This guide explains general TCPA compliance concepts for informational purposes only. It is not legal advice. Consult a licensed attorney for your specific situation, especially before launching any automated messaging program.
What Is the TCPA?
The Telephone Consumer Protection Act (TCPA) is the primary federal law governing commercial text messages and automated calls in the United States. Passed in 1991 and significantly updated since, it sets rules for when businesses can contact consumers, what disclosures are required, and how to handle opt-outs.
The FCC enforces the TCPA, and violations can be costly: $500 to $1,500 per unsolicited message, with no cap on class action damages. A single misdirected marketing campaign to an opted-out list can expose a business to millions in liability.
For small businesses using automated text responses - including missed call text back tools - understanding the basics is not optional.
The Core TCPA Consent Framework
TCPA compliance starts with consent. The type of consent required depends on the type of message you are sending.
Service Messages in Response to Initiated Contact
When a consumer calls your business number and you do not answer, responding via SMS is generally considered a service message in response to their initiated contact. No prior written consent is required. This is the legal basis for missed call text back. The caller dialed you - that creates a transactional relationship that permits a single service-related SMS response.
Transactional Messages to Existing Customers
Appointment reminders, order confirmations, account alerts, and other transactional messages to existing customers are generally permitted under implied consent. The prior business relationship establishes that the customer reasonably expects this type of communication.
Marketing and Promotional Messages
Any text message that promotes a product, service, or business - including discounts, upsells, or promotional announcements - requires prior express written consent. This must be a clear, affirmative opt-in that specifically authorizes automated promotional texts. A verbal agreement is not sufficient.
Missed call text back sits firmly in the "service message" category. The caller initiated contact by dialing your number. The text response is a direct response to that action. PepperSend's AI responds only to the caller's specific inquiry - it never sends unsolicited promotional content. All messages include a mandatory opt-out footer. This is the same legal framework used by appointment reminder services, order notifications, and customer support texts.
10DLC Registration: What It Is and Why It Matters
10DLC stands for 10-Digit Long Code - the standard 10-digit local phone numbers used for business SMS. Starting December 1, 2024, the major US carriers (AT&T, Verizon, T-Mobile) and their aggregators require all A2P (Application-to-Person) business SMS sent from local numbers to be registered through the 10DLC system.
What 10DLC Registration Involves
- Brand Registration: Register your business entity with The Campaign Registry (TCR). Includes EIN, business name, address, and website.
- Campaign Registration: Register the specific use case for your SMS program (e.g., customer care, appointment reminders, marketing). Each campaign type has different throughput limits.
- Number Association: Link your specific phone numbers to the approved campaign.
What Happens If You Skip Registration
Unregistered messages are increasingly filtered or blocked entirely by carriers. As of 2025, unregistered 10DLC traffic is subject to a carrier-level 0% delivery rate on major networks. This means your missed call responses, appointment reminders, and follow-up texts simply do not arrive.
Toll-Free Numbers: A Different Path
Toll-free numbers (800, 888, 877, 866, 855, 844, 833 series) follow a separate Toll-Free Verification (TFV) process rather than 10DLC. The verification process is similar in intent: demonstrate that you have a legitimate business use case and proper consent practices. PepperSend supports both 10DLC local numbers and toll-free numbers.
- 10DLC brand and campaign registration handled during onboarding
- Your number is registered before the first message goes out
- Campaign type: Customer Care (covers service messages in response to inbound contact)
- Toll-free numbers also supported with TFV handled automatically
- Re-registration handled automatically when carrier requirements change
Quiet Hours: When You Cannot Send
Federal TCPA rules prohibit sending automated marketing messages before 8:00 AM or after 9:00 PM in the recipient's local time zone. This applies to the recipient's time zone, not yours.
For service messages responding to an inbound call, the quiet hours rule is more nuanced - courts have generally allowed transactional responses outside quiet hours on the theory that the consumer initiated contact. However, the safest practice is to queue responses that would arrive outside federal quiet hours and send them the next morning.
State-Temperature Compliance Model
PepperSend enforces a state-temperature compliance model - each state's regulatory heat level determines the enforcement strictness applied. All four layers are enforced in code on every outbound SMS, not as configurable options:
| Layer | Rule | Temperature |
|---|---|---|
| Federal TCPA | No marketing messages before 8 AM or after 9 PM recipient local time. Service responses to inbound calls have more flexibility, but queued delivery is safest. | Standard |
| Florida | Maximum 3 texts per day per recipient. Marketing only between 8 AM and 8 PM local time. | Strict |
| Connecticut | No unsolicited texts before 9 AM or after 8 PM local time. | Moderate |
| Texas | No telemarketing contact before 9 AM or after 9 PM local time. | Moderate |
How it works in practice: When a caller replies to an AI text-back after hours, the system checks the incoming area code against all applicable layers. If the caller is in Florida, the Florida 3/day counter is checked before the outbound is queued. For Connecticut and Texas callers, the permitted window is narrower than federal default. All other states fall under the federal standard. The key difference from competitors: PepperSend's single-egress SMS compliance architecture enforces all four layers automatically - not as optional settings that can be accidentally disabled.
