The SMS Bible
By Ari Murray
I have many fears in life.
Cats, cottage cheese, hair cuts, and lawsuits.
Maybe it’s the law school drop out in me (1 semester was plenty, I can assure you), but it freaks me out to see brands getting sued for SMS violations, Accessibility violations, etc. It feels like it never stops – and there’s nothing scarier than a demand letter + lawsuit (well, except for cats). 🙀
Sorry, where was I?
Ah, yes – SMS lawsuits. The plaintiff’s playbook here is to spray and pray and to hurt brands in the process (as they collect
MILLIONS BILLIONS). If your SMS provider doesn’t have the records and a process to help you (both proactively throughout your SMS lifecycle but also reactively if one day you do get that dreaded demand letter), you are in a bad spot. An ugly A fugly spot.
What’s extra scary here is that even if you could and can win your lawsuit, if you’re not prepared – then these “nuisance” lawsuits can and do cost $10K – $100K to settle (legal fees aren’t cheap – hence why I wanted to be a lawyer back in the day!). 🛍️🛍️🛍️
It’s a code red critical decision to choose the right SMS partner – the one that has the most TCPA/FTSA/OTSA experience and that really knows the space. Like Postscript (who I talk about often and use for each and every one of my clients). If I’m working with you and you’re sending SMS – we are using Postscript.
This isn’t the sexiest subject – I’d rather talk about shopping – but in my opinion it couldn’t be more important to not fuck this up. You need to know what the laws are, what you need to do, and who to use.
With that, let’s break it down. Take notes, there’s going to be a
pop quiz at the end (and I’m a mean grader 🧛♀️).
ON SMS COMPLIANCE
At a high level, any and every brand that is sending texts out using an SMS platform (AKA those cute little texts are being sent over an API rather than manually by a real person), must stay compliant in 4 key areas:
📱:TCPA (federal rules)
This is mainly Florida right now but Oklahoma and Washington have recently added their own requirements with more states talking about adding their own rules – CONFUSING. BETTER BE PREPARED/ THINGS CHANGE ALL THE TIME.
📱:CTIA (the governing carrier org)
📱:Carrier enforced best practices
^ I know all of this because Postscript makes sure that I know all of this. Every Postscript brand is taught the fundamentals – but is also actively guided through the details at every single step of the way. It’s easy to be compliant when you’re being babysat. I love to be babysat – again – I’m not a lawyer. I’m a law school drop out and I want ALL OF THE HELP I CAN GET FROM MY TECH PARTNERS. Don’t you?
Okay, back to our lesson.
(AKA, FEDERAL SMS RULES)
WHAT IS TCPA?
Here’s an overview of what you need to know and do regarding TCPA as it applies to text messages sent from an automated system:
⚖️: Obtain Consumer Consent. You must get consent from a consumer before messaging them. Marketing messages require a higher level of consent known as prior express written consent which requires very specific language (CAN YOU TELL I GOT THIS FROM THE POSTSCRIPT LEGAL TEAM – LOVE THEM).
🏹: These rules apply to pop ups, checkout opt in, social media/email that let subscribers opt in, and any package where a keyword or QR code that allows subscribers to opt in.
🏹: Note that some of these opt in points will live outside of your sms platform (social media, email, display of keywords and/or QR codes). Here, brands will need to add compliance language – and Postscript helps you know just what to say.
⚖️: Support Opt out Requests. You must make it easy for consumers to unsubscribe from receiving your texts, and you must honor their request to unsubscribe immediately. DON’T MESS THIS UP!
⚖️: Honor Quiet Hours. The federal TCPA suggests that messages be sent only between 8am and 9pm. Florida, Washington, and Oklahoma TCPA laws are more specific and require messages be sent only between 8am and 8pm local time. And, fun fact alert: Florida and Oklahoma contain 2 time zones in a single state. Gets complicated quickly without the right partners!!
OTHER THINGS TO KEEP IN MIND:
☎️: A clear opt in is crucial. It’s great (from a compliance standpoint) to have terms presented in the right spot EVERY time (including class action waivers and arbitration provisions, to keep magnitude down).
☎️: Double opt in. There’s really no excuse not to. This helps ensure you get more engaged customers and solve for subscribing a friend or mistyped numbers (see strict liability above… doesn’t matter if it’s not your fault).
(THE GOVERNING CARRIER ORG)
What is CTIA?
Mobile carriers ALSO have regulations that we must follow. Many of these non-negotiable rules are enforced through the mobile carrier association (CTIA). They manage audits on behalf of the carriers.It’s serious stuff.
