United States SMS Best Practices, Compliance, and Features

United States SMS Market Overview

Market Conditions: The United States operates one of the world's most mature SMS markets. Three major carriers dominate: AT&T, Verizon, and T-Mobile. Despite the popularity of OTT messaging apps like WhatsApp and Facebook Messenger, SMS remains a critical communication channel with nearly universal reach. Android and iOS users are roughly evenly split, and both platforms fully support standard SMS features.

Key SMS Features and Capabilities in United States

The United States offers comprehensive SMS capabilities: two-way messaging, concatenation, and MMS support. Strong carrier infrastructure and standardized delivery protocols ensure reliable message delivery.

Two-way SMS Support

All major U.S. carriers fully support two-way SMS messaging. No restrictions apply beyond standard compliance requirements and proper A2P (Application-to-Person) registration through the 10DLC process.

Concatenated Messages (Segmented SMS)

Support: Yes, all major U.S. carriers support concatenation.

Message length rules:

• Single SMS: 160 GSM-7 characters or 70 UCS-2 characters
• Concatenated SMS: Up to 1,600 characters

Encoding considerations:

• GSM-7: Standard ASCII characters (160 characters per segment)
• UCS-2: Special characters, Unicode, and emojis (70 characters per segment)
• The system automatically switches to UCS-2 when you include emojis or special characters

Example: "Hello! 😊" uses UCS-2 encoding due to the emoji, limiting you to 70 characters per segment instead of 160.

MMS Support

All major U.S. carriers support MMS for rich media content: images, short videos, and audio clips.

Best practices:

• Keep files under 1 MB
• Use common formats:
  • Images: JPEG, GIF, PNG
  • Video: MP4
  • Audio: MP3, AAC

Recipient Phone Number Compatibility

Number Portability

All U.S. carriers support number portability, allowing users to keep their phone numbers when switching providers. Carriers maintain a central database to ensure proper message routing regardless of the current provider.

Sending SMS to Landlines

SMS delivery to landlines varies by carrier:

• Some carriers: Convert SMS to text-to-speech voice calls
• Other carriers: Fail delivery silently or return an error

Best practice: Verify number types before sending and filter out landline numbers from SMS campaigns.

Common error codes:

• Twilio: Error 21614 ("To number is not a valid mobile number")
• Sinch: 400 Bad Request with "invalid_to" error
• MessageBird: "recipient not reachable"

For proper phone number formatting and validation, use E.164 format (+1 followed by 10 digits for US numbers).

TCPA Compliance Requirements for SMS Marketing

U.S. SMS marketing requires compliance with multiple federal and state regulations. Understanding TCPA (Telephone Consumer Protection Act) requirements is essential to avoid costly penalties of $500–$1,500 per message.

Federal regulations:

• TCPA (Telephone Consumer Protection Act)
• CAN-SPAM Act
• FCC (Federal Communications Commission) guidelines

Industry standards:

• CTIA (Cellular Telecommunications Industry Association) guidelines

Additional requirements:

• State-specific regulations (California CCPA, Florida FTSA)
• A2P 10DLC registration through The Campaign Registry

Consent and Opt-In Requirements

Explicit Written Consent Required: Obtain explicit written consent before sending marketing messages. Your consent must be:

• Clear and conspicuous
• Specific to SMS marketing
• Obtained through affirmative action (checking a box, sending a keyword)
• Documented and stored for compliance

Sample consent language:

Best practices:

• Use double opt-in verification
• Clearly state message frequency and purpose
• Store consent records with timestamp, source, and opt-in method
• Include clear terms and conditions during opt-in

HELP/STOP and Other Commands

Required Keywords:

• Opt-out: STOP, UNSUBSCRIBE, CANCEL, END, QUIT
• Help: HELP, INFO
• Support both uppercase and lowercase

Required responses:

STOP response:

HELP response:

Language requirements:

• Support commands in English
• If marketing in other languages, provide translated commands
• Include opt-out instructions in every initial confirmation message

Do Not Call / Do Not Disturb Registries

The National Do Not Call Registry applies to SMS marketing. Follow these requirements:

• Check the registry every 31 days
• Remove registered numbers from your marketing lists
• Maintain internal do-not-contact lists
• Process opt-out requests within 24 hours
• Store opt-out records for 5 years

Time Zone Sensitivity

Time restrictions:

• Send only between 8 AM and 9 PM (recipient's local time)
• Respect stricter state-specific quiet hours
• Account for daylight saving time changes
• Emergency alerts may be exempt

U.S. time zones:

*Arizona and Hawaii do not observe daylight saving time.

