Review criteria
When you submit a campaign registration, reviewers evaluate your application against eight criteria. Understanding these criteria helps you prepare a complete submission that passes review on the first attempt.
1. Brand identity
What to do: Register your brand with accurate, verifiable business information. Your legal business name, EIN, physical address, support email, and phone number must match public records and be consistent across all registration fields.
Why: Reviewers confirm that the registering entity is a real, legitimate business. They cross-reference your registration details against public business records, your website, and your messaging content.
Legal business name matches state or federal records
EIN is valid and belongs to the registering entity
Physical address is complete and verifiable (not a PO Box)
Support email uses a branded domain (not Gmail, Yahoo, Outlook, or other public providers)
Support phone number is active and reachable
DBA name (if used) is consistent with brand registration
Only one brand is registered per EIN
Brand vetting is complete before submitting campaigns
| Mistake | Related denial title |
|---|---|
| Using a public email domain for support | Public email domain |
| Physical address cannot be verified | Brand address invalid |
| Same EIN registered for multiple brands | Brand multi-use |
| Website missing or inaccessible | Invalid brand URL |
| DBA name doesn't match legal entity | DBA name mismatch |
| Brand vetting score too low | Brand invalid vetting |
| Brand not verified before campaign submission | Brand unverified |
| Support phone number missing or invalid | Invalid brand phone number |
Tip
Good: "Acme Health Services LLC" with EIN matching IRS records, physical address at 123 Main St Suite 400 Austin TX 78701, support email support@acmehealth.com, phone (512) 555-0100.
Bad: "Acme Health" with a Gmail address, unverifiable PO Box, and disconnected phone number.
2. Website verification
What to do: Provide a live, publicly accessible website URL that clearly identifies your business, describes your services, and demonstrates a connection to your declared messaging use case.
Why: Reviewers visit your website to confirm the business exists, operates legitimately, and that the messaging program aligns with the business described on the site. The website must be accessible without authentication.
URL resolves and loads without errors
No login or authentication required to view
Business name is clearly displayed
Contact information is visible
Services or products are described
Content relates to the declared messaging use case
No prohibited content visible (SHAFT, gambling, illegal substances)
Site has substantive content beyond a single form
Domain has clean reputation (not flagged for malware or phishing)
| Mistake | Related denial title |
|---|---|
| URL is broken or doesn't resolve | Invalid brand URL |
| Site requires login to access | Website requires authentication |
| Only a lead capture form with no business context | Website contains only a form |
| Not enough information about the business | Insufficient website content |
| Domain flagged in threat intelligence databases | High-risk domain reputation |
| Website references affiliate marketing | Non-compliant brand affiliation |
| Website references prohibited content categories | Non-compliant brand affiliation |
Tip
Good: https://www.acmehealth.com with About, Services, Contact, Privacy Policy, and Terms pages. The site describes appointment reminder and health notification services.
Bad: A single-page site with only a phone number collection form, or a URL that returns a 404 error.
3. Campaign description
What to do: Write a clear, specific description of what messages you send, who receives them, and why. The description must match your selected use case, sample messages, and website content.
Why: Reviewers read your campaign description to understand the purpose of your messaging program. Vague, inconsistent, or mismatched descriptions are among the most common reasons for rejection.
Clearly states what type of messages are sent
Identifies who receives messages (customers, patients, subscribers)
Explains the business purpose
Matches the selected use case category
Consistent with sample messages
Consistent with website content
Brand name in description matches registered brand
Written in English
Unique content (not copied from other fields)
Single brand per campaign (not multiple companies)
If ISV: identifies the end brand, not the platform
| Mistake | Related denial title |
|---|---|
| Description doesn't match samples or use case | Campaign mismatch |
| Too vague to understand the program purpose | Campaign unclear |
| Brand name doesn't match registration | Campaign to brand mismatch |
| Same text pasted across multiple fields | Duplicate content across fields |
| Non-English content without translation | Non-English campaign content |
| Multiple brands referenced in one campaign | Multiple brands in one campaign |
| Describes personal or P2P messaging | Personal or P2P use case detected |
| Direct lending not declared as content attribute | Campaign undeclared direct lending |
| ISV registered instead of end brand | Invalid brand business connection |
Tip
Good: "Acme Health Services sends appointment reminders, lab result notifications, and prescription refill alerts to patients who opted in through our patient portal. Messages are sent when appointments are scheduled, results are available, or refills are ready."
