10DLC campaign registry vetting guide.
Source scope: CTIA, GSMA, and The Campaign Registry (TCR) — the official, standards-side material that drives vetting outcomes. This guide distills what passes vetting, the structure reviewers expect, and the mistakes that get applications rejected.
Sign up Messaging product overview
What 10DLC means in the official ecosystem
For U.S. 10DLC, The Campaign Registry states that any business that wants to use SMS on 10DLC to communicate with customers and/or employees must register, including businesses sending individual non-marketing messages. TCR treats all business messaging as non-consumer, or A2P, messaging. A Campaign is the messaging use case — it defines the type of content being sent, such as marketing, customer care, delivery notifications, fraud alerts, or other standard or special use cases.
CTIA uses the term Non-Consumer Messaging for messages sent by or to a business, organization, entity, political campaign, medical practice, school, nonprofit, customer-service operation, or similar sender. CTIA says these senders should follow non-consumer messaging best practices — especially around consumer consent, privacy, security, and unwanted-message prevention.
TCR separates ecosystem roles. A business sending messages is a Brand and generally registers through its messaging service provider. A Campaign Service Provider (CSP) can register directly with TCR and submit Brands and Campaigns into the 10DLC ecosystem. TCR describes itself as the centralized hub where CSPs register their customers' brands and messaging campaigns so the ecosystem knows what to expect.
The filing logic reviewers expect
A passing application creates one consistent compliance story:
Consistency matters because TCR requires a Brand to reach Verified or Vetted_Verified status before campaigns can be created. TCR says an unverified brand often fails because the legal company name and EIN do not match government records, and emphasizes correcting Brand details before resubmission, appeal, or vetting.
Once the Brand is verified, the campaign filing requires the selected Brand, use case, carrier-terms preview, detailed campaign description, message flow / call-to-action, sample messages, campaign and content attributes, connectivity partner, and reseller details where applicable.
Standards that matter most for a passable campaign
| Area | Official standard | Practical filing implication |
|---|---|---|
| Consent | CTIA: non-consumer senders are expected to obtain consent generally, express written consent for marketing, and allow revocation of consent. | Don't say "customers may receive texts" vaguely. Describe exactly how the user opts in. |
| Call-to-action | CTIA: the call-to-action should clearly disclose the program/product, originating number or code, sender identity, opt-in language, fees and charges, opt-out, customer care, and privacy policy. Opt-in details should not be hidden in terms. | Put the SMS disclosure next to the phone-number field or checkbox, not only in the privacy policy. |
| Opt-in evidence | CTIA: senders should retain consent details — timestamp, consent medium, the language or action used to secure consent, the specific campaign, IP address where applicable, phone number, and identity / session identifier. | Keep screenshots of the opt-in form and logs showing who opted in, when, where, and for which campaign. |
| One opt-in per campaign | CTIA: opt-in should not be transferable; it applies only to the specific campaign and sender for which consent was obtained. | Don't reuse appointment-reminder consent to send marketing unless the marketing opt-in was separately disclosed. |
| STOP / opt-out | CTIA: consumers must be able to opt out at any time. STOP must work, natural-language opt-outs should be honored, and no further messages should be sent after the final confirmation. | Include STOP in sample messages and configure STOP, END, UNSUBSCRIBE, CANCEL, QUIT, and similar terms. |
| HELP | TCR: HELP keyword handling is required, with a help message explaining how customers can contact the sender. | Include a real support phone number, email, or support URL in the HELP response. |
| Privacy policy | CTIA: senders should maintain a clear, easy-to-access privacy policy linked from the initial call-to-action and describing how information is collected, used, and shared. | The privacy policy should be live, branded, accessible, and consistent with the opt-in form. |
| Lists | CTIA: senders should not use rented, sold, or shared opt-in lists — they should create and vet their own. | Never describe lead-gen, affiliate, purchased, scraped, or shared lists as your consent source. |
| Links | CTIA: embedded links should not conceal the sender's identity, and linked websites should identify the owner and include contact information. TCR does not accept public URL shorteners such as Bitly or TinyURL. | Use your own branded domain, not public shorteners. |
| Security & abuse prevention | CTIA: service providers may block traffic where risk assessment suggests unwanted messages — fraud, grey routes, lack of authentication, or repeated abuse of best practices. | Align actual sending behavior with the registered use case and secure API credentials. |
GSMA's anti-spam code reinforces the same consent-first posture: it applies to unsolicited SMS / MMS, including commercial messages sent without consent and bulk fraudulent messages, and calls for customer consent, customer control, opt-out mechanisms, and records of how and when consent was received.
Model "success story" application
Below is a clean campaign filing that tells a coherent story. This is not a guarantee of approval — it's a standards-aligned pattern reviewers recognize.
