Is a pre-checked checkbox enough for SMS opt-in?

No. Pre-checked checkboxes do not meet the standard for express written consent. The consumer must take a deliberate action to agree, such as checking an unchecked box, clicking a button, or texting a keyword. The FCC has made it clear that passive consent methods are not sufficient.

How long does SMS consent last?

There is no universal expiration for SMS consent, but industry best practice is to treat consent as valid for as long as the consumer remains engaged. If someone has not interacted with your messages for 18 months or more, consider re-confirming their consent before continuing to message them.

Do I need double opt-in for 10DLC?

Double opt-in is not required by law or by 10DLC rules, but it is strongly recommended. It confirms that the phone number belongs to the person who signed up, reduces complaints, and provides stronger evidence of consent if your records are ever audited.

Can I transfer opt-in consent to another business?

Generally, no. Consent is given to a specific business for a specific purpose. You cannot sell, share, or transfer your opt-in list to another company. If another business wants to message the same consumers, they need to collect their own consent independently.

What records should I keep for opt-in consent?

Keep records of the phone number, the date and time consent was given, the method used (web form, keyword, paper form), the exact language of the disclosure the consumer saw, and the IP address or source if collected online. Retain these records for at least four years.

Opt-In Best Practices for SMS Marketing & 10DLC

How to collect, document, and manage SMS consent so your messages reach people who actually want to hear from you.

Getting opt-in right is the single most important thing you can do for your SMS program. Good consent practices protect you legally, improve your deliverability, reduce complaints, and build a subscriber list of people who genuinely want your messages. Poor consent practices lead to carrier filtering, legal exposure, and a damaged reputation.

This guide covers every aspect of collecting and managing SMS consent, from the different types of opt-in to practical methods for gathering consent and keeping clean records.

Understanding the Types of Consent

Not all consent is created equal. The type of consent you need depends on the messages you plan to send. Getting this wrong is one of the most common compliance mistakes businesses make.

Express Consent

Express consent means the consumer has agreed to receive text messages from you. This is the minimum standard for transactional and informational messages like order confirmations, appointment reminders, and account alerts. Express consent can be given verbally, in writing, or electronically. The consumer must knowingly provide their phone number for the purpose of receiving your messages.

Express Written Consent

Express written consent is the higher standard required for marketing and promotional messages. The consumer must sign or agree to a written disclosure that clearly states they will receive marketing texts, how often, and that consent is not required to buy anything. An electronic signature, such as checking a box on a web form, counts as written consent as long as the disclosure language is clear.

Rule of thumb: If the message benefits the consumer (order update, security alert), express consent is sufficient. If the message benefits your business (promotion, sale, upsell), you need express written consent.

Methods for Collecting Opt-In

There are several proven methods for collecting SMS consent. The best approach depends on your business model and how you interact with customers. Most businesses use a combination of these methods.

Web Forms

Web forms are the most common way to collect SMS consent online. A well-designed opt-in form includes a phone number field, a clear disclosure statement, and an unchecked checkbox or button that the consumer must actively engage with. The disclosure should appear directly next to the action element, not buried in a terms page.

Example Web Form Disclosure

"By checking this box, you agree to receive marketing text messages from BrightShop at the number provided. Message frequency varies, up to 4 msgs/month. Msg & data rates may apply. Reply STOP to cancel, HELP for help. Consent is not a condition of purchase. View our Terms and Privacy Policy."

Key requirements for web forms:

The checkbox must be unchecked by default
The disclosure text must be visible without scrolling or clicking a link
The phone number field should validate format before submission
Log the timestamp, IP address, and the exact disclosure text shown

QR Codes

QR codes are increasingly popular for in-person opt-in. A customer scans a QR code in your store, at an event, or on packaging, and it opens a web page with your opt-in form or pre-populates a text message to your number. QR codes bridge the physical and digital worlds and make it easy for people to subscribe on the spot.

When using QR codes, make sure the landing page includes the full opt-in disclosure. The QR code itself is just a trigger; the consent still needs to be collected properly on the page it links to, or through a keyword response if the QR code triggers a text message.

Keyword Opt-In

Keyword opt-in is when a consumer texts a specific word (like JOIN or DEALS) to your phone number to subscribe. This is common in advertising where you might say "Text SAVE to 55555 to get weekly deals." The keyword triggers an automatic response that confirms the subscription and includes the required disclosures.

