10DLC Key Attributes to get your Campaign approved

Modified on Thu, Mar 21 at 3:00 PM

As 10DLC continues to evolve, the MNOs (Mobile Network Operators) have identified a gap in the registration process - campaigns aren't being registered appropriately and don't adhere to the carriers’ codes of conduct. As a result, there will be additional review (vetting) completed on newly registered campaigns. There are three major changes associated with the campaign vetting process: 

  1. All newly created 10DLC campaigns will be subject to manual review and will be placed in a “pending” status until this review is completed. 
  2. The telephone number (TN) won’t be able to be associated with a campaign until the campaign is fully approved. 

The manual review process will increase the time it takes for campaigns to be ready for 10DLC traffic, so please plan accordingly and register as early as possible. We expect delays of several days for the initial review of a campaign, but it could be longer.  

This guide will provide you with examples of the information required to avoid rejection and to cut down on the time it takes for your campaign to be approved. 

Please note that the requirements outlined in this article have always been included in the CTIA (Cellular Telecommunications Industry Association) Messaging Principles and Best Practices, but the DCA (Direct Connect Aggregator) did not require compliance with certain items, so campaigns were approved. Recently, the DCA and MNOs have begun strict implementation in accordance with CTIA guidelines.


Phone Number and Email

This section discusses the phone number and email of the contact person who manages the messaging. These contact methods may or may not match what is on the website / online.  If the brand uses social media for an online presence, it’s best that these contact methods match the social media contact methods.

If your brand is a larger company or even a regional or national brand, then the email domain should belong to the company brand (not Gmail, Yahoo, Outlook, etc.). Email domains for larger companies should not be using gmail.com, as this can result in this campaign being rejected. Many small businesses have a website domain but still use Gmail or some other public email solution, which is typically acceptable for small businesses. The requirement that you use the domain of the brand mainly applies to larger enterprises and messaging campaign reviewers will make that determination during the campaign vetting process. It is permissible for a third party to provide an email and phone number if they are the party that provides messaging support for the brand. Please let us know in advance, if possible if this will be the case. 



Website/Online Presence 

Please make sure to include a URL for the customer's website or online presence. This URL can include a social media page, as long as our aggregator can access it and verify the business is who they say they are. Even if the customer avoids putting their website, our aggregator will search for the business to see if there’s any associated website. If there is prohibited content on their website, the campaign will be rejected. 

Content Type
Acceptable Criteria
Rejectable Criteria
Websites
  • A working and secured website.
  • If a website has a web form that is used to collect mobile numbers, opt-in language with SMS disclosures is required.
  • The site's content and offerings correspond to the proposed messaging use cases.
  • The Privacy Policy must clearly state that consumer Personally Identifiable Information (PII) will not be shared or sold to third parties for the purpose of marketing. 
  • The privacy policy must indicate what information is being collected, how it is used, and how users can opt-out.
  • An unsecured and non-working website. 
  • A website that lands on a domain parking site (e.g., GoDaddy, Wix, or others). 
  • A website that is an empty placeholder (or a “coming soon” site). 
  • A website with a web form that collects phone numbers but doesn't include opt-in language.
  • The Privacy Policy link is inactive.
  • The Privacy policy does not state explicitly that Personally Identifiable Information (PII) will not be shared with third parties.
  • The Privacy Policy referenced sharing information with third parties.
  • Websites without SMS disclosures.
Facebook, Instagram, Twitter, and other social media pages
  • The brand is clearly identified (meaning the brand name or DBA is the same as what appears on their social media). If at all possible, it is best if the email address and phone number in the Brand details also match.
  • A more established social media presence will be more likely to be approved than something that was more recently launched. 
  • Social media pages should be made public. 
  • If the company's website that collects phone numbers is listed or mentioned on the customer’s social media page, the DCA will check it and reject the campaign. 
  • Private pages.
  • Online presence without SMS disclosures and Privacy Policy.
LinkedIn Pages
  • The LinkedIn page should be a company listing – not an individual.
  • The LinkedIn page should be made public.
  • The 'About' section of the company listing should have enough information to fully vet the campaign for the brand, including Privacy Policy links as well as a fully compliant SMS Disclosure.
  • The 'About' section of the company page doesn't have enough information.
  • Private pages.
  • Use of personal LinkedIn profiles in lieu of a business profile will certainly result in rejection. 
  • No SMS disclosures and Privacy Policy.
Yelp Pages
  • Make sure your business page link on Yelp is viewable in all regions.
  • Incorporate an appropriate SMS Disclosure and Privacy Policy for your business.
  • No SMS disclosures and Privacy Policy.
Profile Sites
  • These sites are typically used to provide general information about a professional.
  • Common with physicians, medical, and occasionally legal professionals, these sites should provide general information about the professional(s) in question.
  • Incorporate a compliant SMS Disclosure and Privacy Policy link (or statement) for the business.
  • No SMS disclosures and Privacy Policy.

 

In order to comply with 10DLC requirements, certain requirements must be followed when collecting consumer phone numbers on a website, regardless of its intended purpose. The following conditions should be satisfied:  


1. Opt In Language and SMS Disclosures

The webforms should include opt-in language to obtain consumers' permission to send them messages. This is essential for any campaign's success: Effective opt-in language ensures compliance and enables express consent; it is how a consumer consents to receiving text messages from your brand. 

SMS Disclosures should be complete enough to enable the person viewing them to realize that they are consenting to receive messaging from the business.  

The SMS disclosure should always have the following elements:  

  • Message and data rates may apply disclosure. 
  • Reply STOP [as well as other keywords] to opt-out of future messaging. Reply HELP for more information. 
  • Message frequency (number of messages / month/week/etc., or message frequency varies, or recurring messages) 
  • A link to the Privacy Policy (and Terms & Conditions if there are any). 

Sample Opt-in Language with SMS Disclosure: 

By submitting this form and signing up for texts, you consent to receive marketing text messages (e.g., promos, cart reminders). Consent is not a condition of purchase. Msg & data rates may apply. Message frequency varies. Unsubscribe at any time by replying STOP or clicking the unsubscribe button link (where available). 

Privacy Policy & Terms 



  • By clicking "Submit " I agree to receive emails, text messages, and phone calls, which may be recorded and/or sent using automated dialing or emailing equipment or software unless I opt-out from such communications. I also agree to the Terms of Use and Privacy Policy linked below. I understand that my consent to be contacted is not a requirement to purchase any product or service and that I can opt out at any time. Message & data rates may apply. Message frequency varies.   
  • By clicking "Subscribe" I agree to receive recurring informational SMS, MMS or Email messages from [YOUR BRAND NAME]. My click is my electronic signature, and I authorize you to send me text messages on my mobile phone or landline. I understand that consenting to receive SMS messages is not a condition of purchase or service. This is a standard rate subscription service available on most carriers, Msg & Data Rates May Apply. You can also request additional information by texting HELP or sending an email to xxxx@BRAND.COM. Service will continue until the customer cancels. Messaging frequency will vary. Subscription may be canceled by texting STOP, END, QUIT, CANCEL or UNSUBSCRIBE. Further disclosure of Terms & Conditions and Privacy Policy.



2. Privacy Policy 

Privacy Policies are now required for all 10DLC messaging campaigns. Our carrier and the DCA began enforcing this regulation on September 5, 2023, and have updated their vetting policies accordingly. The CTIA Messaging Principles and Best Practices provide general guidance in Section 5.2.1 on what is necessary for a good Privacy Policy. The key point is that the policy must be clear that an end user’s Personally Identifiable Information (or PII) will not be shared or sold to third parties for the purpose of marketing.   

Privacy Policies vary greatly from quite simple statements to very long and complex policies – it’s dependent on the industry and business as well as applicable privacy law.  Most policies typically indicate what they can and will do with PII – most of which – is perfectly acceptable – especially when used to operate the business itself.  If a business shares or sells information, the Privacy Policy must specify the reasons.  A few examples might include: 

  • If the business is sold or merged 
  • Compliance with legal requirements of the business 
  • If the business has payment processing or other business operational responsibilities 

Even if the Privacy Policy notes that the business does share or sell information to unaffiliated third parties for marketing purposes, the Privacy Policy could become compliant if a statement similar to the following is added: 

“No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.” 

