Free Tool

Free SMS Compliance CheckerTCPA & 10DLC

Paste your text message, opt-in language, or full SMS flow — get an instant compliance score, flagged risks, and copy-paste fixes for TCPA, CTIA / 10DLC, SHAFT, and state-law issues.

TCPA class-action filings jumped 283% in September 2025, and US carriers now block 100% of unregistered 10DLC traffic. Calilio's free SMS compliance checker scans your message against 49+ TCPA, CTIA, and FCC rules — including the January 27, 2026 one-to-one consent rule — and tells you exactly what to fix before it costs you $1,500 per message or your sending number. 100% private. No sign-up. Runs in your browser.

Check My SMS Now
100% Free No Sign-up 49+ Rule Checks 100% Private — Runs in Browser Updated for 2026
Compliant Caution High Risk Critical

Analyze your SMS

Fill any combination of tabs — the score updates live.

0 chars · 0 segments · GSM-7

Try:

Compliance report

Compliance score 68 out of 100, high-risk tier.

Paste a message or opt-in disclosure on the left to see your compliance score.

100% private — all analysis runs in your browser. Your message never touches a server.

Live examples

See how the SMS compliance checker works

Six real-world messages, scored live by the engine. Click any card to load it into the checker above and see every flagged issue.

Step by step

How to use Calilio's free SMS compliance checker

This SMS compliance checker works like a spell-checker for carrier and TCPA rules. Here's how to get a full read on your message in under two minutes — no sign-up, no setup.

  1. Step 1

    Paste your message

    Drop your draft SMS into the Message Content tab. The tool runs 49+ TCPA, CTIA, 10DLC, and SHAFT rule checks as you type.

  2. Step 2

    Add your opt-in language

    In the Opt-In Language tab, paste the consent disclosure from your signup form. This catches the issues behind most TCPA lawsuits — missing "automated", missing frequency, pre-checked boxes.

  3. Step 3

    Set your use case

    Pick your industry, message type, sending number type, and the states you target. State law toggles for Virginia, Texas, Florida, and California add jurisdiction-specific checks.

  4. Step 4

    Review your compliance score

    Get a 0–100 score, a plain-English verdict, and an itemized list of issues grouped by severity. Each issue includes a citation, the consequence, and a concrete fix.

  5. Step 5

    See the highlighted preview

    Your original message is shown with inline highlights — red for critical issues, amber for warnings, green for compliant phrases like "Reply STOP".

  6. Step 6

    Apply the suggested rewrite

    Copy the auto-generated compliant version with one click, or tweak it manually, then re-run the check to confirm the score improved.

  7. Step 7

    Download or share

    Copy your compliance report as Markdown for your legal team, or share a link with a colleague — the URL is encoded client-side, so your message never touches a server.

Coverage

What this free TCPA & 10DLC compliance checker catches

Most messages fail for boring, fixable reasons — a missing STOP, a bit.ly link, a pre-checked box. This TCPA compliance tool checks all of them, grouped into nine areas.

10 rules

TCPA Consent

Validates that your opt-in disclosure meets federal express written consent requirements, including the FCC one-to-one consent rule effective January 27, 2026.

8 rules

TCPA Opt-Out

Confirms your message and program properly support STOP, UNSUBSCRIBE, QUIT, CANCEL and END, and that opt-out instructions are actually visible.

12 rules

CTIA & Carrier Guidelines

Flags link shorteners, sender identity issues, excessive caps and emoji, frequency mismatches, and known carrier-filter triggers.

8 rules

SHAFT Content

Detects Sex, Hate, Alcohol, Firearms and Tobacco content, plus 10DLC-ineligible categories like cannabis, payday loans, debt relief and gambling.

8 rules

10DLC Registration

Checks brand and campaign registration status, sending number type, use-case match, and brand-vetting risks that lead to heavy filtering.

10 rules

State-Specific Laws

Covers Virginia SB 1339 (10-year opt-out retention), Texas SB 140 (treble damages), Florida's FTSA, California CCPA and more.

5 rules

Quiet Hours & Timing

Enforces the 8 AM–9 PM recipient-local-time window and flags message-frequency patterns that drive opt-outs and complaints.

2 rules

COPPA & Minors

Flags messaging directed at users under 13 without verifiable parental consent — a critical, non-negotiable issue.

4 rules

Deliverability Signals

Spam-trigger phrases, bare or insecure URLs, generic sender names, and identity mismatches that quietly tank your delivery rate.

The stakes

What happens if you skip SMS compliance?

Since February 1, 2025, US carriers block 100% of unregistered 10DLC traffic — no warnings, no throttling, just dead messages. TCPA class actions rose 283% in September 2025 alone. Here's the real-world math.

$500–$1,500

Per non-compliant message under the TCPA. Per recipient. No total cap.

