Topic
This article offers guidance on avoiding common issues that might cause your 10DLC campaign to have delayed approval or be rejected
Environment
- Cytracom UCaaS
Description
All new 10DLC campaigns must comply with the wireless carriers’ codes of conduct. This article clarifies these requirements to help ensure successful and timely registration.
Common reasons for rejection
- Call to Action (CTA)
- Opt-out message
- SHAFT-C content
- Privacy Policy
- Lack of a website or online presence
- Non-compliance with Know Your Customer (KYC) guidelines
- Content attributes
- Sole Proprietor campaign
Call to Action
Campaigns can be rejected for an insufficient Call to Action (CTA) section. This section should contain a clear and concise description of how an end user signs up to receive messages. Opt-in must:be one-to-one, not shared with third parties, and not be implied. It must be clear, conspicuous, and can't be obscured within the terms & conditions and/or other agreement(s).
Examples of how to get users to opt in:
Phone number entry via the brand website
Customers opt-in by visiting the website and adding their phone number, and checking a box agreeing to receive text messages from the brand. If this opt-in option is not present on your website, the campaign will be rejected.
Clicking a button on a mobile webpage
If customers opt-in through a mobile page, provide its url in the brand details, campaign description, or sample message section of the registration form.
A message from the customer's mobile device containing an advertising keyword
In this case, customers would text a specific keyword (Such as "START" or "YES") in a reply to a campaign SMS message. To comply with 10DLC, customers must receive a response to their text which includes:
- the brand name
- confirmation of opt-in enrollment to a recurring message campaign
- how to get help
- clear instructions for opting out.
Signing up at a point of sale (POS) or on-site location
Opting in over the phone using interactive voice response (IVR) technology
Additional notes about CTAs:
- All traffic on behalf of a business, entity, or organization must have prior opt-in/consent.
- If the CTA mentions the opt-in collected on a website, the website must be provided. If it's not provided, the campaign will be declined.
- Even if the CTA mentions opt-in collected elsewhere, lead intake forms on the brand's website will be reviewed. If the phone number field is required, the disclaimer about the SMS opt-in must be included. Otherwise, the campaign will be declined.
Opt-out message
Acceptable opt-out language must include at least one of the following words: END, STOP, UNSUBSCRIBE, CANCEL. If you’re using an opt-out phrase, it must be separated by spaces (i.e., STOP2END is not acceptable; it should be STOP 2 END). Please make sure that at least one of your sample messages shows your opt-out.
Example: "[Insert Business Name:] You have an appointment for Tuesday at 3:00 PM, reply YES to confirm, NO to reschedule. Reply STOP to unsubscribe."
SHAFT-C content
The following types of content are prohibited on 10DLC: CBD, Cannabis, Sex, Hate, Alcohol*, Firearms, and Tobacco*. It’s also not allowed to be on the customer's website at all.
*Alcohol and Tobacco can be supported with robust age-gating and proper opt-in.
Example: If a chiropractor's office has CBD oils on its website, the campaign will be denied even if it's not directly related to CBD marketing.
Lack of a website or online presence
Please make sure to include any website or online presence the customer has. This could be a social media page, as long as our aggregator can access it and verify the business is who they say they are. Even if the customer avoids putting their website, our aggregator will still search to see if there's one associated with them. If there’s prohibited content on their website, the campaign will be rejected.
Non-compliance with Know Your Customer guidelines
Please follow proper Know Your Customer (KYC) guidelines for the campaign. The brand needs to reflect who will be sending the message to the customer, not the software behind the delivery.
Remember that the brand is the message sender. The Employer Identification Number (EIN) and company information should reflect the message sender, not you as the reseller.
Content attributes
Please confirm that your content attributes are correct when setting up your campaign. These fields can’t be changed, so you'll need to submit a brand new campaign if you’re rejected for any of these reasons.
Example: If a customer selects "no" for the embedded link but the sample content provided clearly shows links, they’ll need to resubmit their campaign with "yes" selected for the embedded link.
Sole Proprietor campaign
Not all carriers accept these campaign types, so they’ll be automatically rejected. You’ll then be charged the $15 fee and need to resubmit them later, so please hold off on submitting any new Sole Proprietor campaigns until further notice from Cytracom.
To learn more about 10DLC registration best practices and how to overcome campaign vetting rejections, please see 10DLC registration best practices and vetting rejection reasons.
Privacy Policy
All message senders must have an acceptable Privacy Policy when registering 10DLC campaigns. The most important aspect of the Privacy Policy mandates clearly describing how consumer data will be used and shared (if applicable), and how consumers can contact the message sender. A compliant Privacy Policy for 10DLC messaging should include the points below to help ensure that campaign registration and vetting are successful.
Consent
When a campaign is being vetted, the language presented in a sender's Privacy Policy is heavily scrutinized to ensure the message sender doesn't improperly claim to have the consumer’s consent to share end-user data with third parties for marketing purposes. While it's permissible for a business to share end-user data essential for business operations, the fundamental practice of sharing data to sell consumer information (leads) to third parties is a prohibited campaign type and will be rejected.
Privacy Policies are reviewed during vetting to ensure consumer data isn't transferred among various organizations. To successfully address these requirements, we recommend adopting and including a process in the Privacy Policy that demonstrates senders will refrain from sharing information consumer data.
Example: "Mobile information will not be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties."
Opt-out instructions
Message senders are required to acknowledge the consumer's right to opt out of a messaging campaign to ensure that message recipients’ consent remains intact. The Privacy Policy must also include instructions on how to opt out of future communications.
Example: “If you wish to be removed from receiving future communications, you can opt out by texting STOP, QUIT, END, REVOKE, OPT OUT, CANCEL, or UNSUBSCRIBE.”
We strongly suggest that each brand create a personalized Privacy Policy with accompanying SMS disclosures as discussed above. Bandwidth cannot provide guidance on what is legally required within a Privacy Policy. It's the responsibility of the message sender and their provider to research and ensure the Privacy Policy meets TCPA laws, as well as, individual carrier compliance requirements. For new, non-established brands entering the messaging space, there are online resources that can help you develop the required operational processes and Privacy Policy templates that will fit the unique needs of your business.
Note: If you're using online resources, your Policy, Practices, and Procedures must still include the above SMS disclosures and functions. Failure to adopt these practices may result in receiving a registration and vetting rejection (i.e., “805 - Compliant privacy policy is required on website”).
Additional Resources
Still have questions? Click here to learn how to contact Cytracom Technical Support.