Of course, there can be other variations of this mobile messaging carve-out.  

Compliant Privacy Policies are mandatory on the following campaigns: 

  1. All Political Campaigns. 
  2. All Marketing Campaigns. 
  3. Any campaign that is in the business of buying houses (typically a real-estate or investment firm) which use a variety of A2P 10DLC use cases (Marketing, Mixed, Low Volume, etc.). 
    1. There are an increasing number of these campaigns showing up and several have been cited or suspended for excess spam traffic. 
  4. If a messaging campaign collects numbers on the website (typically through a webform – which must have the appropriate messaging disclosures and/or consent notifications or check-boxes) AND the business provides any of the following: 
    1. Mortgages and Loans – typically Mortgage companies, banks, savings and loans, credit unions 
    2. Financing of any kind (automobile, other motor vehicle, medical, home improvement, etc.) 
    3. Medium to large businesses that may utilize number pools or have a large number of employees (typically greater than 49) 
    4. Age-Gated campaign registrations of any kind

Regardless of the need for a Privacy Policy, don’t forget that ALL A2P 10DLC messaging campaigns must have appropriate consent and call to action. 

Notes regarding Facebook or Instagram sites: Some small businesses do not have a website but use a business social media presence. In those cases, you may create a post with both the full SMS disclosure and a Privacy Policy link or the actual text of a short Privacy Policy. You can make that social media post “sticky” so that it always appears at the top of the social media presence for this business. Another option is to link it in the “About” section (applies to Facebook). Privacy Policies can be linked to Google documents or written out in the social media post.

Campaign Description 

Please be sure to explain the campaign's objectives and intended use. The campaign description should clearly explain for what purpose the messaging is being used by the company.  

Your Campaign description should answer the questions: 

  • Who you are  
  • Who do you want to reach 
  • Why you are sending out messages  

Here are some examples: 

  • Messages aimed at customers of a car dealership service center. Appointment reminders, repair updates, satisfaction follow-up, online bill payment, and 2-way conversations. 
  • We will be sending out 2FA codes for login and password reset. Additionally, users will also receive codes after they have signed up with their phone number to validate the phone and activate their account.  

Please note that each one of these examples describes how the SMS (and/or MMS) campaign will be used. It is important that the campaign description actually matches the sample messages and that the sample messages are as accurate as possible. 

Sample Messages 

The sample messages should show the kind of messages that would be sent by the campaign. You must show messages that are different from each other and give examples of what you might send so that the DCA can see how the exchange might look. These should be specific to the campaign’s intended use and not a general set of messages that have nothing to do with the campaign use case. 

Here are some examples: 

  • [Brand Name]: Your validation code is 123456. It will expire in 15 minutes.  
  • Hi %FirstName%! This is John with SkySwitch. We would love to invite you to visit our booth at the upcoming Conference, which is taking place virtually and in person from Nov 9-13! Tickets are available now. There will be panels relating to voice, messaging, and 911! Register at www.skyswitch.com.  
  • Hello John Doe, this is a reminder about your appointment with John’s Car Dealership on April 2nd, 2021, at 10:00 AM. Please reply YES to confirm your attendance or NO if you are not able to make it. Let us know when you would like to reschedule your appointment. Thank you! 
  • Reminder from Dr. Smiles, DDS, Hi John, we look forward to seeing you at 3:00 pm tomorrow for your appointment. 

Campaign and Content Attributes 

Please make sure your campaign and content attributes are correct while setting up your campaign. These fields cannot be changed, so a brand-new campaign will have to be submitted if any change is needed. 

  • Embedded Link / Embedded Phone Number – if any of the messages that you will send will include a link (such as your website) or your phone number (or both), select “YES” for these.
    • We recommend always checking YES for both in the event you decide at a later date to include an embedded URL or phone number in the text of the message -- regardless of whether it is shown in your sample messages.   
    • For embedded links, public URL shorteners are not typically approved (bit.ly, tiny.url).  If a brand has its OWN URL shortener, we will review it and decide if it is acceptable on a case-by-case basis. 

If a customer selects "NO" for the embedded link, but the sample content provided clearly shows links, the DCA might reject the campaign; In these cases, you will need to submit a new campaign with "YES" selected for the embedded link. 

  • Direct Lending or Loan Arrangement – Select “YES” if the brand originates loans or financing of any kind, including arranging third-party financing. For example, even auto sellers who provide or arrange financing or loans should check this attribute “YES.”  
    • Virtually all banks, savings & loans, and credit unions offer loan products, so the attribute should be set to “YES.”  This includes places such as car, truck, boat, or other vehicle dealerships and sellers. While not their primary business, they likely arrange some sort of financing.  If that is the case, then this attribute should be checked “YES.”    
    • If your website (regardless of business) indicates anywhere that it might provide or arrange financing, then check this attribute as “YES.”  We’ve seen window companies, HVAC dealers, home builders, home remodelers, appliance companies that need to have this attribute checked since they can arrange financing for consumers.    
  • Age–Gated Content- Government–approved texts that can only be sent to consumers over 21. This means that the business must check the consumer’s age before giving them the option to opt-in to receive text messages. Verification of age can be done by getting the date of birth information. The following are allowed if proper age-gating procedures are in place. Select "YES" if it applies to the business being registered. 
    • Alcohol  
    • Tobacco  

Age-Gated Form Example 


Call-to-Action / Message Flow 

A “Call-to-Action” is an invitation to a Consumer to opt-in to a messaging campaign. Its purpose is to describe how recipients of text messages via this campaign consent to receive these messages. In other words, how those numbers were acquired will need to be disclosed. The key point here is to be accurate and descriptive. 

Here are some examples: 

Opt-in Via Website: 

There are various ways to provide consent via a website.  Here are some examples illustrating a number of options. In all cases, there should also be an accompanying SMS Disclosure on the website. 

  • The user fills out a form on the website where they can consent to receive notification messages. There is also a box they can check to receive product updates and/or marketing messages. The messaging disclosure is displayed to users by this form. 
  • Under the “Contact Us” website option, there is a form to fill out to get more information. The user’s phone number is requested. Additionally, there is a checkbox that the user may check to receive information via SMS message, with a full SMS disclosure provided. 
  • When a consumer uses our online form to make an appointment, they are asked if they would like SMS appointment reminders sent to their phone. If they check the box YES, then appointment reminders will be sent. 
  • When the user signs up for an account, the user must first enter their phone number. A 2FA message is sent to validate that phone number. After that, they are asked if they wish to receive account notification messages sent to the provided (and validated) phone number. The user will see all text messaging disclosures here. 

Important: All webforms on a website that require or collect a phone number must include opt-in language and a Privacy policy. If these items are not included, the DCA will reject the Campaign. 

Opt-in Via Email: 

  • In our weekly marketing emails, we include a button that asks consumers if they would like to receive targeted information about upcoming sales via SMS. If they consent, then no more than twice weekly messages are sent. A full SMS disclosure is provided next to the email button. 
  • In our account validation email, we offer the consumer a button to opt-in for SMS messages. If the consumer consents, messages will be sent for shipping and product updates.

Opt-in Via Verbal Consent (In-person or over the phone):

You will need to outline a script that the brand will provide. See the examples below where the brand provides a verbal disclosure: 