$10,000

Per-violation T-Mobile fine for 10DLC content violations.

100%

Of unregistered A2P traffic blocked by US carriers since Feb 2025.

283%

Spike in TCPA class-action filings in September 2025 vs. the prior month.

Sources: FCC, T-Mobile Code of Conduct, National Law Review.

Without compliance

  • Messages blocked outright by carriers
  • $500–$1,500 per message in TCPA exposure
  • Class-action lawsuit risk — average settlement $1M+
  • Phone number flagged or blacklisted
  • Brand reputation damage

With compliance

  • 95%+ delivery rate
  • Documented opt-in protects you in court
  • Demonstrated good-faith effort
  • Number reputation stays clean
  • Customer trust grows

The deep dive

SMS compliance 101: TCPA, 10DLC, CTIA & SHAFT explained

What is the TCPA?

The Telephone Consumer Protection Act is a federal law passed in 1991 and enforced by the Federal Communications Commission, as well as through private lawsuits. It was written for the era of unwanted telemarketing calls, but courts have consistently extended it to text messages — a text is treated as a “call” for TCPA purposes.

In practice, the TCPA means three things for SMS: you need prior express written consent before sending marketing texts, you must give recipients a working way to opt out, and you can only send during permitted hours. “Prior express written consent” is a specific legal term — it means a clear, conspicuous disclosure that the person agreed to, in writing, that names your brand, says messages are automated, and states that consent isn't a condition of purchase.

The reason the TCPA gets so much attention is the math. Statutory damages are $500 to $1,500 per message, per recipient, with no cap. A sloppy campaign to a few thousand people is a genuine existential risk for a small business.

What is 10DLC?

10DLC stands for 10-Digit Long Code — the ordinary local phone numbers businesses use for application-to-person (A2P) texting. To send A2P traffic over 10DLC, you have to register through The Campaign Registry (TCR). It's a two-step process: first you register your brand (your business identity), then you register each campaign (each distinct messaging use case, with sample messages).

Registration isn't a nice-to-have. Since February 1, 2025, US carriers block 100% of unregistered 10DLC traffic. Brand registration is usually fast; campaign vetting can take days, and the sample messages you submit are compared against what you actually send — so your registered content and your live content need to match.

What are the CTIA Messaging Principles?

The CTIA — the wireless industry association — publishes the Messaging Principles and Best Practices. These are industry guidelines, not law, but carriers enforce them through message filtering, which makes them every bit as binding in practice. They cover sender identification, opt-out and HELP handling, frequency disclosure, content restrictions (SHAFT), and link practices. Violating CTIA guidelines doesn't get you sued — it gets your messages silently dropped before they ever reach a handset.

The SHAFT framework

SHAFT stands for Sex, Hate, Alcohol, Firearms, and Tobacco — content categories that carriers restrict on A2P messaging regardless of consent. In practice the restricted list also includes cannabis and CBD, payday loans and debt relief, and unlicensed gambling, all of which are ineligible for standard 10DLC campaigns. If your business operates in one of these categories, standard business SMS is not available to you — you need a specialized channel.

Required SMS opt-in language

Valid express written consent has specific ingredients. Your opt-in disclosure must name your brand, state that messages are automated, disclose the message frequency, include “Msg & data rates may apply”, say that consent is not a condition of purchase, and link to your Privacy Policy and Terms. Here's a gold-standard template you can adapt:

By checking this box, you agree to receive automated
marketing text messages from [Business Name] at the
phone number provided. Consent is not a condition of
purchase. Up to [N] msgs/month. Msg & data rates may
apply. Reply STOP to unsubscribe, HELP for help.
View our Privacy Policy [link] and Terms [link].

Required opt-out keywords

Carriers expect a specific set of opt-out keywords to work on every program: STOP, UNSUBSCRIBE, CANCEL, END, and QUIT. STOP is the universal one and should appear in your message copy. The opt-out has to be free and text-based — you can't require a phone call or a website visit — and your program must also respond to HELP with support information.

The FCC one-to-one consent rule (effective Jan 27, 2026)

The FCC's one-to-one consent rule closes the “lead generator loophole.” Before it, a single checkbox could capture consent that was shared across dozens of “partners.” Now, consent must go to one clearly identified seller at a time, and the message must be logically related to the site where consent was obtained. If your opt-in language says “and our partners” or “select third parties,” it no longer produces valid consent. Lead-generation businesses, affiliate marketers, and multi-brand campaigns are the most affected.

Quiet hours

The TCPA limits solicitation messages to 8 AM–9 PM in the recipient's local time zone — not yours. That means timezone-aware sending logic isn't optional: a 9 PM Eastern send is already a violation for anyone on the West Coast if your system didn't adjust. Build your scheduler to message each recipient inside their own window.

