← Back to Dashboard

Messaging Policy

SMS / MMS / Email Compliance Requirements

Effective Date: April 1, 2026 | Last Updated: April 1, 2026

1. Introduction

This Messaging Policy describes the legal and regulatory requirements that apply to SMS, MMS, and email marketing messages sent through the EON Platform (the "Services"). As a Customer of EON Platform, you are solely responsible for ensuring that all messages sent through your account comply with all applicable federal, state, and local laws, regulations, and industry guidelines.

This policy is intended as a compliance resource and does not constitute legal advice. We strongly recommend that you consult with qualified legal counsel regarding your specific compliance obligations. Violation of the laws and regulations described in this policy may result in significant civil and criminal penalties, including but not limited to fines of up to $1,500 per message under the TCPA and up to $53,088 per email under the CAN-SPAM Act.

2. TCPA Compliance Requirements (SMS/MMS)

The Telephone Consumer Protection Act ("TCPA"), 47 U.S.C. § 227, and its implementing regulations at 47 C.F.R. § 64.1200, govern the sending of text messages (SMS and MMS) to consumers. The following requirements apply to all text messages sent through the Services.

2.1 Prior Express Written Consent

Before sending any marketing or promotional text message, you must obtain prior express written consent from each recipient. Under 47 C.F.R. § 64.1200(f)(9), prior express written consent requires:

  • A written agreement (including agreements obtained via electronic means such as a website form, text message keyword opt-in, or other electronic record) bearing the signature of the person called (including an electronic or digital signature as defined by applicable federal or state law);
  • That clearly authorizes the caller to deliver or cause to be delivered to the person called advertisements or telemarketing messages using an automatic telephone dialing system or an artificial or prerecorded voice;
  • That includes the telephone number to which the signatory authorizes such messages to be delivered;
  • That includes a clear and conspicuous disclosure informing the person signing that:
    • By signing the agreement, the person authorizes the seller to send marketing text messages using automated technology;
    • The person is not required to sign the agreement (or agree to enter into such an agreement) as a condition of purchasing any property, goods, or services;
    • The identity of the specific business or entity that will send the messages;
    • The types of messages the person will receive and the approximate frequency;
    • That message and data rates may apply; and
    • How to revoke consent (e.g., "Reply STOP to unsubscribe").

2.2 Informational / Transactional Messages

Non-marketing text messages (e.g., appointment reminders, order confirmations, service notifications) require at minimum prior express consent, which may be obtained orally, in writing, or through the course of a business transaction. While prior express written consent is not required for purely informational messages, we recommend obtaining written consent as a best practice to reduce litigation risk.

2.3 One-to-One Consent

The FCC's one-to-one consent rule, which would have required that prior express written consent be obtained separately for each specific seller (rather than through lead generators or comparison shopping websites providing consent to multiple entities), was vacated by the United States Court of Appeals for the Eleventh Circuit. As of this policy's effective date, the one-to-one consent requirement is not in effect. However, consent must still clearly identify the specific business that will be sending messages, and we recommend that Customers obtain consent directly from recipients rather than relying on third-party consent.

2.4 Time-of-Day Restrictions

Under 47 C.F.R. § 64.1200(c)(1), marketing text messages may not be sent before 8:00 AM or after 9:00 PM in the recipient's local time zone. You are responsible for determining the correct time zone for each recipient based on their area code or other available information. Some states impose narrower time windows, and you are responsible for complying with the most restrictive applicable requirement.

2.5 Do-Not-Call Compliance

You must maintain an internal do-not-call list of individuals who have requested not to receive messages from your business. Additionally, you must scrub your contact lists against the National Do-Not-Call Registry (maintained by the FTC at donotcall.gov) at least every thirty-one (31) days, in accordance with 47 C.F.R. § 64.1200(c)(2). Exceptions to the Do-Not-Call requirements apply where you have obtained prior express written consent or have an established business relationship as defined under 47 C.F.R. § 64.1200(f)(5).

2.6 TCPA Penalties

Violations of the TCPA carry statutory damages of $500 per violation (per message), which may be trebled to $1,500 per violation for willful or knowing violations (47 U.S.C. § 227(b)(3)). The TCPA provides for a private right of action, and class action lawsuits under the TCPA are common and can result in substantial liability.

3. CAN-SPAM Compliance Requirements (Email)

The Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 ("CAN-SPAM Act"), 15 U.S.C. §§ 7701-7713, and its implementing regulations at 16 C.F.R. Part 316, establish requirements for commercial email messages. The following requirements apply to all commercial emails sent through the Services.

3.1 Required Email Elements

Every commercial email message must include:

  • Accurate Header Information: The "From," "To," "Reply-To," and routing information must be accurate and identify the person or business that initiated the message (15 U.S.C. § 7704(a)(1)).
  • Non-Deceptive Subject Line: The subject line must not mislead the recipient about the contents or subject matter of the message (15 U.S.C. § 7704(a)(2)).
  • Advertisement Identification: The message must be clearly and conspicuously identified as an advertisement or solicitation, unless the recipient has provided prior affirmative consent to receive the message (15 U.S.C. § 7704(a)(5)(A)(i)).
  • Physical Postal Address: The message must include a valid physical postal address of the sender. This can be a current street address, a registered post office box, or a private mailbox registered with a commercial mail receiving agency (15 U.S.C. § 7704(a)(5)(A)(iii)).
  • Opt-Out Mechanism: The message must include a clear and conspicuous notice of the recipient's right to opt out of receiving future commercial emails from the sender, along with a functioning opt-out mechanism (e.g., an unsubscribe link) (15 U.S.C. § 7704(a)(3)).

3.2 Opt-Out Processing

  • The opt-out mechanism must be able to process opt-out requests for at least thirty (30) days after the message is sent (15 U.S.C. § 7704(a)(3)(A)(ii)).
  • You must honor opt-out requests within ten (10) business days (15 U.S.C. § 7704(a)(4)(A)).
  • Once a recipient has opted out, you may not send them commercial email or transfer or sell their email address to another party for the purpose of sending commercial email (15 U.S.C. § 7704(a)(4)(B)).

3.3 Transactional or Relationship Messages

Transactional or relationship messages (as defined in 15 U.S.C. § 7702(17)), such as order confirmations, account notifications, and warranty information, are largely exempt from CAN-SPAM's content requirements but must still contain accurate header information and may not contain false or misleading routing information. Messages that contain both transactional and commercial content may be treated as commercial messages under FTC guidance.

3.4 CAN-SPAM Penalties

Each separate email in violation of the CAN-SPAM Act is subject to penalties of up to $53,088. The FTC, state attorneys general, and internet service providers may bring enforcement actions. Multiple parties may be held responsible for a single violation, including the business whose product is promoted in the email and the person who originated the email.

4. Opt-In and Consent Standards

This section provides practical guidance on implementing compliant opt-in flows for your messaging programs.

4.1 Web Form Opt-In

When obtaining consent through a website form, the form must:

  • Require the consumer to provide their phone number and/or email address in a dedicated input field
  • Include a clear and conspicuous consent disclosure adjacent to the submission button
  • Use a separate, unchecked checkbox or clear affirmative action for marketing consent (pre-checked boxes are insufficient for TCPA prior express written consent)
  • Not bundle marketing consent with other terms or conditions
  • Clearly state that consent is not required as a condition of purchase
  • Identify your business by name as the entity that will send messages
  • Describe the types and approximate frequency of messages
  • State that message and data rates may apply
  • Explain how to opt out

Example consent disclosure language:

"By checking this box and providing your phone number, you agree to receive recurring automated marketing text messages from [Business Name] at the phone number provided. Consent is not a condition of any purchase. Message frequency varies. Message and data rates may apply. Reply STOP to unsubscribe. Reply HELP for help. View our Privacy Policy and Terms of Service."

4.2 Keyword (Text-to-Join) Opt-In

When using keyword opt-in (e.g., "Text JOIN to 12345"):

  • Provide clear advertising or signage that discloses your business name, the keyword, the short code or phone number, the type of messages, frequency, and that message and data rates may apply
  • Send an immediate confirmation message after the initial keyword text that includes your business name, confirms enrollment, states message frequency, notes that message and data rates may apply, and provides opt-out instructions (Reply STOP) and help instructions (Reply HELP)
  • Under CTIA guidelines, a double opt-in (requiring the consumer to reply "YES" to confirm enrollment after receiving the confirmation message) is recommended, particularly for high-volume programs

4.3 Point-of-Sale / In-Person Opt-In

When obtaining consent in person (e.g., at a service appointment, retail location):

