Text and Email Marketing Regulations: What You Should Know

 In Marketing Tips, Stats and Facts, Tips for Business Owners, Utilizing CityGro

If there’s one word you remember when it comes to email and text marketing laws, it should be “consent.”

Customer consent is the key to email and text marketing laws and will save your tail in the long run. Text and email marketing can make a huge impact on your business when executed correctly, and that means getting customer consent.

Not only is customer consent required by FCC regulations, but it’s also a marketing best practice in a world filled with spam. This article outlines the main FCC regulations required for SMS and email marketing and will get you rapidly familiar with email and sms marketing laws.

You may be asking yourself “when can I text my customers?” According to FCC rules, consent for commercial text messaging must be in writing and cannot be given verbally, whereas text messaging for non-commercial use allows for oral consent. Because of the E-SIGN Act, a signature of consent can be collected electronically through email, website forms, kiosk, text message, etc.

The “Golden Rule” of SMS marketing laws is clear and documented customer consent.


Download Quick-Reference Guide

Who regulates SMS text message marketing?

There are three primary organizations that weigh in on text marketing rules and regulations; however, they all carry different powers and influencer on what can and can’t be done. Much of the confusion with regards to text regulations comes from not understanding the influence, powers or relationships between these three groups.

  1. CTIA (Cellular Telecommunications Industry Association) – CTIA is an association made up of the wireless carriers and other influential members that help enforce best practices. Because they are not a government agency, they cannot pass or enforce laws; however, they can impact your business significantly by shutting down your long code / short code or blocking text messaging services for groups they find to be non-compliant. CTIA provides “Messaging Principles and Best Practices” that define the do’s and don’ts as they see it.  More information about CTIA can be found here: https://www.ctia.org/
  2. FCC (Federal Communications Commission) – The FCC is a government organization and therefore can create and enforce laws that suitable for fines and legal action. There are two primary laws by which the FCC regulates text and email marketing spam. They are commonly known as the TCPA (Telephone Consumer Protection Act) and CAN-SPAM. While these laws weren’t necessarily written with SMS marketing in mind, text messaging has been included under the same regulations as telemarketing and auto dialers. Both laws are detailed below.More information about the FCC can be found here: https://www.fcc.gov/consumers/guides/stop-unwanted-calls-and-texts
  3. MMA (Mobile Marketing Association) – The MMA is a voice of influence but does not have legal enforcement abilities like the FCC, nor do they have controlling power such as CTIA. They are an association of members created to help provide best practices on both regulations (primarily pushing regulations from the FCC and CTIA) and best practices in regards to what is effective and what consumers want. For the purpose of discussing text regulations, we will focus primarily on the FCC and CTIA.More information on the MMA can be found here: http://www.mmaglobal.com/You can download their best practices here (form required): http://www.mmaglobal.com/files/whitepapers/2014%20Messaging%20v3.pdf

An overview of the FCC and CTIA regulations.

Now that we’ve established the organizations that govern text message marketing, let’s dive into the actual regulations they’ve provided.

  1. TCPA (Telephone Consumer Protection Act) – The TCPA was passed into law by the FCC in 1991 and restricts unsolicited telemarketing calls, faxes, pre-recorded calls, and SMS text messages (codified as 47 U.S.C. 227). The TCPA does not actually mention text message marketing at all but has since been clarified by the FCC to include text marketing within the same regulations as automated dialing systems. It was modified in October of 2013 to require businesses to get prior express written consent in order to send text messages to customers for marketing purposes. Emails also require consent but are much less regulated and consent can be given verbally.
    With regards to text message marketing, the primary regulations of the TCPA include:

