Feminine hands holding a smartphone displaying an SMS opt-in from Luna NYC with OK confirmation and STOP keyword

SMS Opt-in Messages: Ready-to-Use Examples & TCPA Rules


By 13 Mins Read

How many contacts do you lose because your first SMS reads like an automated acknowledgment? SMS open rates reach 98% according to 2025 industry benchmarks (Omnisend, Sinch, Infobip). 90% of messages are read within 3 minutes. Few channels match SMS for immediate reach. The catch: the opt-in message has to hold up. Below are concrete examples for the US market, with the relevant legal requirements (TCPA, CCPA, FCC rules) and mandatory STOP notices.

What an SMS opt-in message must include in the United States

An opt-in SMS confirms the recipient’s consent. It also sets the tone for what follows. Simple in theory. The legal framework rests on the TCPA (Telephone Consumer Protection Act, 47 U.S.C. § 227) and the FCC rules implementing it, with three mandatory elements in any commercial SMS: the sender’s identity (brand name in the message body), the nature of upcoming communications, and a clear opt-out mechanism such as STOP to [short code].

Omitting the STOP notice or sending without prior express written consent exposes the brand to private TCPA lawsuits at $500 per unsolicited message, with treble damages of $1,500 per message if the violation is willful. Class actions can quickly reach tens of millions of dollars. Consent must be freely given, informed, specific, and documented. An unchecked checkbox in a form with clear disclosure is the minimum standard, but you must retain timestamped proof along with the exact disclosure text shown to the user. The brand name must appear in the message body, and short codes (5- to 6-digit numbers registered with the CTIA) must be tied to the registered brand.

On timing, the FCC enforces TCPA “quiet hours”: no marketing calls or texts before 8 AM or after 9 PM in the recipient’s local time zone. The CTIA Messaging Principles and Best Practices add a layer of carrier-enforced rules: short code registration, brand identification, and content guidelines (no SHAFT content — sex, hate, alcohol, firearms, tobacco — unless properly age-gated). The FCC and FTC rely on these standards to assess whether sends are intrusive or deceptive. Transactional SMS (OTP, order confirmations, appointment reminders) sit under different consent rules (“prior express consent”, not “express written consent”) and are not subject to the same marketing restrictions.

A good opt-in message also does commercial work: it reinforces the value of the subscription and states the sending frequency. A vague opt-in builds a large but poorly engaged list. That’s the outcome most CRM teams are working to avoid.

Single opt-in or double opt-in: which to choose?

Visual comparison of simple opt-in (3 steps) vs double opt-in (5 steps) โ€” side-by-side user flow
Single opt-in vs double opt-in user flow: 3 steps versus 5 steps to validate an SMS subscription.

Double opt-in for SMS is not mandatory under the TCPA. What the TCPA does require for marketing SMS is “prior express written consent”: a clear, conspicuous disclosure that the consumer agrees to receive marketing texts (including auto-dialed messages) at the number provided, and that consent is not a condition of purchase. A single signed e-form with that disclosure is legally sufficient. Choosing between single and double opt-in mainly depends on your list goals and your appetite for class-action risk.

Single opt-in confirms the subscription immediately after form submission. It maximizes the volume of contacts collected. Double opt-in adds a step: the contact receives an SMS and must reply (YES, Y, or click a link) to confirm. Result: a smaller list, but with valid numbers and consent documented twice, which holds up far better against a TCPA class action or an FCC enforcement inquiry.

Double opt-in lists show lower unsubscribe rates and better deliverability, because a number that actively confirms its subscription is worth more than one entered with a typo or a missing digit. Before sending a campaign, making sure the numbers in your database are active and reachable eliminates the bounces that degrade your sender reputation with carriers.

Single opt-in vs double opt-in SMS: comparison across key criteria
Criterion Single opt-in Double opt-in
Legal requirement under TCPA Yes (prior express written consent is sufficient) No (recommended, not required)
Volume of contacts collected Maximum Reduced (15-25% loss at confirmation)
Number quality Variable (typos possible) High (active number confirmed)
Strength of TCPA consent record Sufficient if disclosure is properly documented Reinforced (two timestamped records)
Unsubscribe rate Higher Lower
Ideal use case Fast list growth, high-volume e-commerce B2B, loyalty programs, SaaS

SMS opt-in message examples by type

The templates below are tailored for the US market. Replace the brackets with your actual data. The STOP notice is mandatory in all commercial SMS. It must appear at the end of the message and point to your registered short code or 10DLC number. Standard CTIA practice also requires “Msg&data rates may apply” and a help keyword (HELP) at sign-up.

Single opt-in confirmation (e-commerce)

This SMS goes out immediately after form submission. It confirms the subscription, names what the contact will receive, and delivers a first concrete benefit.