  • Use a written or electronic consent form that meets all TCPA prior express written consent requirements
  • The consumer must sign (physically or electronically) the consent form
  • Retain a copy of the signed consent form as part of your consent records
  • Verbal consent alone is insufficient for marketing text messages under the TCPA

5. Opt-Out Handling

5.1 SMS/MMS Opt-Out Requirements

Under FCC rules effective April 11, 2025 (47 C.F.R. § 64.1200(d)), you must:

  • Accept opt-outs through any reasonable method: You must honor opt-out requests received via text reply (including the standard keywords: STOP, QUIT, END, REVOKE, OPT-OUT, CANCEL, and UNSUBSCRIBE), email, phone call, website form, chatbot, or any other reasonable means. You may not require recipients to use a single, exclusive method to opt out.
  • Process within ten (10) business days: All opt-out requests must be processed and honored within ten (10) business days of receipt. No additional marketing messages may be sent to the recipient after the ten-business-day processing period has elapsed.
  • Single confirmatory message permitted: Upon receipt of an opt-out request via text, you may send one (1) confirmatory text message within five (5) minutes. This confirmatory message must not contain any marketing or promotional content and must be limited to confirming receipt of the opt-out request, providing the recipient an opportunity to clarify the scope of their revocation (e.g., opt out of marketing messages only, or all messages), and confirming successful processing of the opt-out.
  • Cross-channel opt-out (effective January 31, 2027): The FCC has adopted, with a delayed effective date of January 31, 2027, a requirement that an opt-out request received in response to one type of message (e.g., a marketing text) must be applied to all future robocalls and robotexts from that sender on unrelated matters unless the consumer specifies otherwise. While this requirement is not yet in effect as of this policy's date, we recommend preparing your systems to support cross-channel opt-out functionality in advance of the compliance deadline.

5.2 Email Opt-Out Requirements

  • Include a functioning unsubscribe mechanism in every commercial email
  • The unsubscribe mechanism must remain functional for at least thirty (30) days after the email is sent
  • Honor unsubscribe requests within ten (10) business days
  • Do not charge a fee, require the recipient to provide personal information beyond an email address, or impose any other burden on the recipient as a condition of opting out
  • Do not transfer or sell the email address of a recipient who has opted out

5.3 Opt-Out Record Keeping

You must maintain a current, accurate suppression list of all individuals who have opted out of receiving messages from your business. This list must be checked before every message send. Opt-out records must be retained for a minimum of five (5) years and must include the date and time of the opt-out request, the method by which the opt-out was received, and the scope of the opt-out (if clarified by the recipient).

6. Required Message Elements

6.1 First Message to a New Subscriber (SMS/MMS)

The first message sent to a new subscriber must include:

  • Your business name
  • Confirmation of subscription enrollment
  • Message frequency disclosure (e.g., "Up to 4 msgs/month")
  • "Msg&Data rates may apply" or equivalent disclosure
  • Opt-out instructions (e.g., "Reply STOP to unsubscribe")
  • Help instructions (e.g., "Reply HELP for help")
  • A link to your Terms of Service and/or Privacy Policy (recommended)

6.2 Ongoing Marketing Messages (SMS/MMS)

Every marketing text message should include:

  • Identification of the sending business (business name or recognized brand name)
  • Opt-out instructions (e.g., "Reply STOP to opt out") -- at minimum, opt-out instructions must appear in every message or at a regular periodic interval as determined by your program's frequency

6.3 STOP Response

When a recipient texts STOP (or any recognized opt-out keyword), you must immediately cease sending messages and respond with a single confirmation, for example: "[Business Name]: You have been unsubscribed. No more messages will be sent. Reply HELP for help or contact us at support@eonmessaging.com."

6.4 HELP Response

When a recipient texts HELP, you must respond with program information, for example: "[Business Name]: For help, contact support@eonmessaging.com or call support@eonmessaging.com. Msg frequency varies. Msg&Data rates may apply. Reply STOP to cancel."

