View a markdown version of this page

Opt-in requirements checklist - AWS End User Messaging SMS
Quick readiness checkExpress written consentDisclosure languageOpt-in confirmation messageOpt-out handlingPrivacy and data handlingWebsite and brand presenceDocumentation to prepare10DLC-specific requirementsCommon mistakes that cause denial

Opt-in requirements checklist

Before submitting any registration (10DLC, Toll-Free, or Short Code), verify your opt-in workflow meets all applicable requirements. Incomplete opt-in documentation is the most common cause of registration denial.

Quick readiness check

Use this high-level checklist to confirm you are ready to submit before starting your registration. Detailed requirements for each item follow in the sections below.

Registration readiness checklist
Requirement Details
Opt-in consent Collected with a clear, affirmative action (not pre-checked or bundled as a condition of service)
Disclosures at point of consent Message frequency, "Message and data rates may apply", links to Terms and Privacy Policy, STOP/HELP instructions
Opt-in confirmation message Includes brand name, frequency, data rates disclosure, and STOP/HELP instructions
STOP and HELP keywords Configured and returning compliant responses with brand name
Privacy policy Live, publicly accessible, and explicitly states mobile opt-in data is not shared with third parties
Website Live, publicly accessible, and matches your registered brand name
Sample messages At least 2 messages ready, including brand name and opt-out instructions
Brand registration [10DLC] Approved before submitting campaign registration
Age gate [age-restricted content] Full date-of-birth entry (day/month/year) – not a simple yes/no confirmation

If all applicable items above are complete, you are ready to submit.

All messaging programs require express written consent from the end user before sending messages.

  • Consent is collected through a clear, affirmative action (checkbox, signature, or keyword reply)

  • Consent is freely given and not bundled as a required condition of completing a purchase or transaction

  • Consent language clearly identifies your brand or DBA name as the message sender

  • Consent language describes the type of messages the user will receive

  • Consent is specific to SMS/MMS messaging (not buried in general terms)

Disclosure language

Your opt-in flow must include the following disclosures at the point of consent:

  • Message frequency (for example, "Up to 4 msgs/month" or "Message frequency varies")

  • "Message and data rates may apply"

  • Link to your Privacy Policy

  • Link to your Terms of Service

  • Instructions on how to opt out (for example, "Reply STOP to cancel")

  • Instructions on how to get help (for example, "Reply HELP for help")

Opt-in confirmation message

After a user opts in, your first message must include:

  • Your brand name or DBA name (must match registration)

  • Message frequency disclosure

  • "Message and data rates may apply"

  • STOP instructions (for example, "Reply STOP to unsubscribe")

  • HELP instructions (for example, "Reply HELP for support")

Opt-out handling

  • STOP keyword immediately halts all messaging to that number

  • STOP confirmation message is sent (one final message acknowledging opt-out)

  • No further messages are sent after opt-out unless the user re-opts in

  • HELP keyword returns support contact information

Privacy and data handling

  • Privacy policy is publicly accessible at the URL provided in registration

  • Privacy policy discloses that phone numbers are collected for messaging

  • Opt-in data (phone numbers, consent records) is not shared with unauthorized third parties or affiliates

  • Terms of service are publicly accessible at the URL provided in registration

Website and brand presence

  • Website URL provided in registration is live and accessible

  • Website content matches the registered brand name or DBA

  • Website content is consistent with the declared use case

  • [10DLC] Opt-in workflow is visible on the website or documented with hosted screenshots

Documentation to prepare

Gather these before starting your registration submission:

  • Opt-in workflow description (all methods: web form, paper form, verbal, keyword, QR code)

  • Screenshots or URLs showing the opt-in point of collection

  • Sample messages (at least 2) that represent your actual messaging content

  • Privacy policy URL

  • Terms of service URL

  • Opt-in confirmation message text

  • For non-public opt-in flows: hosted screenshots demonstrating the full consent flow

10DLC-specific requirements

These items apply only to 10DLC campaign registrations:

  • Brand registration is approved before submitting campaign registration

  • Campaign use case accurately describes your messaging program

  • Message samples match the declared use case

  • If using age-restricted content (alcohol, firearms, tobacco/vape): age gate collects full date of birth (day/month/year) – a simple yes/no confirmation is not sufficient

  • If operating in a regulated vertical (lending, insurance, healthcare): include industry-specific compliance disclosures in your opt-in flow

Common mistakes that cause denial

Avoid these frequent issues:

  1. Brand name mismatch – The company name in your opt-in message or workflow must match your registered brand or DBA name

  2. Missing frequency disclosure – "We'll text you" is not sufficient; specify how often

  3. Bundled consent – Consent cannot be a mandatory checkbox required to complete a purchase

  4. Inaccessible website – Ensure your URL resolves and is not behind authentication

  5. Third-party consent sharing – Your privacy policy must not indicate that opt-in data is shared with affiliates for their own messaging programs