State-Level Quiet Hour Rules
| State | Rule | Severity |
|---|---|---|
| Florida | Maximum 3 texts per day per recipient. Marketing texts only between 8 AM and 8 PM local time. | Strict |
| Connecticut | No unsolicited texts before 9 AM or after 8 PM local time. | Moderate |
| Texas | No telemarketing contact before 9 AM or after 9 PM local time. | Moderate |
| All other states | Federal TCPA applies: 8 AM to 9 PM local time for marketing messages. | Standard |
Opt-Out Requirements
TCPA requires businesses to honor opt-out requests promptly and maintain records of all opt-outs. The FCC's 2024 rule update reduced the mandatory opt-out honor window from 30 days to 10 business days.
Standard Opt-Out Keywords
Any messaging system must recognize and honor these standard opt-out keywords: STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, QUIT. When a recipient sends any of these, you must:
- Send a single confirmation message acknowledging the opt-out
- Cease all further messages to that number immediately
- Maintain a record of the opt-out
- Not send any additional messages even if the person re-subscribes and opts out again (the re-opt-in must be explicit)
Re-Opt-In: START and HELP
Recipients who opted out can re-subscribe by texting START or YES. HELP must return your business name, a brief description, and opt-out instructions. These are not optional - failure to respond to HELP is a TCPA violation.
If your system cannot confirm whether a number is opted out (e.g., a database error), the correct action is to not send the message. Sending a message when opt-out status is uncertain is a TCPA violation. PepperSend uses a fail-closed opt-out guard: if the opt-out database cannot be queried, the message is blocked rather than sent.
Required Disclosures on Business Texts
The first message in any business SMS program must include:
- Your business name
- A description of the messaging program
- Message frequency (or "message frequency varies")
- "Msg and data rates may apply"
- Opt-out instructions: "Reply STOP to opt out"
- Help instructions: "Reply HELP for help"
- A statement that mobile information will not be shared with third parties for marketing purposes
- Links to your Privacy Policy and Terms of Service
Example Compliant Footer
[Business Name]. Msg & data rates may apply. Reply STOP to opt out. Reply HELP for help. We will not share mobile information with third parties for marketing purposes. See our Privacy Policy and Terms for details.
PepperSend appends this footer automatically to every first-contact message. You do not need to manually add it to your templates.
The FCC's 2024 Consent Rule Update
The FCC updated TCPA consent rules in 2024 with three major changes that took effect through 2025:
- One-to-one consent requirement: A consumer's consent to receive messages from one business cannot be shared with or sold to other businesses. "Lead generation" consent forms that bundle consent for multiple businesses are no longer valid.
- 10-business-day opt-out honor window: Reduced from the previous 30-day window. Opt-outs must be honored within 10 business days of receipt.
- Robocall/robotext definitions expanded: AI-generated calls and texts now fall under TCPA restrictions regardless of whether they use an "autodialer" in the traditional technical sense.
The Revoke-Any-Reasonable-Manner Rule (Active Today)
Effective April 11, 2025, consumers can revoke consent to receive automated calls and texts through any reasonable method, not just by texting STOP. A phone call, a reply in plain English ("please stop texting me", "remove me from this list"), an email, or a written request must all be honored as valid opt-outs. The FCC's broader cross-category "Revoke-All" provision, which extends a single opt-out to every message type from the same sender, has been extended a second time and now takes effect January 31, 2027. But the core any-reasonable-manner rule is fully in force today.
For automated SMS programs, this means:
- Recognizing the standard keywords (STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, QUIT) is necessary but no longer sufficient.
- Revocations received through other channels (phone, email, web form, in-person) must be propagated to the SMS suppression list within 10 business days.
- An "opt-out keyword exact match only" policy is increasingly a compliance risk.
PepperSend honors all standard TCPA opt-out keywords (STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, QUIT) plus Telnyx's native opt-out event. For non-keyword revocations received through email, voice, or other channels, the admin dashboard exposes a one-click manual opt-out per contact, which writes to the same fail-closed suppression list used by the automated send guard. The opt-out is then enforced on every outbound send across the account.
TCPA and Missed Call Text Back: A Practical Summary
Here is how the TCPA framework applies specifically to missed call text back scenarios:
Single service response to a missed call
Texting someone who just called your business is a service message in response to initiated contact. Generally does not require prior written consent. Message must be service-related, not promotional.
AI conversation continuation (same session)
Continuing an AI text conversation that the caller initiated by responding to your first message is part of the same transactional session. The caller is engaging voluntarily. All messages must remain service-focused.
Follow-up marketing after the conversation ends
Sending promotional messages to someone who previously called you but did not explicitly opt in to marketing requires express written consent. The original missed call does not create ongoing marketing consent.
Texting a caller who has opted out
If someone has previously opted out of messages from your business, sending them any text - even a service message - violates TCPA. Opt-out status must be checked before every outbound message.