A2P 10DLC vetting for Twilio SMS
A2P (Application to Person) 10DLC (10 digit long code) is the standard that United States telecom carriers have put in place to ensure that SMS traffic to US end-users through long code phone numbers is verified and consensual, so as to reduce spam and unsolicited SMS.
Who needs to register for A2P 10DLC?
In line with the new regulations set by Telecom carriers in the USA and Canada, anyone sending SMS/MMS messages over a 10DLC number (or simply a local phone number) from an application to the US must register for A2P 10DLC.
Carriers consider all SMS traffic from Twilio and other Bitrix24 SMS providers to be sent from an application, so anyone using a 10DLC number with an SMS app to send SMS messages to the US will need to register.
Why should you register for A2P 10DLC?
-
Most of your outbound Twilio SMS from your CRM will not be delivered if you don't register.
-
It results in lower message filtering and higher messaging throughput.
-
Customers who send messages from a Twilio 10DLC number but do not register will receive additional carrier fees for sending unregistered traffic.
A2P 10DLC registration steps
A2P 10DLC registration can be done on the Twilio console. There are 2 major steps involved.
1. Create a brand
There are 3 types of brands on The Twilio console
-
Direct brand - You’re a business owner that uses Twilio messaging services to send and receive SMS to/from your customers. You have a business Tax ID
Follow this link to register on the twilio console
-
Independent Software Vendor (ISV) - You’re a software company that embeds Twilio APIs into your software solutions to power digital communications for your customers.
Register on the Twilio console
-
Sole Proprietor - You’re a student, hobbyist, someone working at an organization or someone trying out Twilio messaging products for the first time.
Register on the Twilio console
You can also use the chart below to determine your brand type.
You can see more information on the Official Twilio A2P 10DLC compliance guideline page
During the brand creation process, you also have to Provide your company information.
Here are some things to keep in mind:
-
The values you enter for company name and tax ID number (EIN) must exactly match the values on your tax registration document. If the document specifies “Yourbusiness, Inc.” you can’t simply say “Yourbusiness.”
-
Provide a secure website that represents your business. Registrations without a website, those that use websites that lack an SSL certificate to support the HTTPS protocol, and those whose websites display boilerplate content or templates are likely to be rejected. The website should include About Us, Contact Us, Terms & Conditions and Privacy Policy pages. A website without these pages will not be considered compliant.
-
Provide a working phone number — preferably, the same one mentioned on your website’s contact or support page. Twilio or TCR may attempt to verify the authenticity of this phone number.
-
Provide a working email address — preferably, the same one mentioned on your website’s contact or support page. A personal email address (ending in @google.com) from a provider like Gmail or Yahoo or one from a disposable domain is likely to result in your brand registration being rejected.
-
You must provide a unique contact address, email address, and phone number for each registration. TCR prohibits using the same contact information for multiple brands. Brands found in violation of this policy may be deactivated by Twilio or TCR.
** TCR - The Campaign Registry
2. Campaign registration
Once you’ve registered your brand, you can now register campaigns, which you can think of as use cases.
Each campaign must be an appropriate use case for the brand with which it is associated. For example, a clothing company should not try to create a campaign for food delivery messaging. TCR and carriers may reject campaign registrations that they deem unrelated to or inconsistent with the brand.
Campaigns that include the following will be rejected:
-
deceptive marketing
-
fraud/scam
-
SHAFT (sex, hate, alcohol, firearms, and tobacco)
-
cannabis promotion/sale
-
debt relief
-
high-risk financial services
-
third-party lead generation services
-
gambling
Campaign type
Campaigns must be categorized into any of 10 standard campaign types, or specified as mixed — a combination of two to five standard use cases.