Brand
- Legal name: Northstar Home Services LLC
- DBA: Northstar Heating & Air
- Website: Active site showing the same business name or DBA, real services, contact information, privacy policy, and terms.
- Tax / EIN: Entered exactly as registered with the IRS or government record.
- Brand status goal: Verified or Vetted_Verified before filing the campaign.
This matters because TCR says Verified status is required to register campaigns and send on 10DLC, and that legal-name / EIN mismatch is a leading reason for Unverified status.
Campaign use case
- Use case: Marketing, Standard
- Why not "Mixed": This campaign is promotional only. Service reminders, appointment updates, or support messages should be filed under a separate appropriate use case unless the business truly needs a mixed campaign and has consent covering each content type.
CTIA's one-opt-in-per-campaign rule makes separate, specific campaigns cleaner.
Campaign description
Northstar Home Services LLC, doing business as Northstar Heating & Air, sends recurring promotional SMS messages to customers and website visitors who explicitly opt in through our website form or by texting JOIN. Messages include seasonal HVAC offers, maintenance-plan promotions, and scheduling links. Messages identify Northstar Heating & Air, include STOP and HELP instructions, and are sent only to subscribers who consented to this marketing campaign.Message flow / call-to-action
Website opt-in: A visitor enters their mobile number on the "Get HVAC Offers by Text" form at northstarhomeservices.com/offers. The form includes an optional, unchecked SMS checkbox next to the phone-number field. The disclosure reads: "By checking this box, I agree to receive recurring marketing text messages from Northstar Heating & Air at the mobile number provided. Message frequency varies. Message and data rates may apply. Reply STOP to cancel or HELP for help. View our Terms and Privacy Policy."
Keyword opt-in: A customer may text JOIN to the Northstar 10DLC number after seeing the same disclosure on printed or web materials.This structure follows CTIA's requirements that the call-to-action disclose the program, sender identity, opt-in terms, fees, opt-out, customer care, and privacy policy — and that opt-in details not be hidden in unrelated terms.
Opt-in proof retained
Northstar retains the consent timestamp, opt-in source, exact disclosure shown, campaign name, phone number, IP address for web submissions, and customer / session identifier. That mirrors CTIA's recommended consent-record data.
Sample messages
TCR's guide shows Marketing as a campaign type requiring at least two sample messages, so provide at least two representative messages.
Sample 1 — Opt-in confirmation
Northstar Heating & Air: You're subscribed to recurring HVAC offers. Msg freq varies. Msg&data rates may apply. Reply HELP for help, STOP to cancel.Sample 2 — Promotional message
Northstar Heating & Air: Save $49 on a spring HVAC tune-up booked by May 31. Schedule: northstarhomeservices.com/schedule Reply STOP to cancel, HELP for help.CTIA says recurring-message confirmation should identify the program / product, provide customer-care contact or HELP instructions, explain opt-out, disclose recurrence and frequency, and include clear language about fees or charges.
STOP response
Northstar Heating & Air: You are opted out and will receive no further marketing texts. Reply HELP for help.Aligns with CTIA's guidance to send one final opt-out confirmation and then stop messaging that consumer for the campaign.
HELP response
Northstar Heating & Air: For help, call 555-555-1212 or email support@northstarhomeservices.com. Reply STOP to cancel.TCR requires the universal HELP keyword and a help message that tells subscribers how to contact the sender.
Campaign / content attributes
| Attribute | Value |
|---|---|
| Subscriber opt-in | Yes |
| Subscriber opt-out | Yes |
| Subscriber help | Yes |
| Embedded link | Yes — branded domain only |
| Embedded phone number | No, except HELP contact information |
| Age-gated content | No |
| Direct lending or loan arrangement | No |
| Affiliate marketing | No |
TCR requires opt-in for most campaign types except M2M, opt-out for most campaign types except 2FA and M2M, HELP handling, disclosure of embedded links, embedded phone numbers, age-gated content, direct lending / loan content, and a terms-and-conditions attestation about affiliate marketing.
Common filing mistakes that cause vetting trouble
- Legal-name / EIN mismatch.
- Vague campaign descriptions.
- Unclear opt-in source.
- Missing or hidden CTA disclosures.
- No privacy policy.
- Sample messages that don't match the use case.
- Public URL shorteners (Bitly, TinyURL).
- Rented, shared, scraped, or purchased lead lists.
- Using one consent event for multiple unrelated campaigns.
TCR specifically points to legal-name / EIN mismatch as a frequent brand-verification problem. CTIA warns against hidden opt-in details, rented or sold or shared lists, misleading links, and transferring consent between campaigns.