich Quick,” Third-Party Job Recruitment, “Secret Shopper”
  • Phishing, Fraudulent/Deceptive/Misdirecting Links
  • CBD/Marijuana Dispensary Promotions, Tobacco, Vape, Federally Illegal Drugs
  • Promotions of Any Illegal Substances or Prescriptions
  • Gambling
  • Sweepstakes**
  • Any content containing malware or non-secure app downloads
  • Any content in violation of CTIA policies or guidelines such as SHAFT.***

* Some examples of these problematic “High-Risk Financial Services” campaigns include but are not limited to payday loans, short-term loans, auto loans, mortgage loans, student loans, stock alerts, cryptocurrency.
** Prohibited on toll-free. Sweepstakes may be acceptable on 10DLC long code routes dependent on carrier codes of conduct.
*** Note that while SHAFT is technically a policy which applies to short codes, any content on any sender ID type found to be in violation of SHAFT may be subject to blocking by the carrier or by Aerialink.

Use Case Guidelines

Adult Content Use Cases

Adult content is highly regulated and may likely be subject to additional reviews or audits in excess of other use cases.
All adult content programs must include as part of any and all opt-in methods a substantial, robust age gate effective in verifying the age of a subscriber at point of opt-in and preventing minors from subscribing. Additionally, the following content remains prohibited for adult content messaging:

  • illegal sexual themes of any kind, simulated or real, including the exchange of illegal sexual imagery
  • prostitution/exchange of intimate acts for money
  • misrepresentation of adult content as family-friendly
  • adult substances, actual or implied, targeting minors

Charitable Donation Use Cases

Programs facilitating end-users’ donations to charitable causes and organizations are supported on some carrier networks. Mechanisms for supporting this may vary by carrier. Consult individual carrier codes of conduct for details about how donations are supported and requirements for donation campaigns.

Emergency Notifications Use Cases

While emergency notifications are supported on all number types, it is recommended that the campaign undergo certification as-applicable per number type.

High-Risk Use Cases

High-risk use cases (typically marketing) may not be outright prohibited, but run a high chance of getting blocked or resulting in carrier complaint. It is critical to set expectations that the following use cases are unlikely to run smoothly on carrier networks.

  • Mailbox Rental
  • Cart Abandonment Notifications (read more below)
  • Weight Loss

Cart Abandonment Notifications

Cart Abandonment Notifications are sent as strategic marketing follow-ups to users who have added items to online shopping carts but did not complete their transaction. This is high-risk traffic because end-users did not directly opt in to receive text messages and these messages carry high potential for negative interaction with recipients.

Simply put - you must establish clear consent from recipients at the time information is collected. They must consent to the type of message and from whom they are receiving it. Carriers field a lot of subscriber complaints from marketing messages because e-comm businesses fail to get explicit consent from consumers. The Call-to-Action for opt-in should describe the types of messages recipients can expect to receive and should include clear opt-out instructions.

Therefore, there is always a high chance that carriers will block Cart Abandonment traffic and we advise against supporting this use case.

Machine to Machine Use Cases

IoT/M2M messages are not expected to engage in direct customer interaction and use cases intending to incorporate both direct consumer communication and IoT/M2M messages must utilize separate dedicated codes for each.

Political Use Cases

Political campaigns are supported but must run on the correct channel and must adhere to all applicable CTIA guidelines, including the Messaging Principles and Best Practices and Political Campaign Messaging Document as well as all carrier codes of conduct and the Aerialink Acceptable Use Policy. All prohibited behavior outlined in these articles must be avoided and compliance responsibilities must be obeyed. Depending on the carrier, political campaigns my be required to register and undergo vetting for authenticity. Please see carrier code of conduct documents for explicit instructions for carrier vetting.

Sweepstakes & Contest Use Cases

Programs which offer a chance to receive a prize must adhere to all applicable laws and should consult legal counsel prior to submitting sweepstakes or contest campaigns for 10DLC, Verified Sender or short code certification.

Class-Based Messaging

Some carriers require all senders to obtain a message class prior to sending A2P 10DLC traffic.

Class-Based Rate Limiting

Here are some guidelines to appease carrier expectations for message throughput:

  • P2P & Unregistered: Campaigns operating on P2P, or unregistered for A2P, are limited to a throughput of 15 messages per number per minute. Remember that each segment of multi-part message is considered an individual message and counts toward this rate.
  • Registered Traffic: Rate limit is determined by message class. Consult applicable carrier codes of conduct for more information on tagging your messages with message class to ensure you are allowed the correct throughput.

Red Flags

Some of the characteristics listed below may be innocuous when viewed as isolated incidents, and could occur regardless whether a campaign is absolutely compliant. However, if a messaging program is exhibiting certain characteristics consistently and/or repeatedly, this may indicate noncompliance and is effectively a red flag to the carriers. Aerialink customers should look out for these red flags as well to proactively monitor customer traffic and use-cases in advance of carrier complaint.

  • Upset inbound consumer messages such as expletives, legal threats, confusion about message source or content.
  • Opt-out requests of unusual volume, submitted correctly or incorrectly, such as colloquial inbound requests (e.g. “leave me alone,” “I told you not to contact me,”)
  • Complaints of message blocking. Good traffic absolutely gets blocked incorrectly, but customers whose traffic constantly gets blocked may not be exercising full compliance.
  • Consistent use of high-risk marketing rather than other campaign types may indicate the provider caters to spammers.
  • Regular requests to turn over number inventory due to numbers being “burnt” by carrier blocks.

Aerialink Compliance articles are for informational use only. They do not constitute, and should not be taken as or in place of, legal advice. Aerialink customers are responsible for meeting all legal requirements applicable to their programs and are strongly encouraged to consult formal legal counsel.