Business SMS in 2026: A Practical Guide for Small Operators

A few years ago, business texting was simple: you got a phone number, you texted your customers, and they texted you back. Then carriers got tired of the spam, regulators got tired of the complaints, and what was once a thirty-second product decision became a multi-step compliance process that catches small operators off guard every week.

This is the guide we wish we'd had when we set up our own messaging stack — what 10DLC actually is, what changed in 2026, what it costs, and why your messages can still fail to deliver even after you've done everything right.

It's not legal advice. It's an operator's perspective: what we've shipped, what we've broken, and what we've fixed. Compliance content like this gets reviewed by our founder before publishing.

What 10DLC actually is

"10DLC" stands for 10-Digit Long Code — a regular ten-digit US phone number used for application-to-person (A2P) messaging. Until about 2021, businesses could send marketing and transactional texts from any 10-digit number with almost no oversight. That changed when the major US carriers (T-Mobile, AT&T, Verizon) decided unfiltered business texting was a spam vector they could no longer tolerate, and built a permissioning system on top of it.

The system has three pieces:

The Campaign Registry (TCR) — a central registry where every business that wants to send A2P messages registers itself.
Brand registration — verifying who you are as a business: legal name, address, EIN, website, contact information.
Campaign registration — registering each use case you'll send messages for: marketing, customer care, appointment reminders, two-factor authentication, and so on.

Once your brand is registered and your campaign is approved, your messages can flow through to mobile subscribers. Without it, your messages get filtered, throttled, or silently dropped — usually without an error code that tells you what went wrong.

This applies to all volumes. There's a misconception that 10DLC only matters for high-volume senders. It doesn't. A landscaper texting a customer "On my way" from a business platform is A2P traffic and is subject to the same rules as a Fortune 500 marketing campaign — just with simpler campaign types available.

Brand registration, in plain English

The brand is the business behind the messages. Three brand types matter for small operators:

Standard brand — a registered business (LLC, S-corp, C-corp, nonprofit). Requires legal name, EIN, business address, website, and a contact. Approval is usually instant if your details match what's in IRS and state-registry records, slower if there's a mismatch.
Sole proprietor brand — for individuals running a business under their own name without an EIN. Has stricter messaging limits (lower throughput, no marketing-style content), but it's a real path for solo operators who don't have an LLC yet.
Vetted brand — same as standard, but you pay an extra fee (~$40 one-time) for an external vetting service to score your business. Higher score = higher messaging throughput. Worth it if you'll send any meaningful volume; otherwise the standard brand is fine.

The registration itself is a form. The thing that trips operators up is consistency: your legal name on the form must match exactly what's on file with your state of incorporation and the IRS. "Acme Inc" doesn't match "Acme, Inc.", and the registry will reject the brand. Same with addresses — the address you submit must match the address on your EIN registration. Fix mismatches before submitting; resubmits eat days.

Campaign registration, where it gets specific

Once your brand is approved, you register a campaign for each use case. Carriers want to know exactly what kind of messages you'll be sending, who you'll be sending them to, and how you got their permission to send.

Use case categories you'll choose from:

Customer Care — replies to customer inquiries, support conversations.
Account Notification — order confirmations, shipping updates, appointment reminders.
2FA / Account Verification — login codes.
Marketing — promotional messages.
Mixed — combination of the above. Higher scrutiny.
Public Service Announcement — generally restricted to nonprofits and emergency services.

For each campaign, you must submit sample messages — at least one per direction (one inbound, one outbound) — and an opt-in flow description explaining how customers consent to receive messages.

This is where most rejections happen. Three failure modes account for the vast majority:

Sample messages don't match the use case. You picked "Marketing" but your samples look like appointment reminders, or vice versa. The reviewer rejects on use-case mismatch.
No opt-in flow described. "Customers opt in by texting us" isn't a flow. The reviewer wants to see exactly what the customer sees: a checkbox on a form, a keyword opt-in flyer at point of sale, a welcome email with consent language.
Sample messages are missing required disclosures. As of 2026, every sample should include the brand name, opt-out instructions, and message frequency. Missing any of these gets the campaign bounced.

We have a separate post on the most common 10DLC rejection causes and how to fix each one.

What changed in 2026

Several rule changes hit in early 2026 and caught operators who hadn't recently re-registered:

Privacy policy is now mandatory for all brand types except sole proprietor. The privacy policy must be hosted on the same domain as the business website, must be reachable via a public URL, and must specifically describe SMS opt-in data handling. Generic templated privacy policies get rejected on review.

Brand name in every sample message. Carriers want the recipient to know who's texting them. "Your appointment is at 3pm" gets rejected; "[Acme Plumbing] Your appointment is at 3pm" passes.

Message frequency in the opt-in sample. The sample of your opt-in confirmation must include the expected message frequency — "Reply Y for up to 4 messages per month from Acme Plumbing" rather than just "Reply Y to confirm." Carriers want consumers to know what they're signing up for.

