SMS Opt-In and Out Guide: Navigating U.S. Texting Laws

 

The title of the article, “SMS Opt-In and Out Guide: Navigating US Texting Laws”

Text message marketing is a widely used, powerful strategy for businesses and other organizations looking to engage their audiences—but it’s fairly regulated in the United States. Understanding U.S. texting laws, specifically when it comes to SMS opt-in practices, is essential for any organization that uses SMS marketing. 

Even if you feel a law or regulation may not apply to you or your use case(s) directly, you should expect to be impacted by how messaging providers and carriers interpret them. That interpretation will ultimately limit your ability to send messages, despite your best intentions.

To help get your team on the same page about SMS compliance, we’ll explore:

This article only pertains to SMS opt-in laws in the U.S., so be sure to research additional regulations in Canada and the EU if your business operates outside America.

Disclaimer: Please note that the following recommendations are for informational purposes only and are neither intended nor should be substituted for consultation with appropriate legal counsel and your organization's regulatory compliance team. The information provided is "as is" and may be updated or changed without notice.

Mogli automations make SMS compliance easy. Click to watch a demo.

What is SMS opt-in and out?

In order to send marketing messages legally via text, you must get the recipient’s express, written consent. This involves asking the recipient to “opt-in,” in which recipients say yes to receiving promotional messages from your business. They can still “opt-out” at any time if they change their mind, and your business must respect their decision and stop messaging them.

Let’s cover what compliant SMS opt-in and out practices look like in more detail. 

SMS Opt-In

Before you text a customer, you must ask for consent in the form of an opt-in. This consent to receive text messages on a mobile device can be collected wherever you gather mobile information. You can create paper, email, or website forms, or have your target audience text in a keyword to your organization over SMS or WhatsApp (such as “SIGN UP”).

For any of these consent forms to be valid, organizations must clearly disclose a few pieces of information: 

  • The identity of your business or organization
  • The number of messages recipients should expect to receive
  • The details of your privacy policy
  • How to opt-out (a process that should be easy, such as texting “STOP”)
  • How to receive tech assistance from your team

While only one opt-in is legally required, we recommend covering your bases by getting a double opt-in. When you receive the initial opt-in (whether through an online form or a customer texting you a keyword), send a text asking to confirm that they want to receive text messages. If the person answers “YES,” this constitutes a double opt-in. Here’s what it might look like:

Phone screen showing a double opt-in text message, explained in the text above

This active consent or relationship expires every 18 months. To ensure you stay compliant, use an automated SMS marketing app like Mogli to regain opt-ins 18 months after the initial day each user subscribes to your text messages. 

SMS Opt-Out

No matter how amazing your product, service, or marketing is, there will always be someone who doesn’t want to receive commercial text messages—and you must respect that choice. 

Your recipients should be able to opt out of receiving text messages from you at any time by texting words like “STOP,” “QUIT,” “UNSUBSCRIBE,” “OPT-OUT,” or “CANCEL.” It’s important to make opting out easy. The message carrier will see these messages and stop any messages from going out to that customer.

Additionally, if you offered an opt-in or double opt-in and the customer didn’t respond, consider that an opt-out. It’s safest not to reach out to customers unless they are expecting it.

Why is SMS opt-in important?

SMS opt-ins are essential for staying compliant with U.S. texting laws. Failure to acquire written consent and comply with these laws can result in fines, penalties, and other legal trouble for your business.

When you gather opt-ins from customers, you gain access to an impactful marketing channel. SMS is a practical, relatively low-cost way to reach stakeholders across various industries, from financial services and education to commerce and nonprofits. Its efficacy comes not only from the convenience of cell phones and reaching people anywhere they go but from the variety of communications needs a text message can fulfill.

For example, using SMS marketing and a robust tool like Mogli allows you to:

  • Conduct branching surveys for feedback and data collection.
  • Send personalized bulk (one-to-many) and one-to-one messages.
  • Collect payments or donations via text.
  • Create elegant workflows with Salesforce automations that connect teams to your text conversations.

    Text messaging is the preferred and most popular communication channel among consumers, partially because of the stringent regulatory requirements that protect them from spam text messages. These laws keep the channel clean and help preserve its advantages over other digital communications.

Opt-In Texting Laws & Regulations to Know

Federal laws and regulations state that businesses cannot intentionally or unwittingly text unsolicited spam text messages containing irrelevant marketing information, products, services, or other offers. Nor may businesses collect personal data for any purpose other than to engage and provide value to those recipients.