-
2FA - Any two-factor authentication with passcodes used to unlock accounts
-
Account Notifications- Notification sent to account holders about changes in accounts
-
Customer Care - Customer care interactions by the support and other customer-facing teams
-
Delivery Notifications - Updates about the delivery of products and services
-
Fraud Alert Messaging
-
Higher Education - Messages sent by colleges, universities, and other educational institutions
-
Marketing - Communications related to time-bound events and sales
-
Polling and Voting
-
Public Service Announcement
-
Security Alert
Campaign description
For each campaign, provide a detailed description that includes the brand name, use case, and the type of messages you’ll send.
Message flow
Also known as call to action (CTA), the message flow describes how a customer opts in to a campaign, thereby giving consent to the sender to send messages. A compliant CTA should include the following:
-
Brand Information — name of brand sending these texts
-
Message frequency — for example, “You may receive up to two messages a week” or “Message frequency varies” or “Message will be sent when a user registers or changes password”
-
Pricing disclosure — for example, “Message and data rates may apply”
-
Link to your Terms & Conditions page
-
Link to your Privacy Policy
Your Privacy Policy must have a no-sharing clause that states subscriber information will not be shared with 3rd parties for their direct marketing purposes. For example, “No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.” -
Opt-in consent mechanism — the opt-in method and action taken by the user to subscribe
Opt-in methods may be web form, texting a keyword, paper form, verbal or mixed.
Web form: Website visitors submit a form agreeing to receive your texts. Specify the link to the form in the CTA. The web form should include opt-in language, links to your company’s Terms & Conditions and Privacy Policy pages, expected message frequency, pricing, HELP and OPT OUT information.
Here’s an example of a compliant web form with all the required detail
Sample message
You must provide sample messages of the actual messages you’re sending. They should adhere to A2P best practices and must contain your brand name and opt-out instructions.
For a mixed campaign, provide examples of each campaign type: 2FA, customer care, marketing, etc.
If your messages contain URLs or codes, use parameters within brackets to indicate them — for example, “Your <brand name=”“> verification code is {Code} for {URL}.”
Opt-out message
The opt-out message contains the response to the STOP keyword. The response must include:
-
Brand name
-
Acknowledgement of the opt-out request
-
Confirmation that no further messages will be sent
Help message
The help message contains the response to the HELP keyword. It must include:
-
Brand name
-
Support contact information (can be phone number, email address, and/or URL that leads directly to a support contact page)
-
Opt-out information
Campaign and content attributes
Finally, you need to declare whether your campaign involves any of a list of eight attributes. Please note TCR does not allow these attributes to be changed once a campaign is registered. If an attribute is incorrect, you will have to register a new campaign.
-
Subscriber opt-in — indicates whether you collect and process customer opt-ins, should be set as “True”
-
Subscriber opt-out — indicates whether you collect and process customer opt-outs, should be set as “True”
-
Subscriber help — indicates whether you have implemented message replies that tell customers how they can contact the message sender when they reply with the HELP keyword, should be set as “True”
-
Direct lending or loan arrangement — indicates whether this campaign includes content related to direct lending or other loan arrangements
-
Embedded link — indicates whether campaign messages will use an embedded link
-
Embedded phone number — indicates whether campaign messages will use an embedded phone number (other than the required HELP information contact phone number)
-
Age-gated content — indicates whether the campaign includes age-gated content as defined by carrier and CTIA guidelines
You must provide this information for every campaign you register. Be honest. If a campaign is related to loans, for instance, specify Yes for the Direct Lending or Loan Arrangement option. Businesses found to be providing incorrect attribute information may have their campaigns suspended.
How long does it take for a campaign to get approved?
All campaigns are manually reviewed by carriers and various aspects of the campaigns are examined closely. Campaign reviews now take between six and eight weeks.
If your brand or campaign registration is rejected because you didn’t follow these guidelines, you must make changes and ask Twilio to resubmit your application. It will take the same amount of time to get the campaign approved.
If you have questions about 10DLC registration, contact the Twilio support team.
- 28.11.2023
-
Stephanie Fubara