SMS Consent Essentials: Understanding Opt-In Requirements for 10DLC

To legally send SMS messages - especially through 10DLC (10-Digit Long Code) - businesses must collect proper, documented consent from consumers.

This article explains what consent forms are, why they are required, the different types of consent, and includes fully compliant examples with all mandatory elements.

What Is a Consent Form?

A Consent Form (in the context of SMS/10DLC messaging) is a document or digital record that proves a consumer has given explicit permission to receive text messages from a specific company.

It is a requirement under U.S. federal law (TCPA), carrier rules, and CTIA messaging guidelines.

What Must a Consent Include?

To comply with TCPA, CTIA, and U.S. carrier (10DLC) requirements, every SMS consent form must include the following essential components. These elements ensure that consent is explicit, verifiable, and legally valid.

1. Company or Brand Name.

The form must clearly identify the business that will be sending SMS messages. This ensures the consumer understands who they are granting permission to.

Important: Consent given to one brand cannot be transferred, reused, or shared with another brand - even if the brands belong to the same parent company. Each brand must collect its own opt-in directly from the consumer. Internal sharing of SMS subscriber lists or opt-in records between business units is prohibited.

2. Explicit Consent Statement.

The language must be direct, unambiguous, and acknowledge permission to receive SMS messages. Example: “I agree to receive SMS text messages from [Company Name]”.

3. Consumer’s Phone Number.

The specific phone number that is opting in must be provided by the consumer. This confirms exactly which number will receive communications.

4. Purpose and Types of Messages.

The consent must describe the categories of messages the consumer will receive, such as:

  • promotional offers
  • appointment reminders
  • account alerts
  • delivery or order updates
  • and etc...

This ensures the consumer clearly understands what they are agreeing to.

5. Message Frequency Disclosure.

CTIA requires informing consumers about how often messages may be sent. Acceptable examples include:

  • “Message frequency may vary”
  • “Up to X messages per month”

6. Message and Data Rates Disclosure.

All campaigns must include the standard carrier-required notice: “Message and data rates may apply”.

This indicates that the consumer may incur SMS or data charges from their mobile provider.

7. Opt-Out and Help Instructions (STOP/HELP).

CTIA mandates that consumers must be informed how to stop or receive assistance. Required language:

  • “Reply STOP to unsubscribe”.
  • “Reply HELP for help”.

8. Signature or Timestamp (Proof of Opt-In).

Valid proof of consent varies by opt-in method:

  • Paper Form: handwritten signature + date.
  • Web Form: timestamp, IP address (recomended), and version of the form text shown at sign-up.
  • SMS Opt-In: message logs and carrier records.
  • Verbal Opt-In: call recordings or documented agent notes.

9. Privacy Policy & Terms of Use.

The consent must reference the Company’s Privacy Policy and Terms of Use and explain how the consumer’s phone number and opt-in information will be stored, used, and protected. Include a short, plain-language disclosure such as: “Your information will be used in accordance with the Company’s Privacy Policy and will not be sold or shared for third-party marketing without your consent”.

Types of Consent Forms

  • Paper Form: A physical, signed document.
  • Web Form / Online Opt-in: Checkbox on a website, landing page, signup page.
  • SMS keyword Opt-In: “START”. The consumer must always send the first message. You cannot initiate the conversation with a marketing or promotional SMS unless the consumer has already provided consent through another channel.
  • Verbal Opt-in: Consumer verbally agrees via a call or in person (must be recorded or logged).

Paper Consent Form

A Paper Form is a physical, handwritten consent form that a consumer fills out and signs to authorize a company to send them SMS messages.

Download the sample of paper consent form.

Verbal Consent Form

Verbal consent is a type of SMS opt-in in which a consumer verbally agrees—either in person or over the phone—to receive SMS text messages from a specific brand.

To be valid, verbal consent must include clear disclosure and explicit agreement. The company must also keep proof that the consent was properly obtained, along with documentation of how the consent was collected.

For verbal consent, the company should record the date and time the consent was given, as well as the method used to collect it (for example, a call recording or in-person confirmation). Supporting metadata—such as a timestamp and the agent’s personal information—should be stored, as these details are often required to demonstrate valid consent during audits.

In other words, every time a customer gives permission to receive SMS messages—following the verbal consent script—this information must be recorded by the agent and stored by the company.

Download the sample of verbal consent form.

Web Consent Form

A Web Consent Form (also called an online opt-in form) is a method of collecting explicit SMS opt-in consent from consumers via your website or landing page. It allows consumers to voluntarily provide their mobile number and agree to receive text messages from your company before you send any SMS communications. This is a common and compliant way to gather consent for 10DLC campaigns.

To be valid and compliant with TCPA/CTIA carrier requirements for 10DLC, a web consent form must include several required elements:

  1. Clear Identification of the Brand.
  2. Input fields for the consumer’s first name, last name, and phone number.
  3. Consumers must actively check a box to agree to receive SMS messages. The checkbox cannot be pre-selected, and it must be specifically for SMS consent only.
  4. The form can be submitted even if the checkbox remains unchecked, meaning users are not forced to provide consent in order to complete submission.
  5. The form should describe the type of messages the consumer will receive (e.g., promotions, updates, reminders).
  6. Must include the following disclosures: Reply STOP to opt out; Reply HELP for help; Message frequency varies; Message and data rates may apply; Carriers are not liable for delayed or undelivered messages.
  7. The form must link to your Privacy Policy and Terms of Service, explaining how phone numbers and opt-in data are stored and used.
  8. The system should capture the metadata at the moment the form is submitted by the consumer and transmitted to the server. This helps provide proof of consent for 10DLC registration and audits.