Let’s explore an overview of the texting laws that govern U.S. text messages.

Infographic showing four laws and regulations that govern SMS opt-in and out texting laws, explained in the sections below

TCPA

The Federal Communications Commission (FCC) created the Telephone Consumer Protection Act (TCPA) in the 1990s to protect against phone calls and robocall solicitations. It quickly evolved to include text messaging, as well. 

The TCPA is still the primary law governing business text marketing in the USA. It limits telephone solicitations and the use of automated equipment, requiring businesses to obtain explicit documented written consent before sending text messages (i.e., an opt-in). Even if a company already has a relationship with an intended recipient or their phone number, it may only text them if it has opt-in consent. The only exception is a real emergency.

The takeaway: never hit send on a text message to ask for opt-in. It's illegal. You can land fines between $500-$1500 for each infraction, depending on whether you sent the message knowingly or to what extent you abused information. An unsolicited text or call (yes, each call or text message) counts as a violation of the law, which can quickly amount to millions of dollars in penalty fines. In 2013, Domino’s Pizza paid nearly $10 million for unsolicited text messages.

CAN-SPAM Act

The CAN-SPAM Act protects consumers from commercial text messages from companies with which they don’t already have a relationship.

For example, if your car insurance company sends you a transactional text message asking if you want to increase your coverage, that could be fine. It’s illegal, however, for a car insurance company with which you don’t have any relationship to solicit you over text message without your explicit written consent, as discussed above. 

Additionally, CAN-SPAM requires that any commercial message be readily identifiable as an advertisement by the text message recipient. Consumers must also be able to unsubscribe (opt-out) from text messages whenever they please.

CITA

The CTIA, Cellular Telecommunications and Internet Association, promotes voluntary best practices while protecting consumers from unwanted messages. These best practices:

  • Encourage clear calls to action.
  • Require double opt-in.
  • Recommend easily accessible placement of policies.
  • Require customers have the ability to easily opt out.
  • Urge one opt-in per campaign. 

This way, consumers don’t get added to irrelevant or excessive text messaging campaigns.

CCPA

The California Consumer Privacy Act, or CCPA, gives California residents more control over the personal information that businesses collect. The law governs both US-based and international countries and includes the following privacy rights:

  • The right to know what personal data is being collected and how it is used.
  • The right to request businesses to delete personal data.
  • The right to easily opt out of the sale of personal data to other businesses, as well as request a full list of third-party data users. 
  • The right to non-discrimination because you have exercised your rights under CCPA.
  • The right to sue companies if their data guidelines are violated.

    The CCPA applies to all for-profit businesses serving California residents with at least $25 million in annual revenue or personal data of at least 50,000 people. Additionally, if businesses collect more than half of their revenue from the sale of personal data, they must be CCPA compliant. However, if your organization is not defined by these two characteristics or you are a part of a nonprofit organization, then the CCPA does not apply to you. 

    To comply with CCPA, businesses must:

  • Provide a clear SMS opt-in and opt-out process for their clients. Multi-step or confusing opt-out processes are problematic under the CCPA.
  • Provide them with a “notice of collection" that discloses the type of personal information your business is collecting and how it plans to use it. Use your privacy policy to explain how your business or organization uses data.
  • Include a Do Not Sell link and a link to the business's privacy policy if the business sells personal data. When presenting users with the option to opt out of selling personal data, the correct language is “Do Not Sell My Personal Information” vs. “Do Not Sell My Info.” 
  • Deny requests from third-party businesses to use personal data if they do not have the authorization to act on the consumer’s behalf.

    If your company does not comply with the CCPA (and it applies to you based on the above stipulations), it can incur a fine of up to $7,500 per record.

    5 SMS Opt-In Message Examples

    Now that you understand the importance of securing SMS opt-ins and honoring opt-outs, determine which method your business will use to collect opt-ins. There are several ways you can collect users’ consent, but here are five of the most common SMS opt-in examples.

    1. Opt-In Keywords

    Screenshot of the Walgreens website showing a phone screen and an SMS opt-in keyword

    Keyword queries are inbound marketing at its best. Create a call to action on your website or other channels, including advertisements and social media posts, that invites customers to text a specific keyword to your organization’s phone number.