    • Prior Express Written Consent – A consumer’s written* consent (see E-SIGN Act disclaimer below to clarify “written”) is required prior to sending any text messages for commercial or marketing purposes and must sufficiently show that the consumer (1) received “clear and conspicuous disclosure” of what messages they’ll be receiving; and (2) agrees unambiguously to receive such calls at the phone number given.*Consent obtained in compliance with the E-SIGN Act, such as permission obtained via an email, website form, text message, telephone keypress, voice recording, etc., satisfies this requirement. **Tax-exempt nonprofit organizations are not required to comply with the do-not-call provisions of the TCPA.
    • Prior Express Consent – For non-commercial, information texts (such as those sent by or on behalf of tax-exempt non-profit organizations, those for political purposes, and other non-commercial purposes, such as school closings), your consent may be oral.
    • Auto Opt-Out Mechanism – Recipients must be able to opt-out by replying directly to the text message.
    • Text Message Content – According to the TCPA, text messages must include (1) the identity of the entity sending the text and (2) opt-out instructions (the CTIA clarifies that messages must include opt-out instructions at least monthly).
    • Appropriate Texting Times – Text messages for marketing purposes can only be sent between the hours of 8 am and 9 pm (local time of the receiver). In short, the TCPA prohibits text messages sent to a mobile phone from an auto-dialer (including text message marketing) unless (1) you previously gave consent to receive the message or (2) the message is sent for emergency purposes.References for the FCC Regulations discussed above, and for additional regulations not mentioned above, include:
  2. CTIA Regulations – While the FCC focuses their regulations on recipient permissions, the CTIA is much more specific about the content of messages and disclaimers associated with them. The following guidelines are documented by the CTIA in Short Code Monitoring Handbook.
    • Opt-in consent – The CTIA again comments on the requirement for prior express consent.
    • Opt-out mechanisms – Text messaging programs are required to automatically opt out recipients who reply with any of the following universal keywords; STOP, END, CANCEL, UNSUBSCRIBE, and QUIT. Recurring-messaging programs must also display opt-out instructions at regular intervals, whether in content or service messages, at least once per month. You can send one final opt-out message to confirm that a user has opted out successfully.
    • Customer Care – The customer care clause simply requires you to provide a way for recipients to find out more about the program details as well as their status with the program. At a minimum, texting HELP should return the program’s name and contact information.
    • Opt-in Confirmation Message – A confirmation text is required to be sent immediately after a consumer has opted in for marketing messages (or as soon as reasonably possible) and should include:
      1. The identity of the sender
      2. Customer care information (examples include: reply help for help, contact us at 888-888-8888, email support at support@gmail.com, etc)
      3. Opt-out instructions (reply STOP to unsubscribe)
      4. Messaging/product quantity or recurring-messages disclosure
      5. “Message and data rates may apply” disclosure
    • Privacy Policy – Service providers are responsible for protecting the privacy of user information. A privacy policy needs to be in place that provides up-to-date and accurate information about the program details and functionality (details on help keywords, opt-out keywords, etc.).  It needs to be accessible from the initial call-to-action.
    • Consistency in program name and details – When you receive consumer consent to message them, the permissions are only granted to the specific program and cannot be shared among other programs. Your name needs to be consistent from the call-to-action, to the privacy policy, to each message that is sent.
    • Requirements in the Call-to-Action – The call-to-action is the place where customers sign up for messages. It needs to include the following:
      1. Product description
      2. Messaging frequency or recurring messages disclosure
      3. Terms and conditions or link to terms and conditions
      4. Privacy policy or link to privacy policy
      5. STOP keyword (this can appear on a seperate page in the terms and conditions)
      6. “Message and data rates may apply” disclosure

The TCPA and the CAN-SPAM Act

There are two primary laws by which the FCC regulates text and email marketing spam. They are commonly known as the TCPA and CAN-SPAM. While these laws weren’t necessarily written with SMS marketing in mind, text messaging has been included under the same regulations as telemarketing and auto dialers. Both laws are detailed below.

Telephone Consumer Protection Act (TCPA)

The TCPA was passed into law in 1991 and restricts unsolicited telemarketing calls, faxes, pre-recorded calls, and SMS text messages (codified as 47 U.S.C. 227). It was modified in October of 2013 to require businesses to get prior written consent in order to send text messages to customers for marketing purposes. Emails also require consent but are much less regulated and consent can be given verbally.

In short, the TCPA prohibits text messages sent to a mobile phone from an auto-dialer unless (1) you previously gave consent to receive the message or (2) the message is sent for emergency purposes.

As of October 16, 2013; prior express written consent is required for all text messages sent to cell phones for marketing purposes.

As of October 16, 2013, the TCPA applies to both voice and SMS text messages if they are transmitted for marketing purposes. These significant changes are as follows:

New Rule Effective What is the new requirement?
Prior express written consent October 16, 2013 Unambiguous written consent required before telemarketing call or text message. Exception: calls that are manually dialed and do not contain a pre-recorded message are exempt from the TCPA.
No “established business relationship” exemption October 16, 2013 Established business relationship no longer relieves advertisers of prior unambiguous written consent requirement.

Consumer consent must be unambiguous. It may be tempting to capture consent for one type of message, such as text receipts, and then send another type of message, such as marketing messages. Avoid this temptation as you may get burned. FCC regulations require businesses to get unambiguous consent and provide clear details of the purpose of the messages consumers are signing up for. Try a positive phrase like “join our text list for our best offers and updates!”

Consent must be unambiguous, you cannot ask for permission to send text receipts and then start sending marketing messages.

Controlling the Assault of Non-Solicited Pornography and Marketing (“CAN-SPAM”) Act

The CAN-SPAM Act supplements the regulations outlined under the TCPA and bans unwanted commercial email messages sent to your mobile phone. According to the FCC, The CAN-SPAM Act defines commercial messages as those that primarily advertise or promote a commercial product or service.

The FCC’s ban does not cover “transactional or relationship” messages—that is, notices to facilitate a transaction you have already agreed to. Examples of this might be messages that provide information about an existing account or warranty information about a purchased product.

The FCC’s ban also does not cover non-commercial messages, such as messages about candidates for public office or email messages that you have forwarded from your computer to your wireless device. Federal rules do require you to (1) clearly identify the email as a solicitation, (2) provide easy ways to reject future messages from the sender and (3) contain a legitimate return email address and postal code.