For keyword opt-in to be compliant, the advertisement or signage must include:

What the consumer is signing up for
The message frequency
That message and data rates may apply
How to opt out and get help

Example Keyword Flow

Customer texts: DEALS

Auto-response: "Welcome to BrightShop Deals! You will receive up to 4 promotional messages per month. Msg & data rates may apply. Reply STOP to cancel, HELP for help. Terms: brightshop.com/terms"

Point-of-Sale and Paper Forms

For brick-and-mortar businesses, you can collect SMS consent at the point of sale. This might be a paper form, a tablet at the checkout counter, or a verbal request followed by a confirmation text. The same disclosure requirements apply regardless of the medium. If using paper forms, keep the signed forms on file as evidence of consent.

Double Opt-In: The Gold Standard

Double opt-in adds a confirmation step after the initial sign-up. After someone submits their phone number, you send a text asking them to confirm by replying YES or clicking a link. Only after they confirm do they become an active subscriber.

While not legally required, double opt-in offers significant advantages:

Verifies ownership: Confirms the phone number actually belongs to the person who signed up
Reduces errors: Catches typos and wrong numbers before you start messaging
Stronger evidence: Provides a clear record of deliberate consent that holds up in disputes
Better engagement: Subscribers who double opt-in are more engaged and less likely to complain
Carrier trust: Carriers view double opt-in programs more favorably

Recommendation: If you are sending marketing messages, use double opt-in. The slightly smaller subscriber list is more than offset by higher engagement rates, fewer complaints, and stronger legal protection.

Record Keeping

Keeping thorough records of consent is essential for compliance. If you ever face a complaint, audit, or legal challenge, your records are your defense. Here is what you should track for every subscriber:

Phone number: The number that was opted in
Date and time: When consent was given
Method: How consent was collected (web form, keyword, paper, etc.)
Disclosure text: The exact language shown to the consumer at the time of opt-in
Source: Where the opt-in occurred (specific URL, store location, event name)
IP address: For online opt-ins, the IP address of the subscriber
Confirmation: For double opt-in, the confirmation response and timestamp

Retain these records for at least four years. The TCPA statute of limitations is four years, so you need to be able to prove consent for at least that long. Many businesses keep records indefinitely as a precaution.

Handling Consent Revocation

People have the right to withdraw their consent at any time, for any reason, and you must make it easy for them to do so. Here is how to handle revocation properly:

Immediate Processing

When someone texts STOP or uses any recognized opt-out keyword, their request must be processed immediately. Send a single confirmation message and remove them from your active messaging list. Do not send any further messages, not even a survey asking why they unsubscribed.

Multiple Revocation Channels

While the STOP keyword is the standard method, you should also honor opt-out requests received through other channels. If a customer calls your support line and asks to stop receiving texts, or emails you with an opt-out request, process it the same way. The FCC has stated that consumers can revoke consent through any reasonable method.

Re-Opt-In After Revocation

A consumer who previously opted out can choose to opt back in. They should text START, YES, or UNSTOP to your number. When this happens, send a new confirmation message with the full disclosure and treat it as a fresh consent. Keep records of both the original opt-out and the new opt-in.

Common Opt-In Mistakes to Avoid

Even well-intentioned businesses make consent mistakes. Here are the most common pitfalls:

Pre-checked boxes: Checkboxes must be unchecked by default. Pre-checked consent is not valid
Buried disclosures: Consent language hidden in terms of service or requiring a click to view does not count
Bundled consent: Combining SMS consent with email or other consent in a single checkbox reduces clarity
Purchased lists: Buying phone number lists and messaging them is not consent. Ever
Assumed consent: Just because someone is a customer does not mean they consented to marketing texts
Missing frequency: Failing to tell subscribers how often they will receive messages
No opt-out in first message: The first message to a new subscriber should include opt-out instructions
Ignoring revocation: Continuing to message someone after they opted out, even accidentally, is a violation

Opt-In and 10DLC Campaign Registration

When you register a 10DLC campaign, you must describe your opt-in process. The Campaign Registry and carriers review this information to ensure you are collecting consent properly. Here is what you need to provide:

A description of how you collect consent (web form, keyword, verbal, etc.)
The URL of your opt-in page if you collect consent online
A screenshot or description of your consent form
The exact disclosure language consumers see before opting in

Campaigns with clear, well-documented opt-in processes are approved faster and are less likely to be flagged by carriers later. Take the time to describe your process thoroughly during registration.

Pro tip: Keep a screenshot of your opt-in form and the disclosure language in a shared folder. Update it whenever you change the form. This makes campaign registration faster and gives you an easy reference if you need to prove your consent process.