Skip to content

SMS laws, regulations, and abuse prevention

Because SMS messages are one of the most direct ways to reach customers and users, going directly to the user’s phone, regulations must exist that prevent brands from abusing or over-using this relationship, and fines for violations could cost thousands of dollars.

The six rules to get compliance right

In general, we encourage using your best judgment when approaching SMS sending. Braze, as well as our sending partners, have checks in place that prevent most SMS abuses.

There are the six rules you should follow:

  1. Obtain explicit consent from users before sending them SMS. Whenever users provide consent, it’s your responsibility to log, update, and maintain that information in a compliant user database. According to basic legal guidelines, the most important information you need to retain regarding consent is:
    • The time and date the user gave consent
    • The type of SMS messaging they consented to
    • The users’ phone number
    • The language in which they opted-in

  2. Clearly communicate the types of SMS you’ll be sending. Users should understand what messages to expect from your brand in this channel and the kinds of information or offers they’ll be receiving. Explicitly state the purpose of your future campaigns, message frequency, and remind users that message/data rates apply.

  3. Keep essential information updated and visible. Ensure that the most up-to-date version of your brand’s Terms and Conditions and your SMS Marketing Privacy Policy are clearly visible and easily accessible from your SMS opt-in page.

  4. Only send SMS to legally obtained, opted-in phone numbers. As part of technical migration planning, ensure that your team understands the mechanism for tying opt-in statuses to each and every user profile in your customer engagement platform.

  5. Ensure SHAFT compliance in the US and other relevant regions. Sending SMS messages that contain language around sex, hate, alcohol, firearms, and tobacco (SHAFT) is generally considered to be illegal in the US and some other regions.

  6. Double-check everything. Work with your legal team to ensure that your SMS program is fully compliant with all applicable rules and regulations for the regions your brand operates in.


Here are some links you might need to consult as you build up your SMS campaign:

Considerations for compliance

Data and privacy

A customer’s privacy is key to a meaningful and respectful relationship. Respecting a customer’s privacy and information is just another opportunity to create a bond between them and your brand. Sometimes, using marketing tools can put data and privacy last.

Luckily for you, Braze follows the guidelines of many security regulations, including GDPR.

The CTIA (a trade association representing the wireless communications industry in the United States) recommends that you maintain and conspicuously display a clear and easy-to-understand privacy policy.

Opt-in, help, and opt-out options are an absolute must when creating SMS campaigns.

The Telephone Consumer Protection Act (TCPA) mandates that a business must receive “express written consent” to send customers messages - you can do this in a multitude of ways, including web or mobile. You must be clear with the customer about how you intend to use SMS to communicate with them.

Remember to comply with the National Do Not Call Registry.

Braze uses Subscription Groups to manage groups of users based on their level of consent.

Spam and cadence

Similar to email, your users or customer can experience inbox burnout. But this is only one reason not to relentlessly message your customers. You should look specifically at Section 5 of the FTC Act to ensure compliance (in the U.S.).

Some spam considerations are built into SMS capabilities in general (long and short code sending limits), as well as Braze rate limits. However, you should still consider compliance laws when planning your campaigns.


This can be a tricky one, but when in doubt, avoid topics that involve violence, sex, drugs, tobacco, or other paraphernalia. Be wise when sending messages regarding these topics—you may still be charged for messages that are blocked by various carriers.

The CTIA recommends that you ensure SHAFT compliance, which defines the following topics as generally “illegal” when messaging in the United States:

  • Sex
  • Hate
  • Alcohol
  • Firearms
  • Tobacco

For more on this topic, check out the CTIA’s Messaging Principles and Best Practices for 2019.


Ensure you comply with the TCPA, which dictates that you shouldn’t send messages during late hours. Refer to the regulation’s contents for exact hours. However, you shouldn’t send messages that late anyway—don’t you want high engagement?


Most of these best practices apply to guidelines set forth in the United States of America. If you’re reaching customers outside of U.S. regions, research best practices and laws in those areas. It’s always a best practice to act in a way that adheres to the most stringent regulations, which are usually applied in the United States, Canada, and countries part of the European Union.

New Stuff!