A2P Text Message Compliance

Twilio A2P Compliance

Over the last few years, Twilio has implemented a series of compliance measures for A2P (Application-to-Person) communication. This follows their 2021 introduction of 10DLC registration options and as of July 2023, introduced The Campaign Registry that serves as the next step in Twilio’s and mobile carriers effort to create a fully-verified U.S. messaging ecosystem.

This article will cover:

  • A2P Campaign Registry
  • Who is Twilio?
  • What is Campaign Registration?
  • Collecting Consent/Opt In
  • Consent/Opt in Requirements
  • What this means for you

A2P Campaign Registry

As of July 2023 all major U.S. telecommunications carriers will begin shutting down unregistered, non-compliant 10DLC (10 digit long code) messages to U.S. phone numbers. This means that wireless carriers now have the ability to block A2P (Application-to-Person) communication based on their perceptions of the trustworthiness of those messages. 

This means that ALL campaigns must be approved and registered to send text messages through this messaging network. 

Mongoose remains committed to helping ensure the best deliverability possible for your messages by making sure your campaigns are registered with Twilio. Within Mongoose, you will see guidance as you create new inboxes that reflect this registration process, the status of your registration, along with measures in place to ensure that messages cannot be sent from inboxes that are unregistered.

Once Mongoose has submitted your campaign(s) to Twilio, your campaign(s) are placed into a "In-progress/Pending" status and vetted by Twilio and a third party.  This vetting process for campaign registration is to combat fraud and ensure that the messages being sent via A2P are coming from trusted sources.

This process does take some time. Twilio anticipates this process to take up to 7 days but in some cases it may take longer.

What this means is that while your registration for personal and shared inboxes is "in progress", you will be unable to send messages until registration is complete.

More info and resources:

Mongoose Compliance Checklist

Mongoose Texting Compliance Questions

Information from Twilio regarding A2P Registration

The Changing Landscape of SMS Compliance-FYI (For Your Institution) Podcast Episode

Who is Twilio?

Twilio is one of the largest SMS gateway providers and handles the relationship between companies like Mongoose and the carriers (Verizon, AT&T, Sprint etc…) All messages sent to and from Mongoose are routed through Twilio which requires Mongoose to be in compliance with carriers and regulations. Other text messaging providers similar to Mongoose are also required to be in compliance.

What is Campaign Registration?

A campaign provides information to Twilio such as the types of content/text messages that are going to be sent from the numbers within the campaign. The campaign is what Twilio looks at for activity, throttling, and spam filtering. 

Campaign registration happens on two different levels in Mongoose:

  • Personal Inboxes
  • Shared Inboxes

Personal Inboxes are all registered under a single campaign registration for the organization. This registration is created and starts the registration process when the organization is first created.

For example:

Shared Inbox registration is held at the team level within Mongoose, so each team has its own campaign registration. When the first shared inbox in a team is created, it will start the campaign registration process for that team. 

For example:

Each of the above noted campaign registrations will be required to go through that vetting process. 

Part of the Campaign Registration process requires the submission of how your institution collects consent for the individuals you plan to text. 

See below on how to collect consent and the consent requirements.

Collecting Consent/Opt In

A main requirement by mobile carriers to help keep messaging free from spam and part of a trusted network is that anyone texting through A2P (Application to Person) must collect consent for the people they plan to text. 

This means that you must make clear to the individual they are agreeing to receive messages of the type you're going to send. You need to keep a record of the consent, such as a copy of the document or form that the message recipient signed, or a timestamp of when the customer completed a sign-up flow.

Note: Consent can't be bought, sold, or exchanged. For example, you can't obtain the consent of message recipients by purchasing a phone list from another party.

As a best practice, anywhere you ask an individual to provide you their mobile number; whether this is a student portal, application, form, alumni contact information updates etc.. you are including a clear call to action for that individual to opt in or opt out of receiving text messages. Below you will find the opt in requirements that are in place by Twilio and the carriers.

Within Mongoose, we also help ensure that contacts are aware of how to opt out of text messages by sending a compliance opt out text once you do begin texting with them.

Consent/Opt In Requirements

The following information MUST be included when collecting consent. The opt-in consent should be provided through a selectable checkbox for the end-user, and it should not be pre-selected.

  • Brief description of the types of messages being sent
  • Fee disclosure ("Message and data rates may apply")
  • Service delivery frequency ("4 messages per month", "Message frequency varies", etc)
  • Opt Out Directions(You can text STOP to opt out at any time...etc)
  • Customer care information (typically "Text HELP for help" or Help at XXX-XXX-XXXX)
  • Link to Privacy Policy describing how end user opt-in information will be used (This is a requirement by T-Mobile)
  • Link to Terms and Conditions  describing terms of service (This is a requirement by T-Mobile)

Here is an example of a form that contains all of the requirements that Twilio and Carriers are looking for when collecting consent.

What does this mean for you?

For new organizations that are using Mongoose for the first time:

  • During your onboarding, your client success manager will provide additional information regarding getting you registered which will include making sure you are collecting consent based on the requirements outlined above. 
  • For brand new teams and/or the first shared inbox in a team, you will see in-product guidance that will allow you to create the inbox but until registration is complete, you will not be able to send messages from it. 
  • If you don't have anything specifically implemented, don't worry, we'll help. 
  • If you are collecting consent but don't have all of the requirements above, you will need to make some updates to your forms etc.. to comply with the industry standards.

For current clients (not brand new)

  • Any personal or shared inboxes that are registered will stay registered.
  • For brand new teams and/or the first shared inbox in a team, you will see in-product notification that will allow you to create the inbox but until registration is complete, you will not be able to send messages from it. 
  • Any new team/shared inboxes that will be required to go through the registration process will need updated consent information for those to be approved.

Please note: These rules and regulations are constantly evolving to help combat fraudulent messaging practices. Mongoose is dedicated to staying up to date on the requirements and helping you stay compliant  which means these rules and regulations may change as new guidance is introduced by carriers. 

If you have any questions, please reach out to your Client Success Manager and/or our support team (support@hellomongoose.com)

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles