Business Owner’s Guide to 10DLC Compliance

What is 10DLC?

10DLC stands for 10-digit long code. Mobile carriers such as T-Mobile and AT&T create these channels for the purpose of sending business-to-customer/consumer messages over landline phone numbers. It allows the user to target a specific area code, has much better throughput and deliverability, and is very cost-effective.  Failure to meet 10DLC requirements, including having the number signed up with an A2P campaign, can result in higher messaging costs, run the risk of being fined, being denied the ability to market via SMS, or even opening yourself to phishing attacks.  However, these issues won’t be nearly as prevalent for low-volume users.

What is 10DLC?

10DLC stands for 10-digit long code. Mobile carriers such as T-Mobile and AT&T create these channels for the purpose of sending business-to-customer/consumer messages over landline phone numbers. It allows the user to target a specific area code, has much better throughput and deliverability, and is very cost-effective.  Failure to meet 10DLC requirements, including having the number signed up with an A2P campaign, can result in higher messaging costs, run the risk of being fined, being denied the ability to market via SMS, or even opening yourself to phishing attacks.  However, these issues won’t be nearly as prevalent for low-volume users.

What is A2P?

A2P (or application-to-person) is any message sent from an application to a contact.  As is seen with our platform CCAI, it has a wide range of applicability, has a high interaction rate, is incredibly cheap per message, is fast, and is a good way to spread information and promote sales.

What is A2P?

A2P (or application-to-person) is any message sent from an application to a contact.  As is seen with our platform CCAI, it has a wide range of applicability, has a high interaction rate, is incredibly cheap per message, is fast, and is a good way to spread information and promote sales.

What Regulations Apply?

The CTIA, or the Wireless Association, oversees all SMS messaging in the United States. Strict standards govern messaging in the United States, and having a sales advisor is critical for ensuring compatibility with the latest legislation.  Furthermore, the Federal Communications Commission (FCC) prohibits sending SMS messages to a mobile phone using an auto-dialer unless the user has given their approval or the message is being sent for an emergency. All numbers, including those not on the national Do Not Call list, are subject to the ban.

Short codes are perfect for SMS Marketing, bulk texting, and communications with URLs. Once the application is approved, users will receive the regulations for US short codes and access to the CTIA Short Code Monitoring Handbook.  Person-to-person communication, such as appointment reminders, notifications, and announcements are all generally sent via long numbers. That means you can use it to communicate with customers, staff, and others who are interested in your company. Only lengthy numbers are subject to the constraints listed below.

Public link shorteners are not allowed in SMS messages, as they have been banned by AT&T due to the potential for obscuring deceptive URLs. If any messages contain public link shorteners like bit.ly, they will be rejected as spam. However, if you need to send long URLs and are concerned about exceeding the character limit.  The CTIA outlines four Guiding Principles for SMS compliance, which are as follows:

• Clear calls to action: All calls to action must be displayed clearly and unambiguously. It is essential to inform consumers about what they are signing up for in relation to a specific program. Ensuring that consumers are fully aware of the content they are subscribing to is crucial for maintaining transparency and building trust.
• Applicable consent mechanisms: Short Code programs must comply with consent requirements stated in the CTIA Messaging Principles and Best Practices. This means giving consumers sufficient control over the messages they receive and ensuring their consent is obtained appropriately. By adhering to these consent mechanisms, businesses can demonstrate respect for consumer preferences and privacy.
• Opt-in confirmation messages: When a consumer opts-in to a program, their opt-in must be confirmed in the first message sent to them. For single-message programs, the confirmation message content may be included in the same message sent after opt-in. In the case of recurring messages programs, confirmation messages must include clear instructions on how to opt out. Providing clear and immediate confirmation of opt-ins helps establish a solid foundation of trust between businesses and consumers.
• Acknowledgment and honoring of opt-out requests: Message senders are responsible for acknowledging and acting upon all opt-out requests from consumers. It is crucial to have appropriate monitoring procedures in place to confirm the successful opt-out process. By promptly acknowledging and respecting opt-out requests, businesses can uphold ethical communication practices and maintain positive relationships with their audience.
• SHAFT Regulations: Sex, Hate, Alchohol, Firearms, and Tobacco Regulations explicitly prohibit the mention of certain topics in product messages for consumer protection.  These include:
  • Sexually explicit material
  • Hate speech
  • Promotion of alcohol
  • Firearms-related content
  • Tobacco products and any illicit substances
  • CBD, even on Toll-Free lines
  • High-risk financial services like payday loans, short-term high-interest loans, auto loans, mortgage loans, student loans, debt collection, etc.
  • Gambling or sweepstakes
  • Stock alerts, cryptocurrency, and get-rich-quick schemes
  • Deceptive work-from-home programs or risk investment opportunities
  • Multi-level marketing
  • Debt-related services like forgiveness, consolidation, or credit repair
  • Job postings, except for direct-hire messages
  • Phishing attempts
  • Pornographic material
  • Profanity or hate speech
  • Fraudulent or scam content
  • Deceptive marketing practices

What Regulations Apply?

The CTIA, otherwise known as the Wireless Association, oversees all SMS messaging in the United States. Strict standards govern messaging in the United States, and having a sales advisor is critical for ensuring compatibility with the latest legislation.  Furthermore, the Federal Communications Commission (FCC) prohibits sending SMS messages to a mobile phone using an auto-dialer unless the user has given their approval or the message is being sent for an emergency. All numbers, including those not on the national Do Not Call list, are subject to the ban.