A2P 10DLC Registration: Complete Guide

What is A2P 10DLC?

A2P 10DLC (Application-to-Person 10-Digit Long Code) is the required messaging standard for business SMS in the United States. All companies sending application-to-person messages using standard 10-digit phone numbers must register with The Campaign Registry.

Why 10DLC registration is required:

• Carriers use it to identify legitimate businesses vs spam
• Improves message delivery rates
• Increases throughput limits based on trust score
• Prevents carrier filtering and blocking

10DLC Registration Process

Required information:

• Business tax details (EIN/TIN)
• DBA/brand name
• Business type (LLC, sole proprietor, corporation)
• Industry and business category
• Organization address and primary contact
• Campaign details and sample messages
• Proof of consent collection (links to terms, privacy policy, opt-in forms)

Registration timeline:

• Brand registration: 1-3 business days
• Campaign registration: 1-5 business days
• Total time: 1-3 business days for most cases

Costs:

• Brand registration: One-time fee of $4-$15 (varies by provider)
• Campaign registration: One-time fee of $10-$15 per campaign
• Monthly fees: $1.50-$10 per campaign (varies by provider)

10DLC Throughput Limits and Trust Scores

Your message throughput depends on your brand's trust score:

How to improve your trust score:

• Complete business verification with third-party services
• Maintain low complaint rates
• Use consistent messaging patterns
• Register multiple use cases as separate campaigns

Phone Number Options and SMS Sender Types in United States

Alphanumeric Sender ID

Operator network capability: Not supported in the US market Registration requirements: N/A Sender ID preservation: N/A – Alphanumeric sender IDs are not displayed to US recipients

Long Codes (10DLC)

Domestic vs. International:

• Domestic 10DLC numbers fully supported with proper registration
• International long codes not supported for A2P messaging

Sender ID preservation: Yes, original number displayed to recipients Provisioning time: 1–3 business days after A2P 10DLC registration Use cases:

• Two-factor authentication
• Customer service
• Appointment reminders
• Transactional messages

Short Codes

Support: Fully supported across all major carriers Provisioning time: 8–12 weeks for approval and activation Use cases:

• High-volume marketing campaigns
• Time-sensitive alerts
• Two-factor authentication
• Customer loyalty programs

Short codes vs. 10DLC comparison:

Restricted SMS Content, Industries, and Use Cases

Prohibited Content:

• SHAFT (Sex, Hate, Alcohol, Firearms, Tobacco)
• Illegal substances
• Gambling without proper licensing
• Loan advertisements from third-party lenders
• Get-rich-quick schemes
• Deceptive marketing practices

Carrier Content Filtering Rules

Carrier Filtering Rules:

• Carriers screen messages for prohibited content
• Spam patterns trigger automatic blocking
• URL shorteners may be flagged as suspicious

Tips to Avoid Blocking:

• Use registered domains instead of shortened URLs
• Avoid excessive punctuation and all-caps
• Maintain consistent sending patterns
• Include clear opt-out instructions
• Use approved short codes or registered 10DLC numbers

Common spam triggers to avoid:

• Excessive caps: "FREE MONEY NOW!!!"
• Multiple exclamation marks or emojis
• Phrases like "click here," "act now," "limited time"
• Suspicious URLs or link shorteners
• Too many links in a single message

Best Practices for Sending SMS in United States

Messaging Strategy

• Keep messages under 160 characters when possible
• Include clear call-to-action
• Use personalization tokens thoughtfully
• Maintain consistent brand voice
• Include business name in each message

Example message templates:

Appointment reminder:

Order confirmation:

Sending Frequency and Timing

• Limit to 2–4 messages per week maximum
• Space messages evenly throughout the month
• Respect quiet hours and time zones
• Avoid major holidays unless relevant

Localization

• Primary language is English
• Consider Spanish for targeted demographics
• Use clear, region-appropriate terminology
• Avoid colloquialisms that may not translate well

Unicode considerations: Spanish characters like ñ, á, é, í trigger UCS-2 encoding, reducing your character limit from 160 to 70 per segment.