State-level “mini-TCPA” laws to know

  • Texas SB 140 — brings text messages under the Texas telemarketing statute, with treble-damages exposure for violations.
  • Virginia SB 1339 — requires opt-out records to be retained for 10 years.
  • Florida FTSA — imposes a stricter prior-express-written-consent standard than the federal TCPA, and has driven a wave of class actions.

How to fix a failing SMS in 60 seconds

  1. Run it through the checker above and read the flagged issues.
  2. Add a clear opt-out: “Reply STOP to opt out.”
  3. Identify your brand in the message body.
  4. Add or fix your frequency and “Msg & data rates” disclosure at opt-in.
  5. Replace any bit.ly or public shortener with a branded HTTPS link.
  6. Re-run the checker and confirm the score moved into the green.

Once your numbers are clean, a tool like Calilio's business SMS and call center software handles STOP/HELP, opt-out retention, and consent logs automatically — and pairs with a power dialer for outbound call center work. Format your lists first with the phone number formatter, and size your team with the call center staffing calculator.

Who it's for

Who uses this SMS compliance checker?

SMB marketing teams

Validate every campaign draft before it goes out — and learn the rules as you go.

Sales ops

Audit CRM-triggered messages and abandoned-cart sequences for consent and opt-out gaps.

Compliance & legal

Spot-check templates fast before you sign off, and hand engineers a concrete fix list.

Agencies & consultants

Audit client SMS programs and produce a defensible, itemized compliance report.

Developers

Test SMS payloads against the rule engine before pushing campaigns to production.

Call center & BPO operators

Review proactive outreach scripts before agents start sending at scale.

Healthcare & financial services

Higher-stakes industries with extra rules — catch the issues generic tools miss.

E-commerce & retail

Cart abandonment, shipping, and promotional SMS at volume — keep every template clean.