  • “[Brand]: welcome to our SMS club! You’ll receive our exclusive offers and member-only drops (2-4 msgs/month). Msg&data rates may apply. Reply HELP for help, STOP to 12345 to opt out.”
  • “Thanks for joining [Brand]. From now on: offers reserved for SMS subscribers, ahead of everyone else. 2-4 msgs/mo. Reply STOP to 12345 to cancel.”
  • “[Brand]: subscription confirmed. Expect no more than 3 msgs/month: promos, restocks, and priority access. Msg&data rates may apply. STOP to 12345.”

Double opt-in: initial confirmation message

This SMS asks the contact to confirm actively. Keep it short and state the expected action clearly. The reply keyword (YES, Y, 1) must be explicit.

  • “[Brand]: reply YES to confirm your SMS subscription and receive our exclusive offers (max 4 msgs/month). Msg&data rates may apply. No reply means no messages will be sent.”
  • “You requested to join [Brand]’s SMS alerts. Reply YES to confirm. Reply NO or ignore this message to decline. Msg&data rates may apply.”

Double opt-in: final validation message

Once confirmation is received, this second message closes the loop and can include a reward or useful information.

  • “Perfect, your [Brand] SMS subscription is active! Here’s your welcome code: WELCOME10 (10% off, valid 48h). Reply HELP for help, STOP to 12345.”
  • “[Brand]: confirmed. You’ll be among the first to hear about our new arrivals and flash sales. 2-4 msgs/mo. STOP to 12345.”

Opt-in with incentive (promo code or benefit)

An incentive boosts the conversion rate at sign-up, but it must be genuine: if you promise 15% off, the code must work from the moment the SMS is received.

  • “[Brand]: your exclusive SMS code: SMS15 (15% off your next order). Valid for 7 days. You’ll receive our offers 2x/month. Msg&data rates may apply. STOP to 12345.”
  • “Welcome to [Brand]! As an SMS subscriber, you get access to our private sales 24h before everyone else. Next drop: [date]. STOP to 12345.”

Examples by industry

The same message doesn’t work the same way in a hair salon as it does in a B2B SaaS. Tone and promised value have to match the customer relationship context, and so does the stated frequency.

Retail and foodservice

  • “[Restaurant]: subscribed! Every week, the daily special + our happy hour offers first. Max 1 msg/week. Msg&data rates may apply. STOP to 12345.”
  • “[Store]: subscription confirmed. Sales, new arrivals, and reservations — first access. Frequency: 2-3 msgs/month. STOP to 12345.”

Events and ticketing

  • “[Organizer]: you’re on the SMS list. Ticket alerts, exclusive dates, and 48h reminders before each event. Msg&data rates may apply. STOP to 12345.”
  • “Your [Festival] alert subscription is confirmed. First to know about headliners and on-sale dates. STOP to 12345.”

Health, wellness and beauty

  • “[Clinic/Spa]: confirmed. You’ll receive your appointment reminders by SMS 48h before each session. To reschedule, reply RESCHEDULE. STOP to 12345.”
  • “[Brand]: welcome! Beauty tips, product launches, and subscriber offers (2 msgs/month). Msg&data rates may apply. STOP to 12345.”

SaaS and B2B services

  • “[Vendor]: your SMS alert subscription is active. You’ll receive critical updates and renewal reminders. Frequency: varies based on activity. STOP to 12345.”
  • “[Service]: SMS subscription confirmed. Downtime alerts, changelog, and webinars — priority access. STOP to 12345.”

How to write an opt-in message that reduces unsubscribes

Most early unsubscribes happen when contacts didn’t expect to receive what they got. At sign-up, the subscriber is paying attention. That’s the moment to set expectations clearly.

Five things that make the difference:

  1. Name the exact frequency. “2-4 msgs/month” beats “our offers regularly.” A subscriber who knows what to expect doesn’t unsubscribe out of surprise.
  2. Lead with the benefit, not the channel. “Subscriber-only offers” > “marketing messages.” The first creates desire; the second creates anxiety.
  3. Confirm immediately. A delay between the form and the confirmation SMS makes the subscriber doubt. Send instantly, or as close to it as possible.
  4. Deliver an immediate benefit. A promo code, priority access, or useful information in the first message gives the subscriber a reason to stay.
  5. Keep STOP visible. A clearly displayed STOP is reassuring: the subscriber knows they can leave, which cuts spam reports and carrier complaints.

Another common trap: collecting numbers through an offer (sweepstakes, download) without clearly stating the contact will receive marketing SMS. Consent obtained under false pretenses is invalid under the TCPA and the FTC’s deceptive-practices framework, even if a checkbox was ticked.

Common mistakes in SMS opt-in messages

Teams new to SMS marketing keep running into the same issues. Here are the five most common, with direct fixes.