FCC bans are mainly for commercial messages, defined by the CAN-SPAM Act as “those that primarily advertise or promote a commercial product or service.”

All commercial messages must allow the receiver to revoke their authorization and opt out.

Text and email marketing providers should supply a convenient way to opt-out, similar to the way customers opt-in. Once a customer opts-out, senders have 10 days to honor requests to opt out. Once opted-out, the sender must keep an ongoing log of opt-out data to ensure recipients don’t receive future messages.

The most common opt-out methods for text and email include replying “STOP” to quit (text messaging) and a single-click “unsubscribe” link at the bottom of an email. Click here to learn why customers are opting out of messages. 

Steps to Take to Keep You on the Right Side of SMS Marketing Laws

1. Send a confirmation text when a new contact joins.

When a new contact subscribes to your marketing list, it is a common best practice to send an automatic response. This response should include (1) the name of your business, (2) the types of messages you will be sending, (3) the amount of messages you will send each month, (4) a statement that no purchase is required, (5) a warning that standard message and data rates apply, and (6) clear instructions to opt-out. How do you squeeze all of this into a single text? An example opt-out message is shown below.

EXAMPLE CONFIRMATION TEXT: “You’ve joined ‘Joe’s Diner’ offers & updates. 2-4 msg/mo, no purch req. Std msg&data rates apply. Rply STOP 2 quit. (Powered by citygro.com)”

2. Always include the fine print when promoting your text list!

I realize the fine print may put a damper in your perfect design, but you won’t be complaining when your shortcode doesn’t get shut off (true story). While I find it odd that we need to sign post EVERYTHING in today’s world, I’ve also learned to accept it. Get in the habit of adding the following details everywhere you post your keyword or allow people to sign up for your text/email programs.

  • A description of the program.
  • The shortcode or phone number you will be sending from.
  • The phrase “Msg & Data rates apply.”
  • A number of messages participants will receive.
  • Instructions to opt-out.
  • A link to your terms and conditions or privacy policy.
  • Contact and support information


By participating, you consent to receive text and email messages sent by an automatic telephone dialing system. Consent to these terms is not a condition of purchase. Message and data rates may apply. Text STOP to 85775 to cancel. Terms & Conditions / Privacy Policy: www.citygro.com/terms/

What are the penalties for failing to comply with TCPA and CAN-SPAM?

While the FCC claims not to award individual damages to spam recipients, they do have the ability to issue warning citations and impose significant fines to companies violating or suspected violation of the rules. The TCPA provides for either actual damages or statutory damages ranging from $500 to $1,500 per unsolicited message and is highly dependant on whether the sender is found to have “willingly” or “knowingly” violated the laws.

One of the most well-known accounts of businesses getting fined for breaking TCPA rules is the case of Papa John’s in early 2013, who paid roughly $16 million to settle a class-action lawsuit. At the end of the day, consent is everything.

Now that you know the rules, are you communicating too much? Not enough? Learn the best practices for text and email marketing.

Sources and helpful sites:

This post’s content was updated on August 9, 2017. It is not intended for legal advice but should be used as a guide for complying with FCC regulations. 

Recent Posts
Showing 5 comments
  • Robert

    Hello! Curious if someone opts out of text marketing provided by a specific company. Does that opt the customer out of all future promotional texts from that business? Or just texts from the company providing the text service. Anything in the FCC rules about this?

    • Mandy Holman

      Hey Robert, that’s a great question! So how it works, when someone opts out of a text message it’s going to opt them out of the SMS shortcode they are subscribed to, this will be stored in you text providers system. If you happen to switch to a new text provider or a new SMS shortcode, you legally must have anyone from your old list re-opt into the new shortcode. So if someone had opted out previously they would have to opt-in to the new shortcode to start receiving messages.

  • Andrew

    As an officer of a voluntary membership organization, we are looking to use text messaging to inform our members of upcoming events. We have been told by one service provider that as a membership organization, we do not have to have the “opt-in” because the members have given their contact information to us upon joining so we may communicate with them. Is this accurate?

    • Mandy Holman

      Hey Andrew, that is a great question. So any message sent with a marketing purpose needs to have prior written consent. However, any text sent that is meant to strictly inform your customers can be sent without the consent. So if you are strictly using your texting platform for membership information you should be just fine. However, it is important to not be too liberal as to what you are classifying as an “informational text”. If there is a marketing motive behind it you can be fined. I would recommend keeping two lists, one for informational texts with everyone’s number. The second you can use for marketing, just make sure everyone has opted-in for marketing messages on that list! If you have any questions about whether your texts are strictly informational feel free to give us a call to go over them!

    • Jon

      Hi Andrew, to add some clarification to Mandy’s answer, you DO need consent but it may not need to be “written” consent. When customers sign up for a voluntary organization and provide their contact info, it is assumed that they consent to getting updates from the organization. The reason I add this is in the event that a member removes their consent (replies STOP), you cannot continue to contact them as would be the case if consent were not required. You still have to adhere to opt-out regulations. I hope that helps!

Leave a Comment

Start typing and press Enter to search