Help message disclosure. When a customer texts HELP, your auto-reply must include both your business contact information and the line "Message and data rates may apply." Both are now required.

Opt-out language must be in the welcome message. When a new subscriber opts in, the very first confirmation message must spell out STOP-to-opt-out. "Reply STOP to unsubscribe" or equivalent.

If you registered a campaign before these rules tightened, your campaign was probably grandfathered, but any change to the registration triggers a re-review against the new rules. Plan accordingly.

TCPA in 2026: what Bradford did and didn't change

The Telephone Consumer Protection Act (TCPA) is the federal law that governs business calling and texting consent. Until early 2026, the consensus was simple: marketing texts require prior express written consent, with damages of $500 per violation (up to $1,500 if willful).

In Bradford v. Sovereign Pest Control (decided February 25, 2026), the Fifth Circuit Court of Appeals ruled that the FCC's "written" requirement exceeds the statute — the TCPA itself only requires "prior express consent," and the FCC overstepped by adding the "written" qualifier. The practical implication, in the Fifth Circuit only, is that oral consent might suffice for marketing messages.

Important caveats:

The ruling only binds courts in the Fifth Circuit (Texas, Louisiana, Mississippi). Other circuits haven't followed it.
The FCC's regulations are still on the books and still require written consent. A business in the Fifth Circuit relying on Bradford is taking a risk against ongoing federal regulation.
The Supreme Court hasn't weighed in. A circuit split could send this up; until it does, the safe assumption is that most jurisdictions still expect written consent.

Practical advice: keep getting written, documented consent regardless of where you operate. It's cheap insurance, and it's the easy answer if a TCPA suit ever lands. We have a deeper look at the Bradford ruling and what it means in practice if you want the longer read.

What it actually costs

There are several cost layers to be aware of so you don't get surprised:

Brand registration — a one-time fee paid to The Campaign Registry when your brand is approved. Standard brands are inexpensive; vetted brands cost a bit more in exchange for higher messaging throughput.
Campaign registration — a small recurring monthly fee per campaign, with the exact amount varying by use case (marketing campaigns are priced higher than transactional ones because carriers consider them higher risk).
Per-message carrier fees — a fraction of a cent per message, applied in both directions, charged by the carriers and passed through.
MMS surcharge — sending picture/video messages costs noticeably more per send than plain SMS, regardless of direction.
Provider markup — whatever your messaging platform adds on top to cover its own service.

For a small business at low-to-moderate volume, the all-in monthly cost lands in the low double digits and scales gradually as volume grows. The fixed registry fees dominate when you're starting out; per-message fees take over at higher volumes.

The good news: the dollar cost is rarely the painful part of business SMS. The painful part is the time it takes to navigate registration correctly the first time, and the rejection cycles when something is misfiled. We bundle the registry fees and carrier passthroughs into our SMS plans so there's a single predictable monthly number — but the right shape of pricing for you depends on your volume and how many use cases you'll register.

Why your messages still don't deliver

Even with everything registered correctly, messages can still fail. The common causes:

Carrier filtering. Each carrier (T-Mobile, AT&T, Verizon, US Cellular) runs its own spam filter on top of 10DLC. Messages that look spammy — too many links, all caps, suspicious URLs, content that doesn't match your registered campaign — get filtered silently. You'll see "delivered" on your dashboard but the recipient never sees the message.
Throughput limits. Each campaign has a messages-per-second cap based on your brand vetting score. Send too fast and carriers throttle.
Number reputation. A new number has no carrier-side reputation. The first few weeks of sending from a new long-code, expect a higher filter rate. It improves with consistent, low-volume, high-engagement traffic.
Recipient carrier blocks. Individual carriers can block your number for content reasons (and rarely tell you why). T-Mobile is generally the strictest; AT&T is in the middle; Verizon has gotten more selective in 2026.
Recipient device-level filters. iOS Filter Unknown Senders, Android spam folders. These look at sender reputation and content patterns.

A subset of these are within your control. Sending consistent, on-topic, low-link content to engaged recipients improves delivery over time. Sending high-volume marketing blasts to lukewarm lists tanks it.

Best practices that actually move the needle

The list of "10DLC best practices" online is mostly generic. The ones that actually matter:

Get real, documented opt-in. A logged record of when, where, and how each recipient consented. Screenshot the form they filled out if it's online; keep a paper opt-in form if it's at a physical location. This is your single best defense in any TCPA dispute.
Send consistent volume. A number that sends 50 messages a day, every day, builds better reputation than a number that sends 1,000 messages once a week.
Match content to your registered use case. If you registered for appointment reminders, don't send promotional offers from the same number. The carrier filter will eventually catch up and your campaign can be revoked.
Honor STOP immediately and log it. Most platforms do this for you, but check yours. A single missed STOP can become a class-action problem.
Use real URLs, not shorteners. Carriers heavily penalize bit.ly and other public shorteners. Use your own branded URL or none at all.
Don't share numbers across brands. "Number pooling" used to be a workaround; carriers now treat it as a fraud signal. One brand per number.