Opt-Out Management

• Process opt-outs in real-time
• Send confirmation of opt-out
• Maintain opt-out lists across all campaigns
• Regular audit of opt-out compliance

Opt-out processing flow:

1. User sends STOP keyword
2. System immediately adds number to suppression list
3. Send confirmation: "[Company Name]: You have been unsubscribed…"
4. Block all future messages to that number
5. Log the opt-out with timestamp for compliance records

Testing and Monitoring

• Test across AT&T, Verizon, T-Mobile networks
• Monitor delivery rates by carrier
• Track opt-out rates and patterns
• Regular testing of opt-out functionality
• Monitor for carrier filtering changes

Monitoring tools recommendations:

• Set up delivery rate alerts (flag if drops below 95%)
• Track opt-out rate increases (investigate if exceeds 2%)
• Monitor error code patterns by carrier
• Use carrier-specific test numbers for validation

SMS API Integrations for United States

Twilio

Twilio provides a robust SMS API with comprehensive documentation and strong support for US messaging requirements. Integration requires an Account SID and Auth Token from the Twilio Console. Learn more about Twilio SMS integration.

import { Twilio } from 'twilio';

// Initialize client with environment variables
const client = new Twilio(
  process.env.TWILIO_ACCOUNT_SID!,
  process.env.TWILIO_AUTH_TOKEN!
);

async function sendSMS(to: string, message: string) {
  try {
    // Send message using registered 10DLC number
    const response = await client.messages.create({
      body: message,
      to: to,  // Must be in E.164 format: +1XXXXXXXXXX
      from: process.env.TWILIO_PHONE_NUMBER,
      // Optional: statusCallback URL for delivery updates
      statusCallback: 'https://your-domain.com/webhook'
    });

    console.log(`Message sent successfully: ${response.sid}`);
    return response;
  } catch (error) {
    console.error('Error sending message:', error);
    throw error;
  }
}

// Webhook handler for delivery status
async function handleDeliveryStatus(req, res) {
  const { MessageSid, MessageStatus, ErrorCode } = req.body;

  console.log(`Message ${MessageSid} status: ${MessageStatus}`);

  if (ErrorCode) {
    console.error(`Error code: ${ErrorCode}`);
    // Handle specific error codes (21614, 30003, etc.)
  }

  res.status(200).send('OK');
}

Sinch

Sinch offers a straightforward REST API for SMS messaging with strong delivery rates in the US market. Authentication uses an API Token and Service Plan ID. Explore Sinch SMS integration for detailed setup.

import axios from 'axios';

class SinchSMSClient {
  private readonly baseUrl: string;
  private readonly headers: Record<string, string>;

  constructor(servicePlanId: string, apiToken: string) {
    this.baseUrl = `https://us.sms.api.sinch.com/xms/v1/${servicePlanId}/batches`;
    this.headers = {
      'Content-Type': 'application/json',
      'Authorization': `Bearer ${apiToken}`
    };
  }

  async sendSMS(to: string, message: string) {
    try {
      const response = await axios.post(
        this.baseUrl,
        {
          from: process.env.SINCH_NUMBER,
          to: [to],
          body: message
        },
        { headers: this.headers }
      );

      return response.data;
    } catch (error) {
      if (axios.isAxiosError(error)) {
        console.error('Sinch API error:', error.response?.data);
        // Handle specific error codes: 400 (invalid_to), 401, 403, etc.
      }
      throw error;
    }
  }
}

MessageBird

MessageBird provides a feature-rich API with strong support for US messaging compliance requirements. Authentication uses an API key. Check out MessageBird SMS integration documentation.

import { MessageBird } from 'messagebird';

class MessageBirdClient {
  private client: MessageBird;

  constructor(apiKey: string) {
    this.client = new MessageBird(apiKey);
  }

  sendSMS(to: string, message: string): Promise<any> {
    return new Promise((resolve, reject) => {
      this.client.messages.create({
        originator: process.env.MESSAGEBIRD_NUMBER,
        recipients: [to],
        body: message,
        // Optional parameters for US compliance
        reportUrl: 'https://your-domain.com/delivery-reports',
        type: 'sms'
      }, (err, response) => {
        if (err) {
          console.error('MessageBird error:', err);
          reject(err);
        } else {
          resolve(response);
        }
      });
    });
  }
}

Plivo

Plivo offers reliable SMS API services with strong US coverage. Authentication requires Auth ID and Auth Token. View Plivo SMS integration guide.

import plivo from 'plivo';

class PlivoSMSClient {
  private client: plivo.Client;

  constructor(authId: string, authToken: string) {
    this.client = new plivo.Client(authId, authToken);
  }

  async sendSMS(to: string, message: string) {
    try {
      const response = await this.client.messages.create({
        src: process.env.PLIVO_NUMBER,  // Your registered number
        dst: to,  // Destination number
        text: message,
        // Optional parameters
        method: 'POST',
        url: 'https://your-domain.com/delivery-status'
      });

      return response;
    } catch (error) {
      console.error('Plivo SMS error:', error);
      // Handle specific error codes
      throw error;
    }
  }
}