    The Walgreens website, for example, includes instructions to “Text JOINRX to 21525” to sign up for prescription text alerts.

    We highly recommend the keyword opt-in method, as we’ve seen Mogli clients use them to ease the administrative burdens and painfully low conversion rates of analog or online methods. Our Salesforce-native SMS marketing app makes it easy to set up opt-in keywords and fully automate the process, helping your organization remain compliant while expanding your contact list.

    Mogli automations make SMS compliance easy. Click to watch a demo.

    2. Online Forms

    SMS opt-in form on the American Cancer Society website

Simple SMS opt-in forms are easy to add to your website and provide the proper information for compliance. For instance, the online form on the American Cancer Society website pictured above includes just a few fields to fill out, along with TPCA-compliant information about how to opt-out, get help, and read their privacy policy.

Remember that if you plan on selling the personal data you have collected, the CCPA requires you to include a separate opt-in checkbox  titled “Check to permit sale of information." 

3. Website Pop-ups

Pop-up window asking users to opt-in to texts and emails Figs

To draw more attention to your SMS opt-in form, you can also use website pop-ups to ask text users for consent. 

The example above from Figs Scrubs prompts users to sign up for text message promotions to get a 15% discount. The pop-up is small enough to feel unobtrusive while still including all the necessary information about the business’s text marketing practices.

4. Website Footers

Screenshot of the SMS opt-in keyword information within the footer of the Duluth Trading Co. website

If you want to highlight your SMS opt-in opportunities on your website without distracting from your main content, consider adding a small form or opt-in keyword to your website’s footer. This way, users can scroll down anytime and learn how to opt in without pushy offers on their feed.

On the Duluth Trading Co. website, you can scroll down to find the business’s text opt-in keyword, privacy policy, and terms. You even get a 20% discount!

5. QR Codes

Flyer encouraging students to scan an SMS opt-in QR code to sign up for University of Nebraska-Lincoln text messages

QR codes are another easy way to collect opt-ins using a variety of other marketing channels. Add your QR code to social media posts, posters, flyers, your website, and even direct mail so your audience can quickly sign up to receive your texts.

The example above from the University of Nebraska-Lincoln shows how you can add an SMS opt-in QR code to both physical and digital flyers to inspire opt-ins.

Best Practices for Ensuring SMS Compliance

We’ve covered a lot of information about SMS opt-in and out laws in the U.S. To recap, here are the most essential best practices you should follow to maintain compliance:

  • Gain users’ consent with SMS opt-in (we recommend doing so via keyword query).
  • Confirm consent with double opt-in, which you can do automatically with Mogli.
  • Allow people to easily opt-out, and consider no response to an opt-in request or confirmation as an opt-out.
  • Use Mogli to automatically ask for re-opt-in every 18 months.
  • Never share or sell recipient data—and make sure your privacy policy is updated to reflect this stance.
  • Make your privacy policy, SMS terms and conditions, and help resources easily accessible.
  • Maintain integrity and add value by only sending campaign and interest-specific messaging.

Simplifying SMS Opt-in and Out with Mogli

While it’s ultimately your organization’s responsibility, Mogli simplifies complying with SMS opt-in laws. Our automated processes are built on the Salesforce functionality you know and love, facilitating setup and SMS opt-in and out management.

For instance, Mogli has an opt-out backup using standard Salesforce automation. This automation checks a box on Contact, Lead, or any other Object Record called the Mogli Opt-Out Checkbox, effectively blocking any text messages in Salesforce from being sent to that Contact, Lead, or other Object. 

Mogli also helps clients with the template approval process and WhatsApp configurations, with the ability to customize automation that suits your Salesforce use case. If you have questions, talk with our team about how we can support your business’s SMS marketing strategy.

Mastering SMS Opt-In and Out

Follow these best practices and stay up to date with the latest texting laws and regulations, and you’ll be in good shape to connect with your audience via text. As long as you stay compliant, you can tailor your opt-in and out processes to your audience’s preferences once you learn more about their habits.

Excited to dive into the world of text messaging to engage your stakeholders? Check out our other guides:

Worried about following SMS opt-in laws? We can make it easy for you. See Mogli’s powerful SMS automation for yourself.

 

Ready to Rock Mobile Messaging?

Discover 5 Top Tips for Successful SMS Communication

Get the SCOOP!

Young woman using the laptop in the meeting