Toll-free verification compliance guidance is based on the CTIA Messaging Principles and Best Practices document. By complying with the principles provided here, the toll-free sender verification process should be straightforward and your toll-free campaigns should run without issue.
Note: If your toll-free number (TFN) has significant reported end user complaints, some wireless operators may slow down or suspend your campaign or numbers to prevent unwanted messaging on the toll-free network.
Below are specific requirements you must apply to any TFN verification request. Think of this as a checklist of things you should comply with in order to keep your messaging from getting flagged as spam, and to ensure your toll-free verification request is approved in a timely manner. While it may not work 100% of the time, a thorough authenticity check can help you identify red flags early on for businesses who may intend to send spam and/or phishing text messages. All the below demonstrates the veracity of the business owners, thus strengthening their credibility and legitimacy for compliance standards within the A2P Messaging Industry.
Business Information:
- Business name, address and contact info should correspond to the company who will be responsible for the content of the message.
- The business name should be the same name that is in the production message content, such as the confirmation message and HELP/STOP auto response messages and other production message content.
- Is the business legitimate?
- Does the business have a physical office address (not a resident's home address)?
- Is the business registered in their state or country's database?
- You can check a business registration status found in 10DLC & Toll Free Number Brand Identity Resources for reference.
- You can search a business in Better Business Bureau to see if the business is accredited in North America.
- Is the business a sole proprietorship or partnership?
- Sole proprietorships or partnerships should use DBAs ("doing business as") if they want to designate the company name as something other than the last names of the company’s owners.
- Example: "Summer Sprinkler Systems Inc." dba "John's Plowing Specialists"
- Sole proprietorships or partnerships should use DBAs ("doing business as") if they want to designate the company name as something other than the last names of the company’s owners.
- Is all required information for the end business (not ISV/Reseller) provided?
- Is the business considered an ISV (Independent Software Vendor) or Reseller?
- ISV/Reseller should NOT provide their own business info. for Toll-Free sender verification. TFN Verification is for the end business.
- Is the business website the URL of the end business/content creator (not ISV/Reseller)
- Is the website accessible to the public and displaying the content on the business website?
Expected Message Volume per Month:
- Is there an estimated amount provided on how many messages the end-business intend to send every month?
Use Case Summary:
- Clear, understandable program description, does it match the supplied message flow?
- Explanation on exactly what service the program is providing to its customers and the purpose of the brand's messages (i.e. appointment reminders, OTP alerts, etc.).
- The more descriptive the better it is to prevent push back and processing delays with verification.
- Multiple TFNs listed?
- Does the use case summary provide an explanation on why the brand needs more than 5 numbers?
- Typical business cases for multiple TFNs include multiple store locations, contact centers, regional coverage or testing environments for the various stages of their development cycle (Dev Test, QA, UAT, and Pilot).
- Verification supports up to 5 toll-free numbers for a single entity without needing to provide an explanation.
- Testing/Internal Employee Use Cases:
- Must be clear that the messages will be for testing or for the end-business's internal employees only.
- Example statements:
- “Internal SMS/MMS testing only"
- "Internal testing only – no production traffic"
- "Text messages will only be sent to (Business Name)'s internal employees and no production traffic will be sent out to the public"
- Example statements:
Ineligible Use Cases:
- Not all uses cases are allowed for business messaging. Deceptive, fraudulent, unwanted, or illicit content is not allowed.
Content Messages:
- Ensure the Program (brand) name is included in every message.
- Do not include public URL shorteners (like bit.ly links) in message content
Opt-In Description ("Call to Action"):
- The opt-in description should clearly describe how the business obtains the end user’s phone number in order to send a text message.
- The opt-in description must be specific – not “through the website”, or “over the phone”.
- Provide a link to, image of, or scanned copy of opt-in mechanism.
- Opt-in consent must be specific to the end business sending the message. Lead generation is not permitted. End users can only grant one-to-one consent to a particular message sender individually. A business cannot share opt-in consent with other entities.
- Marketing/Promotional Use Cases
- For marketing use cases, it’s important that users have opted-in to receive marketing content via express written consent (ex. checkbox on online form).
- Example Marketing/Promotional opt-in:
- For marketing use cases, it’s important that users have opted-in to receive marketing content via express written consent (ex. checkbox on online form).
- OTP/2FA Use Cases
- For One-Time-Passcode (OTP) and Two Factor Authentication (2FA) use cases, it’s important that users have opted-in to receive OTP/2FA content via informed consent in which the end user’s phone number is obtained/the end user is informed they will be receiving a text message at the phone number they provide.
- Example 2FA opt-in:
- For One-Time-Passcode (OTP) and Two Factor Authentication (2FA) use cases, it’s important that users have opted-in to receive OTP/2FA content via informed consent in which the end user’s phone number is obtained/the end user is informed they will be receiving a text message at the phone number they provide.
Terms and Conditions/Privacy Policy:
- It is important to review terms and conditions documents to ensure all applicable messaging terms and conditions (e.g., how to opt-out, customer care contact information, and any applicable privacy policy) are covered.
- It should be clear from privacy policy documents that the end user’s personal info will not be shared or sold to third parties for the purpose of marketing.
- Example statement for inclusion in privacy policy: “No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties."
Reference article - CTIA Messaging Principles and Best Practices