The risk of violating mobile carrier compliance is that the carriers have a lot of power. They, for example, have the power to filter (NOT SEND) your messages, or shut down your SMS program all together if you f with them.
So stay compliant so you can stay texting. The requirements are:
⚖️:Promote Compliantly. The CTIA requires specific disclosures be present on text messaging promotional materials (your CTAs).
⚖️: Collect Email and Phone Numbers Separately. Fields for collecting email addresses and phone numbers (for text messaging purposes) should be on separate screens or separated by a significant distance and with distinct consumer disclosures + their own submit buttons.
⚖️: Include Your Org’s Name in Messages. The mobile carriers require your name be included in every message (Postscript builds this in).
⚖️: Send an Opt In Confirmation. The 1st message you send to a consumer after they opt in must be a confirmation of their opt in.
Like this: [Brand Name]: You’re subscribed! Reply STOP to unsubscribe, HELP for help. Msgs powered by Postscript.
ARE YOU USING A DOUBLE OPT IN? You should. It’s highly recco’d that brands use double opt in (this is asking your consumers to reply Y to subscribe to texts before they see the opt in confirmation message).
Double opt in falls under both TCPA & carrier requirements/best practices. AS MENTIONED, YOU NEED TO DO IT.
⚖️: Support Opt out Requests. You must make it easy for consumers to unsubscribe from receiving your texts, and you must honor their request to unsubscribe immediately.(i.e. Text STOP to cancel). Postscript builds this in, because they have our back.
⚖️: Provide Customer Support Info. You must provide consumers with contact information for getting help with your text messaging program (i.e. Text HELP for help).
⚖️: Limit Abandoned Cart Reminders. You must limit abandoned cart reminders to 1 per shopping cart event and send it within 48 hours of the event. Did you know that not all SMS platforms have built in guardrails to protect you here? Postscript does, because 😇.
⚖️: Avoid Prohibited Content (AKA SHAFT). The primary types of prohibited content, collectively known as SHAFT are: Sex*, Hate, Alcohol*, Firearms, Tobacco
*With proper age gating and on short codes only, it’s possible to obtain carrier approval for alcohol and sexual wellness products.You HAVE TO work with a trusted SMS partner to support here (like my beloved angel Postscript) – otherwise you’re going to mess this up and that would SUCK.
Okay, that was a lot. Recess time.
Now, where were we?
The goal here (in this love letter to compliance) is to make sure you know what to do from the second you send your first SMS. It all comes down to choosing the right tech – the right partner makes compliance easy (the Postscript’s of the world). The wrong partner makes getting sued easy.
What we need here is a dedicated and educated team of experts that live and breathe SMS. The type of team that makes SMS compliance their brand, their mission, and their business.
From my one semester of law school, and from the lawyers at Postscript, I’ve learned/ been reminded that law is “strict liability”. So, the best of intentions don’t save you – this is black and white, right or wrong, you have it or you don’t type of stuff.
Postscript makes sure that we stay ready, so that we don’t have to get ready.
To recap, they make sure that we have:
✅: Clear Opt ins
✅: With great terms presented in the right spots every time (including class action waivers and arbitration provisions, to keep magnitude down)
✅: Double opt in
✅: Maintained records showing compliant opt in for 5 years of EVERY subscriber
And, this all goes above and beyond lawsuits. Carriers are under increased FTC pressure to combat both fraud and spam, and those pressures result in deliverability problems and a disruption of service if you aren’t careful.
So, be careful. You never know what’s around the corner if you get this wrong… 🐈
Luckily, a lot of compliance is actually made simple if you have the right partner. If you ever get a demand letter, you’ll need to / want to reach out to your SMS provider for guidance. This alone varies a lot and not all providers will answer compliance questions or provide documentation of opt ins. Some providers will literally refer you to talk to your lawyers / outside counsel – THAT’S NOT HELPFUL, NOW IS IT??!!
But, did you know that if you go with a compliance-forward company like my beloved Postscript – you’ll be able to work directly with their IN-HOUSE compliance team in the case of a demand letter? THAT’S HELPFUL – NOW ISN’T IT!! <3
Postscript literally offers biweekly office hours with Postscript’s attorney so that brands can ask questions. They’re around so that we never have lawsuit-hell-dreams. This is great, and good sleep is anti-aging. Another reason to pick Postscript – your face will thank you!
Alright, the bell has rung. You’ve done fabulously. I hope I was an okay teacher – I don’t know everything about anything but I do know a lot about which tech partners are worth using. Postscript is my select for SMS, for all of the reasons above – but also after using them across 50 brands in the last 2 years. I know what I’m talking about here, and none of my brands get sued. 🙂