Bad: "We send messages to users." or "Testing SMS for our app."
4. Use case classification
What to do: Select the use case category that most accurately describes your messaging program. Ensure your campaign description, sample messages, and opt-in materials all align with the selected category.
Why: Reviewers verify that your selected use case matches the actual content of your campaign. Mismatches between the declared use case and your messaging content trigger rejections.
Selected use case matches campaign description
Selected use case matches sample messages
Content attributes correctly selected (e.g., direct lending)
Not using a test use case for production traffic
Charity use case selected if soliciting donations
Political use case selected if sending political messages
Use case is a permitted category (not prohibited content)
Only one campaign per use case (no duplicates)
| Mistake | Related denial title |
|---|---|
| Samples indicate charity but use case is not Charity | Campaign mismatch: charity |
| Samples indicate political but use case is not Political | Campaign mismatch: political |
| Same use case duplicated across multiple campaigns | Campaign multi use |
| Test or non-production use case for live traffic | Campaign non-compliant content: non-subscriber facing |
| Direct lending content without content attribute selected | Campaign undeclared direct lending |
| Emergency alert use case (not permitted for 10DLC) | Emergency alert use case not permitted |
| Campaign not qualified for selected use case | Campaign not qualified for use case |
Tip
Good: Use case "Customer Care" selected for a campaign sending order confirmations, shipping updates, and support responses. Sample messages show order status and delivery notifications.
Bad: Use case "Marketing" selected but sample messages contain two-factor authentication codes.
5. Message samples
What to do: Provide at least two distinct sample messages that represent the actual messages your campaign sends. Include your brand name, use brackets for variable content, and include opt-out instructions in at least one sample.
Why: Reviewers read your samples to verify they match your declared use case, contain your brand name, and don't include prohibited content or restricted URL patterns.
At least two different sample messages provided
Samples reflect actual messages the campaign sends
Brand name appears in samples
Opt-out instructions included (e.g., "Reply STOP to unsubscribe")
Variable fields use brackets: [name], [order number], [date]
No public URL shorteners (bit.ly, tinyurl, etc.)
No prohibited content (SHAFT, gambling, illegal substances)
Samples match the declared use case
If embedded phone number is selected, it appears in samples
Each sample contains unique content
| Mistake | Related denial title |
|---|---|
| Brand name missing from samples | Sample message(s) mismatch |
| Samples don't match declared use case | Sample messages use case mismatch |
| Contains public URL shorteners | Sample message(s) URL shortener |
| Embedded phone selected but not in samples | Sample messages(s) embedded phone number |
| Prohibited SHAFT content in samples | Non-compliant message samples: SHAFT |
| High-risk financial content in samples | Non-compliant message samples: high-risk financial services |
| Gambling content in samples | Non-compliant message samples: gambling |
| Samples indicate charity but use case differs | Sample messages use case mismatch: charity |
| Samples indicate political but use case differs | Sample messages use case mismatch: political |
Tip
Good: - "Acme Health: Your appointment with Dr. [name] is confirmed for [date] at [time]. Reply HELP for help or STOP to cancel messages." - "Acme Health: Your lab results are ready. Log in to your patient portal to view them. Msg & data rates apply."
Bad: - "Your code is 123456" (no brand name, single sample) - "Click here: bit.ly/abc123" (public URL shortener)
6. Opt-in mechanism
What to do: Describe and demonstrate how end users provide consent to receive your messages. Provide accessible URLs or screenshots showing the complete opt-in flow with all required disclosures visible at the point of consent.
Why: Reviewers verify that you collect proper, affirmative consent before sending messages. The opt-in mechanism must show clear consent with all required disclosures visible where the user opts in.
