Guides
HomeEngagementOther resources
  1. Working with Mobile Messaging

TCPA list validation

SMS and MMS campaigns are powerful marketing tools, but sending messages without a recipient’s consent can lead to legal trouble. The Telephone Consumer Protection Act (TCPA) protects consumers from unsolicited calls and texts, requiring businesses to obtain proper consent before sending marketing messages.

📘

Note

TCPA applies to the US.

Why compliance matters

Non-compliance is expensive. Fines can reach USD 1,500 per violation, with no cap on total damages. Violations can result in lawsuits, financial penalties, and reputational damage. To stay compliant and build trust, you must ensure that every recipient has given explicit consent to receive marketing messages.

Even with consent, compliance risks remain. Numbers get reassigned, customers revoke consent, and some recipients may be known litigators looking for violations. Bloomreach's TCPA list validation helps reduce risk by screening your contact list for litigators, deactivated numbers, and reassigned numbers. It doesn't replace the need to configure opt-out keyword handling—that's a separate requirement.

Read more about TCPA and CTIA compliance in the US market.

Get customer consent

Having a customer’s phone number isn’t enough—you need explicit permission to send marketing messages.

  • Transactional messages (such as order confirmations or shipping updates) are subject to different consent requirements than marketing messages. Under TCPA, informational or transactional messages generally require prior express consent, but not prior express written consent. Consult your Legal team to determine which messages qualify as transactional and what consent standard applies.
  • Customers must be able to opt out at any time. Under TCPA/FCC guidance, you're expected to honor reasonable opt-out language—not just the exact keyword "STOP." Your Bloomreach keyword configuration must reflect the opt-out phrases your Legal team determines to be reasonable. See Keyword auto-response best practices for guidance on capturing opt-out requests.

If you use a scenario to catch opt-out language, make sure it includes a step that actually revokes consent in Bloomreach. A scenario that only sends a reply or redirects to a Help page won't unsubscribe the customer.

🚧

Important

Bloomreach provides the tools—configuration is your responsibility. Nothing in this documentation is legal advice.

TCPA list validation

Even if you collect consent properly, risks remain:

  • Deactivated or reassigned numbers may lead to messages being sent to the wrong person.
  • Numbers on the "do not call (DNC)" list may still be mistakenly included in campaigns.

TCPA list validation screens your contact list to catch these risks before you send messages to your customers.

How TCPA list validation works

The TCPA list validation helps you:

  • Exclude litigators from your marketing program.
  • Prevent sending messages to deactivated phone numbers.
  • Ensure compliance by detecting reassigned phone numbers.
🚧

Important

To activate TCPA list validation, you must assign at least one consent category in your settings.

DNC list scrub

This process checks numbers against the DNC registry to:

  • Identify phone numbers flagged for TCPA litigation risk and exclude them from campaigns.
  • Prevent flagged numbers from receiving marketing messages.

Results are stored under the tcpa_check_result customer attribute. If a number is flagged as a litigator, it’s automatically excluded from campaigns. Bloomreach tracks it as an invalid_contact event.

Other flagged numbers (such as those on a national or state DNC list) aren’t automatically excluded. You must verify if consent was obtained properly. If it was, you can send the message. If it wasn’t, filter the number out to be on the safe side.

Example TCPA check results

  • tcpa_check_result=National (USA) 2021-01-01
  • tcpa_check_result=National (USA) 2021-01-01;State (TX) 2022-01-01
🚧

Important

You can store up to 255 or 1024 customer attributes, depending on your contract. If you exceed this limit, new attributes (including tcpa_check_result) won’t be tracked, which could cause TCPA list validation to malfunction.

Flagged numbers and compliance data are retained according to data privacy regulations. Review your data retention policies to align with the TCPA and other regional laws.

Example of the customer profile after the positive litigator identification.

Customer profile properties showing email hidden and TCPA check result marked as Litigator.

Example of the invalid_contact event tracked under customer profile.

Invalid contact event details showing channel as SMS, reason as TCPA Do Not Call List: Litigator, and source as TCPA.

How to read DNC list results

When a number is flagged as National (USA) 2021-01-01:

  • National (USA) = The registry name (country).
  • 2021-01-01 = The date the number was added to the list.

If a number appears on the DNC list:

  • Check how you collected consent. If you obtained consent following TCPA and CTIA regulations, you can send messages to the phone number—even if the number was added to the DNC list later.
  • Filter out numbers if consent wasn't collected properly.

Bloomreach doesn't take automatic action in these cases. You must review your compliance and decide whether to continue messaging these contacts.

Reassigned numbers check

Numbers are constantly being reassigned, and sending a message to a reassigned number can lead to TCPA violations. The reassigned numbers check detects reassigned numbers and automatically opts them out of SMS marketing, usually within 24 hours of deactivation.

How the reassigned numbers check works

When a phone number appears on the reassigned list, Bloomreach tracks a consent event action=reject with the timestamp of when the record was added. This backdates consent revocation, meaning if the reassignment happened 6 years ago, consent is revoked from that point. However, if a newer valid consent is in place, it takes priority.

  • The customer must opt in again to receive SMS/MMS messages.
  • Checks run daily and apply to US numbers only.

How results are tracked

Each rejected consent is logged with an action=reject event. Bloomreach tracks details such as:

  • message=TCPA reassigned number database: The phone number was deactivated
  • message=TCPA reassigned number database: The phone number was swapped

An example of the consent event tracked for a deactivated phone number is as follows:

Check frequency

TCPA list validation includes 2 types of checks:

  • Every 15 days (default): The legal requirement is every 31 days. If you need more frequent checks, contact your Account Manager.
  • Daily checks: Detects deactivated or reassigned numbers in real time.

How to switch on TCPA list validation

TCPA list validation isn’t switched on by default. Your Customer Success Manager (CSM) must activate it for your account.

How to activate TCPA list validation

  1. Go to Project settings.
  2. Under Channels, select SMS / MMS / RCS.
  3. Switch on TCPA list validation.
  4. Assign at least one consent category to stay compliant.

Use cases

TCPA list validation helps you:

  • Automatically remove reassigned numbers, deactivated numbers, and litigators.
  • Segment users who changed carriers and request their consent again.
  • Update consent for reassigned or deactivated numbers in real time.
  • Build trust by respecting customers' communication preferences.

Related articles

Updated 11 days ago

© Bloomreach, Inc. All rights reserved.