SMS, voice, and email — what each is actually good for

A cheaper way to think about this: each channel has a strength, and the tradeoff isn't "which is best" but "which fits this message."

SMS has a ~95% open rate within the first 5 minutes. It wins for time-sensitive, short, expected messages: appointment reminders, order shipped, your driver is here, here's your code. It loses badly for anything long, anything unsolicited, and anything that needs a visual.
Voice wins for relationship-building, complex conversations, problem-solving, and anything emotionally weighted. The phone is still the channel of last resort for unhappy customers, and answering it well builds loyalty. We have a softphone setup guide if you're starting from scratch.
Email wins for long-form content, anything with images, marketing campaigns, and asynchronous conversations where the customer doesn't expect to reply right away.

The mistake we see most often is using SMS for what email is good at — long sales pitches, multi-paragraph welcome flows. SMS is for "your appointment is in 30 minutes," not "here are seven reasons you should consider our services."

What to do next

If you're starting from zero:

Pick a messaging provider and get an account.
Submit your brand registration. Verify your business details against your state of incorporation and EIN — get this right the first time.
Submit your first campaign with a clear use case and matching sample messages.
While you wait for approval (24–72 hours), build out your opt-in flow on your website or wherever you collect consent.
Once approved, send your first batch deliberately. Watch delivery rates closely for the first two weeks.

If you have an existing campaign and haven't reviewed it since 2025, do it now. The 2026 rule changes can quietly invalidate older registrations on next renewal, and the failure mode is silent — your messages just stop delivering.

Business SMS isn't difficult. It's just under-explained. The mechanics are mechanical; the rules are knowable; the rejection causes are predictable. The operators we see succeed treat it like any other piece of infrastructure: set it up correctly once, monitor the numbers, and stop touching it.

Textndial Team

Telecom operators & product team at Vibratel.

Text N Dial is built and operated by people running real carrier infrastructure. We write what we’ve actually shipped, broken, and fixed — not what a stock-photo content marketer thinks “sounds good.”

Reviewed by Joey Capo, Founder

Frequently asked questions

Do I have to register for 10DLC if I'm just texting a few customers a day?

Yes. Carriers do not distinguish based on volume — any business sending SMS to US mobile numbers must be registered with The Campaign Registry. Sole-proprietor brands exist for very small senders, but registration is not optional.

How long does 10DLC registration take?

Brand registration is usually instant for standard brands and one to two business days for vetted brands. Campaign approval is typically 24–72 hours, sometimes longer if the use case is unclear or sample messages don't match. Plan for a week from start to first message, more if anything bounces back for fixes.

Do I need a privacy policy to register a 10DLC campaign?

As of 2026, yes — for every brand type except sole proprietor. The privacy policy must be hosted on the same domain as your business and must specifically describe how you handle SMS opt-in data. A generic boilerplate privacy policy will often get a campaign rejected.

What happens if someone texts STOP?

You must stop sending non-transactional messages to that number immediately and indefinitely. Carriers also auto-process STOP and forward an unsubscribe confirmation. Failure to honor STOP is a TCPA violation that can be $500–$1,500 per message in damages, plus carrier-level penalties. Keep a logged opt-out list and check against it before every send.

Does the Bradford v. Sovereign Pest ruling mean I no longer need written consent?

Only if you are operating exclusively within the Fifth Circuit (Texas, Louisiana, Mississippi), and even then it's a risky read. The FCC's regulations still require prior express written consent, and other circuits have not adopted the Fifth Circuit's view. The practical advice is unchanged: keep getting written, documented opt-in. It's cheap insurance against a complicated legal landscape.

What's the difference between A2P and P2P texting?

P2P (person-to-person) is one human texting another from their personal phone. A2P (application-to-person) is a business sending automated or templated messages to customers from a software platform. Carriers treat A2P differently because it's the source of most spam, and 10DLC is the framework they use to permission and police it. If you're texting customers from your business platform, you're A2P, even if the messages are typed by hand.

Still have questions? Talk to sales →

Keep reading

SMS Delivery

Texts marked delivered but never received? Texts that just disappear? Here's a small-operator's guide to diagnosing why business SMS fails and fixing each cause.

May 6, 20268 min read

TCPA Update

The Fifth Circuit ruled the FCC's 'prior express written consent' rule exceeds the TCPA statute. What that means for business texting in 2026, and what hasn't changed.

May 6, 20267 min read

10DLC Approval

The unwritten and written rules for getting your 10DLC campaign approved on the first try — what carriers look at, what they reject, and how to write samples that pass.

May 6, 20269 min read

← Back to all postsTags: #10dlc, #tcpa, #sms-compliance, #business-sms