7. Frequency and Timing Restrictions

7.1 Message Frequency

  • Do not exceed the message frequency disclosed to the consumer at the time of opt-in
  • If you disclosed "up to 4 messages per month," you must not send more than 4 messages per month to that recipient
  • Excessive messaging frequency, even within disclosed limits, may constitute harassment and trigger carrier filtering or complaints
  • We recommend limiting marketing text messages to no more than 4 to 8 messages per month unless the recipient has expressly consented to a higher frequency

7.2 Timing Restrictions

  • Federal: Do not send marketing text messages before 8:00 AM or after 9:00 PM in the recipient's local time zone (47 C.F.R. § 64.1200(c)(1))
  • State laws: Some states impose narrower time windows. For example, some states restrict calls and texts to 9:00 AM -- 8:00 PM. You must comply with the most restrictive applicable requirement for each recipient.
  • Email: There are no federal time-of-day restrictions for commercial email, but we recommend sending during reasonable business hours for optimal engagement and to minimize complaints

8. Record Retention Requirements

You must maintain the following records for the specified minimum periods:

Record TypeMinimum Retention PeriodLegal Basis
Consent records (opt-in proof)5 yearsTCPA statute of limitations (4 years federal; state statutes may vary); industry best practice
Opt-out / revocation records5 yearsTCPA compliance; FCC enforcement guidance
Message content and delivery logs3 yearsLitigation defense; regulatory inquiries
Do-Not-Call Registry scrub records5 years47 C.F.R. § 64.1200(c)(2)(i)(E)
CAN-SPAM unsubscribe records3 yearsCAN-SPAM Act; FTC enforcement practice
Campaign registration records (10DLC)Duration of campaign + 2 yearsCarrier requirements; TCR policies

EON Platform provides tools to help you maintain certain records (e.g., message logs, opt-out records). However, you are ultimately responsible for maintaining all required compliance records. We recommend implementing your own record retention systems in addition to relying on platform-provided tools.

9. CTIA Best Practices

The following best practices are derived from the CTIA Messaging Principles and Best Practices (October 2025 revision) and are strongly recommended for all messaging programs operated through the Services:

9.1 Program Transparency

  • Clearly disclose the purpose, frequency, and content of your messaging program at the point of opt-in
  • Maintain a publicly accessible privacy policy that describes your data collection and sharing practices
  • Maintain a publicly accessible terms of service for your messaging program

9.2 Sender Identification

  • Always identify your business in messages
  • Use consistent sender identity across all messages in a campaign
  • Register accurate business information with The Campaign Registry (TCR) for 10DLC campaigns
  • Do not use shared short codes for multiple unrelated businesses

9.3 Content Best Practices

  • Keep messages concise, relevant, and valuable to the recipient
  • Do not use URL shorteners that obscure the destination domain (use branded or transparent short links)
  • Include complete, accurate information about any offers, promotions, or discounts
  • Ensure that all MMS attachments (images, videos) are appropriate, properly licensed, and relevant to the message content
  • Do not send messages that could reasonably be perceived as threatening, alarming, or misleading

9.4 Volume and Throughput

  • Gradually ramp up message volume for new campaigns and phone numbers (do not send high-volume campaigns immediately after registering a new number)
  • Respect carrier-assigned throughput limits for your campaign trust score
  • Monitor delivery rates, opt-out rates, and complaint rates; high opt-out or complaint rates may indicate a compliance issue

10. State-Specific Requirements

In addition to the federal requirements described above, numerous states have enacted laws that impose additional requirements on text message and email marketing. Without limitation, you should be aware of the following:

  • Florida (Fla. Stat. § 501.059): The Florida Telephone Solicitation Act imposes requirements beyond the TCPA, including specific consent and disclosure requirements for text message marketing to Florida residents. Violations carry statutory damages of $500 per violation, trebled for willful violations.
  • Oklahoma (Okla. Stat. tit. 15, § 775B): Oklahoma's Telephone Solicitation Act of 2022 restricts text message marketing and requires compliance with specific consent and time-of-day requirements.
  • Washington (Wash. Rev. Code § 80.36.400): Washington's Commercial Electronic Message Act and telemarketing statutes impose restrictions on commercial text messages.
  • California: California's Invasion of Privacy Act (Cal. Penal Code § 630 et seq.) and the CCPA/CPRA impose additional requirements on businesses that send marketing communications to California residents.

This list is not exhaustive. You are responsible for identifying and complying with all state laws applicable to your messaging programs based on the locations of your message recipients. We recommend consulting with legal counsel regarding state-specific compliance requirements.

11. Contact Information

For questions about this Messaging Policy or for compliance assistance, please contact us at:

EON Platform

EON Messaging, Inc.

Email: support@eonmessaging.com