Short codes are perfect for marketing messages, bulk texting, and communications with URLs. Once the application is approved, users will receive the regulations for US short codes and access to the CTIA Short Code Monitoring Handbook.  Person-to-person communication, such as appointment reminders, notifications, and announcements are all generally sent via long numbers. That means you can use it to communicate with customers, staff, and others who are interested in your company. Only lengthy numbers are subject to the constraints listed below.

How to Become 10DLC Compliant

Our services are heavily reliant on Twilio, a customer engagement platform for making and receiving phone calls, sending and receiving text messages, and other communication functions using its web service APIs.  The methodology behind setting up a compliant number is as follows:

Step 1: Gather Personal Information

Twilio requires a hefty amount of personal information for the signup process alone.  When signing up, you will need:

Business information

• • Business Name
  • Physical Address (Street, City, State/Province/Region, Postal Code, Country)
  • Business Identity (Direct Customer or ISV/Reseller/Partner)
  • Business Type (Sole Proprietorship/Partnership/Corporation /Co-Operative/LLC/Non-Profit)
  • Company Status (Private/Public)
  • Stock Ticker & Exchange (if Public)
  • Tax ID or Business Registration Number and Type (EIN for US-based companies, other Business License or Tax ID number for non-US companies)
  • Industry
  • Website
  • Regions of Operations

Personal contact information

• • Full Name
  • Phone number
  • Email Address
  • Position within the company (CEO, CFO, etc.)

Step 2: Sign Up with Twilio

The profile established will be dependent on the type of business they are making an account for.  Government agencies and entities will still have to register as a business if they choose this method, but will likely sign up as a non-profit businesses.  Initial signup will require:

• • Business name
  • Business address and any other metadata
  • Business identity, business type, industry, website URL, and regional information
  • Information of any authorized representatives
  • A personal email address to receive updates on the Twilio account

Once everything is filled out, users will get one more opportunity to review their information for typos and errors before submitting.

Step 3: Establishing the Brand

After the profile is set, users are required to register the A2P they will be operating from.  Users will need to include the previously mentioned details as well as if the organization is publicly or privately traded.  After signup, the A2P platform will be granted a trust score, determining throughput and ability to send messages.  If the score is too low, the user may undergo a second vetting process at no additional cost.  This will however require more details including tax ID and the company size.

Step 4: Campaign Use Cases

This just means to put forward some actual examples of the intention for using a 10DLC.  The number of use cases required is dependent on the number of scenarios 10DLC owners will want to contact customers.  For example, if the owner wants to send marketing messages and two-factor authentication to users, they will need to submit two use cases.

How to Become 10DLC Compliant

Our services are heavily reliant on Twilio, a customer engagement platform for making and receiving phone calls, sending and receiving text messages, and other communication functions using its web service APIs.  The methodology behind setting up a compliant number is as follows:

Step 1: Gather Personal Information

Twilio requires a hefty amount of personal information for the signup process alone.  When signing up, you will need:

Business information

• • Business Name
  • Physical Address (Street, City, State/Province/Region, Postal Code, Country)
  • Business Identity (Direct Customer or ISV/Reseller/Partner)
  • Business Type (Sole Proprietorship/Partnership/Corporation /Co-Operative/LLC/Non-Profit)
  • Company Status (Private/Public)
  • Stock Ticker & Exchange (if Public)
  • Tax ID or Business Registration Number and Type (EIN for US-based companies, other Business License or Tax ID number for non-US companies)
  • Industry
  • Website
  • Regions of Operations

Personal contact information

• • Full Name
  • Phone number
  • Email Address
  • Position within the company (CEO, CFO, etc.)

Step 2: Sign Up with Twilio

The profile established will be dependent on the type of business they are making an account for.  Government agencies and entities will still have to register as a business if they choose this method, but will likely sign up as a non-profit businesses.  Initial signup will require:

• • Business name
  • Business address and any other metadata
  • Business identity, business type, industry, website URL, and regional information
  • Information of any authorized representatives
  • A personal email address to receive updates on the Twilio account

Once everything is filled out, users will get one more opportunity to review their information for typos and errors before submitting.

Step 3: Establishing the Brand

After the profile is set, users are required to register the A2P they will be operating from.  Users will need to include the previously mentioned details as well as if the organization is publicly or privately traded.  After signup, the A2P platform will be granted a trust score, determining throughput and ability to send messages.  If the score is too low, the user may undergo a second vetting process at no additional cost.  This will however require more details including tax ID and the company size.

Step 4: Campaign Use Cases

This just means to put forward some actual examples of the intention for using a 10DLC.  The number of use cases required is dependent on the number of scenarios 10DLC owners will want to contact customers.  For example, if the owner wants to send marketing messages and two-factor authentication to users, they will need to submit two use cases.

Sounds Like Too Much?

Understandably, this sounds like a lot of paperwork and more hoops than is worth the effort.  Fortunately, this is a venture that we have not only already undergone ourselves but have managed to use the Twilio API to automate the process with CloudContactAI.  At readily affordable rates, we can help bridge that gap through automated marketing.

Sounds Like Too Much?

Understandably, this sounds like a lot of paperwork and more hoops than is worth the effort.  Fortunately, this is a venture that we have not only already undergone ourselves but have managed to use the Twilio API to automate the process with CloudContactAI.  At readily affordable rates, we can help bridge that gap through automated marketing.