FAQ

Frequently asked questions

An SMS compliance checker is a tool that scans a text message — and the opt-in flow behind it — against the rules that govern business texting in the US: the TCPA, the CTIA Messaging Principles, A2P 10DLC carrier requirements, and the SHAFT content restrictions. Calilio's free SMS compliance checker runs your message through 80+ rule checks in your browser and returns a 0–100 compliance score, a list of flagged issues grouped by severity, and concrete copy-paste fixes. It's the fastest way to catch the problems that get messages filtered or trigger lawsuits — before you hit send.
The Telephone Consumer Protection Act (TCPA) is a 1991 federal law enforced by the FCC and through private lawsuits. Courts have consistently held that it covers SMS, not just voice calls. In practice, that means marketing texts require prior express written consent, every message needs a working opt-out, and you can only send within permitted hours. Statutory damages run $500–$1,500 per message, with no overall cap — which is why a single non-compliant campaign to a few thousand people can turn into a multi-million-dollar class action.
10DLC stands for 10-Digit Long Code — the standard local business phone numbers used for application-to-person (A2P) texting. Since February 1, 2025, US carriers block 100% of unregistered 10DLC traffic. Registration is a two-step process through The Campaign Registry (TCR): first you register your brand, then each messaging campaign. If you send business texts from a normal 10-digit number and you haven't registered, your messages simply don't get delivered — no warning, no bounce. So yes: registration is mandatory, not optional.
Every recurring marketing program must give recipients a clear, free, text-based way to stop messages. The carrier-recognized standard is "Reply STOP to opt out" — and carriers also honor UNSUBSCRIBE, CANCEL, END, and QUIT. Your opt-out instruction should appear in the first message of a program and at least once a month after that. You also need to respond to the HELP keyword with support information. Opt-out cannot require a phone call, an email, or a website visit — it has to work by replying to the text itself.
You must include opt-out instructions in the first message of any recurring program and then at regular intervals — at minimum, monthly. Many businesses choose to include "Reply STOP to opt out" in every marketing message because it is simple, removes ambiguity, and satisfies carrier expectations. For purely transactional one-off messages the requirement is lighter, but including a short opt-out line is still best practice and improves deliverability. When in doubt, include it — it costs you a few characters and protects you in a dispute.
SHAFT stands for Sex, Hate, Alcohol, Firearms, and Tobacco — categories of content that carriers restrict on A2P messaging regardless of whether the recipient consented. The list effectively extends to cannabis and CBD, payday loans and debt relief, and unlicensed gambling, all of which are ineligible for standard 10DLC. If your message references SHAFT content, carriers will filter it and may suspend your campaign entirely. Age-gating can create narrow exceptions for some categories, but the safe assumption is that SHAFT content does not belong on standard business SMS.
The FCC's one-to-one consent rule, effective January 27, 2026, closes what regulators called the "lead generator loophole." Previously, a single checkbox could capture consent that was then shared across dozens of "marketing partners." Under the new rule, consent must be given to one clearly identified seller at a time, and the message must be logically related to the website where consent was obtained. Lead-generation businesses, affiliate marketers, and multi-brand campaigns are most affected — if your opt-in language says "and our partners," it is no longer valid consent.
Under the TCPA, solicitation calls and texts are restricted to the hours of 8 AM to 9 PM in the recipient's local time zone — not the sender's. That distinction matters: a message scheduled for 8:30 PM Eastern is a violation for a recipient in California, where it's 5:30 PM but the send logic didn't account for the time zone. Compliant senders use time-zone-aware scheduling so every recipient is messaged inside their own 8 AM–9 PM window. Several states also layer on their own, sometimes stricter, quiet-hour rules.
TCPA statutory damages are $500 per message for a standard violation and up to $1,500 per message for a willful or knowing violation. There is no cap on the total. Because damages are per-message and per-recipient, exposure scales fast: a non-compliant blast to 10,000 people can theoretically reach $5–15 million. Most cases settle, but TCPA class-action settlements still routinely run into seven figures. On top of the TCPA, carriers can levy their own fines — T-Mobile, for example, charges up to $10,000 per content violation.
Yes, more than most people assume. The TCPA does not have a blanket business-to-business exemption for texts. If you're messaging a mobile number — even one that belongs to a business contact — the consent, opt-out, and timing rules generally still apply. Some narrow exemptions exist for established business relationships and purely informational messages, but they're easy to over-rely on. The safe approach is to treat B2B SMS with the same consent discipline as B2C: get documented opt-in, honor STOP, and respect quiet hours.
No. Calilio's SMS Compliance Checker runs entirely in your browser as client-side JavaScript. Your message text, opt-in language, and settings are never uploaded, logged, or transmitted to Calilio or anyone else. You can verify this yourself: open your browser's DevTools, watch the Network tab, and run an analysis — you'll see zero network requests. Even the share-link feature encodes your inputs into the URL on your own device; nothing is stored on a server. Your content stays yours.
They operate at three different levels. The TCPA is federal law — break it and you face FCC enforcement or a private lawsuit. The CTIA Messaging Principles are industry guidelines, not law, but carriers enforce them through message filtering, so violating them gets your texts silently blocked. 10DLC is the technical registration framework — registering your brand and campaigns with The Campaign Registry is what makes carriers willing to deliver your A2P traffic at all. A compliant program satisfies all three: it's legal (TCPA), follows the guidelines (CTIA), and is properly registered (10DLC).
Transactional and informational messages — appointment reminders, order confirmations, shipping updates, two-factor codes — have a lighter consent burden than marketing, but they're not a free pass. You still need a basic level of consent (the customer gave you their number for that purpose), the message must stay strictly transactional, and the moment you add a promotional line it becomes marketing and the full TCPA consent rules apply. Carriers also still expect identification and HELP support on transactional campaigns. Keep transactional messages genuinely transactional and you stay in the lighter-touch lane.
No — and it's important to be clear about that. Calilio's SMS Compliance Checker is an educational tool that scans your message against the most common TCPA, CTIA, FCC, and 10DLC rules as of 2026. It is not a substitute for qualified legal counsel and it cannot guarantee compliance with every federal, state, and international law that might apply to your specific business. Use it to catch obvious problems fast and to understand the landscape — then, for anything high-stakes or ambiguous, consult an attorney who specializes in telecom and consumer-protection law.

Important: this is guidance, not legal advice. Calilio's SMS Compliance Checker scans your message against the most common TCPA, CTIA, FCC, and 10DLC rules as of 2026. It is not a substitute for qualified legal counsel and does not guarantee compliance with all applicable federal, state, or international laws. Consult an attorney for advice specific to your business, industry, and the jurisdictions where you operate.

More free tools

Related Calilio tools

Phone Number Formatter

Validate & format numbers to E.164 and more.

Try it

Call Center Staffing Calculator

Estimate agents needed to hit your service level.

Try it

Vanity Number Generator

Turn your number into a memorable word.

Try it

VoIP Speed Test

Test your connection's readiness for VoIP calls.

Try it

Topical guides

Learn more about SMS compliance

Business SMS

How Calilio handles SMS, STOP/HELP and opt-out logs.

Read more

Call Center Software

Outbound SMS and voice in one compliant platform.

Read more

TCPA Compliance Guide for SMS in 2026

The full federal picture, plain-English.

Read more

10DLC Registration Step-by-Step

Brand and campaign registration, walked through.

Read more

Writing a Compliant SMS Opt-In Disclosure

The gold-standard template, explained line by line.

Read more

SMS Quiet Hours by State

Where the federal 8 AM–9 PM window gets stricter.

Read more

Transform Your Business Telephony with Calilio

Step into the future of seamless connectivity with Calilio. Choose our advanced business phone system and revolutionize your business telephony today.

4.95200+ Reviews16+ Badges