API Rate Limits and Throughput

Rate Limits by Provider:

• Twilio: 1–30 messages per second (varies by account type)
• Sinch: Custom limits based on service plan
• MessageBird: 6 messages per second (default)
• Plivo: 25 messages per second (default)

Throughput Management Strategies:

• Implement exponential backoff for retry logic
• Use queue systems (Redis, RabbitMQ) for high volume
• Batch messages when possible
• Monitor delivery rates and adjust sending patterns

Example: Redis queue implementation:

import Redis from 'ioredis';

const redis = new Redis();

// Add messages to queue
async function queueSMS(to: string, message: string) {
  await redis.lpush('sms_queue', JSON.stringify({ to, message }));
}

// Process queue with rate limiting
async function processSMSQueue(messagesPerSecond: number) {
  const delay = 1000 / messagesPerSecond;

  while (true) {
    const item = await redis.rpop('sms_queue');
    if (!item) {
      await new Promise(resolve => setTimeout(resolve, 1000));
      continue;
    }

    const { to, message } = JSON.parse(item);
    await sendSMS(to, message);
    await new Promise(resolve => setTimeout(resolve, delay));
  }
}

Error Handling and Reporting

• Implement comprehensive error logging
• Monitor delivery receipts via webhooks
• Track common error codes and patterns
• Set up alerts for unusual error rates
• Maintain detailed audit logs for compliance

Common error codes and solutions:

Webhook security best practices:

import crypto from 'crypto';

function verifyTwilioSignature(req, signature: string): boolean {
  const authToken = process.env.TWILIO_AUTH_TOKEN!;
  const url = `https://your-domain.com${req.path}`;

  const data = Object.keys(req.body)
    .sort()
    .reduce((acc, key) => acc + key + req.body[key], url);

  const expectedSignature = crypto
    .createHmac('sha1', authToken)
    .update(Buffer.from(data, 'utf-8'))
    .digest('base64');

  return expectedSignature === signature;
}

Recap and Additional Resources

Key Takeaways:

• Obtain explicit consent before sending messages
• Register for A2P 10DLC if using long codes
• Respect quiet hours (8 AM – 9 PM local time)
• Implement proper opt-out handling (STOP, HELP commands)
• Monitor delivery rates and compliance

Next Steps:

1. Review TCPA and CAN-SPAM Act requirements
2. Register with The Campaign Registry for 10DLC
3. Implement proper consent collection
4. Set up monitoring and compliance tracking

Additional Information:

• FCC Guidelines
• CTIA Messaging Principles
• The Campaign Registry
• National Do Not Call Registry
• E.164 Phone Number Format Guide
• 10DLC Registration Guide

Frequently Asked Questions

Q: Do I need to register for 10DLC if I'm only sending a few messages? Yes. All A2P messaging on standard long codes requires 10DLC registration, regardless of volume.

Q: Can I buy a list of phone numbers for SMS marketing? No. You must obtain direct, explicit consent from each recipient. Purchased lists violate TCPA regulations.

Q: What happens if I violate TCPA rules? Violations can result in fines of $500–$1,500 per message. Class action lawsuits are also common.

Q: How long should I keep consent records? Store consent records for at least 5 years to demonstrate compliance if challenged.

Q: Can I send SMS outside of 8 AM – 9 PM? Only for transactional messages (order confirmations, 2FA) or emergency alerts. Marketing messages must respect quiet hours.

Q: What's the difference between A2P and P2P messaging? A2P (Application-to-Person) is automated business messaging requiring 10DLC registration. P2P (Person-to-Person) is individual-to-individual communication not subject to the same regulations.

Q: How do I improve my 10DLC trust score? Complete business verification, maintain low complaint rates, use consistent messaging patterns, and register accurate campaign information with The Campaign Registry.

Troubleshooting Common Issues

Issue: Messages not delivering

• Verify 10DLC registration is complete
• Check E.164 phone number format (+1XXXXXXXXXX)
• Confirm number is not on DNC registry
• Test with different carriers

Issue: High opt-out rates

• Review message frequency (reduce if exceeding 2-4/week)
• Ensure content matches what users opted in for
• Check that messages provide clear value
• Verify timing respects local time zones

Issue: Messages marked as spam

• Remove URL shorteners (use full branded domains)
• Reduce caps and punctuation
• Include business name in every message
• Maintain consistent sending patterns
• Register your domain with carriers