  • While the client is at our location, we ask them if they would like to further discuss through text messaging, also reminding them that they can always opt-out of further messaging if they wish by simply replying STOP. We’ll also remind them that these text messages are subject to message and data rates and that the number of messages will vary based on our conversations. Finally, we note that we won’t sell or convey their private mobile data to any third parties and that they can always refer to the Privacy Policy on the website. If they reply that they would, we enter their phone number, and they will receive an opt-in confirmation message that will contain all of the appropriate disclosures.
  • When a consumer is checking out of our practice, we ask if we can send follow-up appointment reminders via SMS.  If they consent, we remind them that they can always opt-out and that messaging and data rates will apply.  Once we get their phone number, they will receive a welcome message noting that subsequent appointment reminders will be sent. 
  • While on the phone with the user, the agent asks the customer to confirm if they wish to receive additional information via SMS. If the user agrees, the information is sent. We remind them that messaging and data charges may apply and that they can opt-out at any time by replying STOP and that HELP provides them with more information.   
  • When a consumer requests directions via a phone call, we ask if it is okay to send them an SMS message with directions to our shop. Additionally, when consumers call us for an appointment, we ask if they would like to receive appointment reminders via SMS. During these calls, consumers are reminded that message and data rates apply and that they can always opt out later by replying STOP. We’ll also note that they will only receive appointment reminder messages when they make an appointment and that no other messages will be received. 

Consumer-Initiated Opt-In

  • The customer can reach out to us via SMS (the phone number to text is on the website). We’ll send back a welcome message which notes that they will now receive updates via SMS. The welcome (or opt-in message) will have all SMS disclosures.
  • Employees may opt-in to messaging by texting the keyword START to a posted number on a bulletin board. The bulletin board post also contains additional information about the SMS notifications they will be receiving. There is also a welcome message after they send the START keyword, which contains the full set of SMS disclosures. 
  • We provide a button on our social media site that opens up a form that the consumer may access to fill in their phone number and approve the receipt of SMS messages. There is a full SMS disclaimer underneath the button.   
  • From our messaging app, users opt-in by texting our opt-in number and agreeing to receive text messages by sending OPT-IN. Optionally, our users can text a phone number once the user sends an OPT-IN

Most common rejection reasons  

  • Call to Action (CTA)  
  • SHAFT-C content  
  • Lack of a website or online presence  
  • Non-compliance with Know Your Customer (KYC) guidelines  
  • Lead generation/Affiliate Marketing 

Call to Action  

We often see campaigns rejected for an insufficient Call to Action (CTA) section. This section should contain a clear and concise description of how an end user consents to receive messages. Opt-in must be 1 to 1 and can't be shared with third parties. It must be clear, conspicuous, and can't be obscured within the terms & conditions and/or other agreement(s). 

SHAFT-C content  

The following types of content are not allowed on 10DLC: Sex, Hate, Alcohol*, Firearms, Tobacco*, Cannabis (CBD, etc.) 

Example: If a chiropractor's office has CDB Oils on its website, this is prohibited, and the campaign will be denied, even if not directly related to CBD marketing. 

Please note: This content is not allowed to be on the customer's website at all. 

*Alcohol and *TobaccoCan be supported with robust age-gating and proper opt-in. 

Lack of a website or online presence  

Please make sure to include any website or online presence the customer has. This can include a social media page, as long as our aggregator can access it and verify the business is who they say they are. Even if the customer avoids putting their website, our aggregator will search for the business to see if there’s any associated website. If there is prohibited content on their website, the campaign will be rejected. 

Non-compliance with Know Your Customer guidelines  

Make sure you’re following proper Know Your Customer (KYC) guidelines for the campaign. The brand needs to reflect who will be sending the message to the customer, not the software behind the delivery. Remember that the brand is the message sender. The Employer Identification Number (EIN) and company information should reflect the message sender, not you as the reseller.  

Lead Gen / Affiliate Marketing  

Lead generation and affiliate marketing are not allowed over 10DLC. 

Lead Gen / Affiliate Marketing occurs when the party collecting opt-in is doing so for the purpose of collecting, aggregating, converting, or selling consumer information (leads) to third parties for a fee. Typically, a consumer is driven to a website using online advertising and asked to input their information to receive offers for general services like payday loans, insurance products, or educational opportunities. The lead generator then either resells that consumer’s information to one or more third parties or continues to send messages to the consumer with links to offers from multiple partners to try and convert a sale. 

At best, these offers can give real value to consumers by connecting them with companies that can help fulfill a need. Oftentimes, however, lead generation companies have engaged in aggressive or potentially misleading marketing campaigns, causing consumers to complain and spam blocking to occur. 

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article