Opt-in method clearly described (web form, keyword, paper form, QR code)
URL or screenshot provided and accessible without login
Brand name visible in opt-in flow
Message frequency disclosure present (e.g., "Up to 4 msgs/month")
"Message and data rates may apply" disclosure present
HELP and STOP instructions visible
Link to Terms and Conditions included
Link to Privacy Policy included
Privacy policy states mobile opt-in data is not shared with third parties
Consent checkbox is unchecked by default (not pre-selected)
Marketing consent is separate from transactional consent
Each declared opt-in method has complete workflow details
Consent is freely given (not bundled as condition of service)
| Mistake | Related denial title |
|---|---|
| No opt-in URL or screenshot provided | Opt-in workflow missing |
| Missing "message and data rates" disclosure | Opt-in workflow non compliant message and data rates disclosure |
| Missing message frequency disclosure | Opt-in workflow non compliant message frequency disclosure |
| Missing HELP/STOP instructions | Opt-in workflow non-compliant HELP or STOP |
| Missing privacy policy link | Opt-in workflow non compliant privacy policy |
| Missing terms and conditions link | Opt-in workflow non compliant terms and conditions |
| Consent not sufficiently explicit | Opt-in workflow insufficient consent |
| Brand name missing from opt-in flow | Opt-in workflow mismatch |
| Checkbox pre-selected by default | Opt-in checkbox missing or pre-selected |
| Marketing consent bundled with transactional | Marketing consent not separated |
| Opt-in data shared with third parties | Opt-in data shared with third parties |
| Missing required consent language | Non-compliant consent language |
| Multiple opt-in methods but incomplete details | Incomplete opt-in workflow details |
Tip
Good: Web form at https://www.acmehealth.com/sms-signup showing: - Unchecked checkbox: "I agree to receive appointment reminders via SMS from Acme Health (up to 8 msgs/month). Msg & data rates may apply. Reply STOP to cancel, HELP for help." - Links to Terms of Service and Privacy Policy below the checkbox.
Bad: A form that says "Enter your phone number" with no disclosures, or a pre-checked checkbox buried in Terms of Service acceptance.
7. Opt-out compliance
What to do: Configure compliant STOP, HELP, and opt-in confirmation messages. The STOP response must acknowledge the request, confirm no further messages will be sent, and include your brand name. The HELP response must provide at least one support contact method.
Why: Reviewers verify that recipients can easily stop messages and get support. Non-compliant opt-out, HELP, or opt-in confirmation messages are a common rejection reason.
STOP keyword triggers opt-out confirmation
Opt-out message acknowledges the request
Opt-out message confirms no further messages will be sent
Opt-out message includes brand name
HELP keyword triggers support response
HELP message includes brand name
HELP message includes at least one contact method (email, phone, or URL)
Email domain in HELP message matches brand
Opt-in confirmation message includes HELP and STOP instructions
Opt-in confirmation message includes message frequency
Opt-in confirmation message includes "Message and data rates may apply"
Opt-in confirmation message includes brand name
| Mistake | Related denial title |
|---|---|
| Opt-out message missing brand name | Opt-out message mismatch |
| Opt-out doesn't confirm messages will stop | Non-compliant opt-out message |
| HELP message missing support contact info | Non-compliant help message |
| HELP message brand name doesn't match registration | Help message mismatch |
| Opt-in message missing HELP/STOP instructions | Non-compliant opt-in message HELP and STOP |
| Opt-in message missing frequency or data rate disclosure | Non-compliant opt-in message |
| Opt-in message brand name doesn't match | Opt-in message mismatch |
| No opt-in confirmation message provided | Missing opt-in message |
Tip
Good: "Acme Health: You've been unsubscribed and will no longer receive messages from us. Reply HELP for assistance." Good HELP response: "Acme Health: For support, email support@acmehealth.com or call (512) 555-0100. Reply STOP to unsubscribe."
Bad: "You have been removed." (no brand name, doesn't confirm messages stop) Bad HELP response: "Text STOP to stop." (no brand name, no contact method)
Opt-out handling for OTP and 2FA programs
OTP and 2FA programs must adhere to the same opt-out response requirements as other use cases. If a recipient replies STOP to an OTP message, you must send a compliant opt-out acknowledgment response.