Forgetting the STOP notice. It’s the most frequently litigated violation. Even on a confirmation SMS (non-commercial), if the contact may receive future messages, STOP must appear. Build it into your default template so you never miss it.

Sending an SMS outside the authorized time window. A misconfigured automation system can trigger a send at 10:30 PM or 6 AM in the recipient’s local time zone, both of which violate TCPA quiet hours (8 AM – 9 PM local). A nationwide brand has to enforce the rule per recipient time zone, not per server time. Lock the time window at the platform level, not just at the workflow level.

Failing to document consent. In a TCPA dispute, you must prove who gave consent, when, through which channel, and what disclosure language they saw. A CSV export without timestamps is not enough. Your CRM or SMS platform must store the date, time, IP address, source (web form, POS, phone), and the exact version of the disclosure text shown at the time of consent.

Sending to an unverified list. A list collected over several months inevitably contains deactivated numbers, landline numbers submitted by mistake, or typos. Technical bounces degrade your sender reputation with carriers and trigger 10DLC throttling. Verifying mobile numbers before each campaign eliminates these dead ends and protects your sender score.

Over-promising in the opt-in. A 30% off code in the welcome SMS, followed by 10% off messages later: the subscriber feels shortchanged and leaves. Whatever you promise in the welcome SMS, maintain that level throughout the relationship.

Recent TCPA enforcement: what a brand actually risks

TCPA exposure is mainly driven by private class actions, not regulator fines. The textbook reference is the Dish Network TCPA settlement, where the company paid $280 million in 2017 to resolve a federal lawsuit over millions of telemarketing calls made without proper consent. More recently, sports-betting operators and large retailers have faced multi-million-dollar TCPA class actions over SMS marketing sent without proper express written consent — for example, DraftKings agreed to a $42.5 million settlement in 2024 over unsolicited promotional texts. On the regulator side, the FTC fined Activision Blizzard $20 million in 2023 over deceptive practices and the FCC has issued multi-million-dollar TCPA enforcement actions against robocallers.

What this body of cases changes for marketing teams: courts no longer just ask for proof of consent. They also check how it was obtained. A pre-checked box, a checkbox buried in a sweepstakes form, or a vague statement about purpose are enough to retroactively invalidate your entire database. Statutory damages of $500 to $1,500 per text, multiplied across a list, are the reason TCPA class actions settle in the eight or nine figures.

The defense comes down to two actions: retaining timestamped proof of consent (retention period detailed in the FAQ below) and regularly auditing the quality of collected numbers to spot heterogeneous or purchased lists. A regular database audit (removing landline numbers, inactive numbers, and duplicates) is the most effective protection before any send. It directly reduces your regulatory and litigation exposure.

Frequently asked questions about SMS opt-in in the United States

Is double opt-in for SMS mandatory in the United States?

No. A single prior express written consent, collected via an unchecked checkbox form with clear and conspicuous disclosure, is legally sufficient under the TCPA. Double opt-in is recommended to strengthen consent traceability and improve list quality, but it is not required by the TCPA or the FCC.

What must an opt-in SMS in the United States include?

Every commercial SMS must display the sender’s identity (brand name in the message body), a description of the nature of upcoming communications, the “Msg&data rates may apply” disclosure, the HELP keyword for support, and the STOP notice pointing to your registered short code or 10DLC number. Missing STOP or sending without express written consent exposes the brand to statutory damages of $500 to $1,500 per text under the TCPA.

Can you send an opt-in SMS on Sunday?

Yes, as long as the send falls within TCPA quiet-hour limits: no marketing texts before 8 AM or after 9 PM in the recipient’s local time zone. The CTIA Messaging Principles and Best Practices add carrier-level guidance, but Sundays and public holidays are not specifically restricted. Transactional SMS (OTP, order confirmations, non-commercial appointment reminders) are exempt from the quiet-hour window.

How long should you keep SMS consent records?

Industry best practice and TCPA defense counsel recommend retaining consent records for at least 4 years, which matches the federal statute of limitations on TCPA claims. Many brands keep records for the full life of the subscriber relationship plus 4 years. After that, consent must be renewed or the data deleted.

Is an incentive (promo code) in an opt-in SMS allowed?

Yes, provided the consent terms are clear: the subscriber must know they are agreeing to receive marketing SMS in exchange for the benefit, and consent must not be a condition of purchase. Consent obtained under false pretenses (a sweepstakes with no mention of SMS) is invalid under the TCPA and the FTC’s deceptive-practices framework.

The opt-in SMS is an implicit contract. It opens a conversation that can last years, or end at the second message if the promise doesn’t hold.

Nicolas
Author

I bring my expertise in digital marketing through my articles. My goal is to help professionals improve their online marketing strategy by sharing practical tips and relevant advice. My articles are written clearly, precisely and easy to follow, whether you are a novice or expert in the matter.

Related Posts