However, if your SMS program is compliant with all applicable regulations, you are not required to permanently opt out the recipient's phone number when they text STOP. A subsequent request for an OTP code by the end user (for example, initiating a new login attempt) is considered a new opt-in.
Your STOP response for OTP programs must meet the following requirements:
Include your brand or program name
Confirm the user is unsubscribed from the OTP program
Provide instructions for opting back in (for example, "request a new code to login")
Include HELP contact information
Be under 160 GSM characters with no special characters
Example STOP response for OTP: "You are unsubscribed from BRAND NAME OTP. Opt back in by replying OPT-IN KEYWORD or requesting a new code to login. Reply HELP for help or call xxx-xxx-xxxx."
STOP behavior on US Toll-Free Numbers
US Toll-Free Numbers handle opt-outs differently from Short Codes and 10DLC numbers. On a Toll-Free Number, the opt-out flow is managed at the network level by US carriers and cannot be customized by the sender.
When a recipient replies STOP to a Toll-Free Number, the carrier automatically blocks all future messages from that number and sends a network-level response. The sender cannot override this block. The recipient must text UNSTOP or START to the same number to resume receiving messages.
This means the OTP guidance above (a subsequent user-initiated request constitutes a new opt-in) does not apply to Toll-Free Numbers. On a Toll-Free Number, if a user texts STOP, they will not receive messages from that number again until they explicitly text UNSTOP or START — regardless of any subsequent actions they take in your application.
For OTP and password reset use cases on Toll-Free Numbers, account for this behavior when designing your messaging flow. Provide users with instructions to text UNSTOP if they need to re-enable messages.
8. Content compliance
What to do: Ensure your messaging content, website, and business do not involve prohibited or restricted content categories. If your content involves age-restricted products, implement a compliant age gate requiring date-of-birth entry.
Why: Mobile operators prohibit certain content categories entirely and restrict others to businesses with proper safeguards. Campaigns associated with prohibited content are rejected and may not be eligible for resubmission.
No SHAFT content (sex, hate, alcohol, firearms, tobacco/vape) without compliant age gate
No gambling content
No illegal substances (cannabis, CBD, controlled substances)
No high-risk financial services (payday loans, crypto, debt collection, credit repair)
No affiliate marketing or third-party lead generation
No sweepstakes messaging
No third-party job board content
If age-restricted products: age gate requires full DOB entry (not yes/no confirmation)
Privacy policy states mobile opt-in data is not shared with third parties
Terms and conditions include carrier liability statement
Terms and conditions include opt-out instructions
Terms and conditions include message frequency disclosure
Terms and conditions include customer care contact information
Terms and conditions include link to privacy policy
Terms and conditions include use case description
| Mistake | Related denial title |
|---|---|
| High-risk financial content (payday loans, crypto) | Campaign non-compliant content: high-risk financial |
| Cannabis or CBD content | Prohibited content: cannabis or CBD |
| Gambling content | Campaign non-compliant content: gambling. |
| SHAFT content without compliant age gate | Campaign non-compliant content: missing age gate |
| Affiliate marketing or lead generation | Campaign non-compliant content: affiliate marketing. |
| Sweepstakes content | Campaign non-compliant content: sweepstakes |
| Third-party job board content | Campaign non-compliant content: third party job boards. |
| Privacy policy allows third-party data sharing | Non-compliant privacy policy |
| Terms missing carrier liability statement | Non-compliant Terms and Conditions: carrier liability |
| Terms missing opt-out instructions | Non-compliant Terms and Conditions: opt-out instructions |
| Terms missing message frequency | Non-compliant Terms and Conditions: message frequency |
| Terms missing customer care contact | Non-compliant Terms and Conditions: customer care info |
| Terms missing privacy policy link | Non-compliant Terms and Conditions: privacy policy |
| Terms missing use case description | Non-compliant Terms and Conditions: use case description |
| Spam or phishing association detected | Spam or phishing association |
Next steps
If your registration was denied, see Rejection troubleshooting to find your specific denial reason and resolution steps.
For opt-in form examples, see Compliant opt-in examples.
For industry-specific guidance, see the vertical guides for your business type.
