How to text customers legally (without landing in spam or court)
Answer first: yes, you can text customers — but US rules require prior consent, clear identification, and an easy way to opt out. Marketing texts need stronger consent than appointment reminders. Carriers also require A2P 10DLC registration or messages get filtered even when your intent is fine. Below: TCPA basics, opt-in, STOP, records, sample messages, and penalties in plain English (not legal advice).
Disclaimer: CRM Duel is not a law firm. This guide is practical compliance context for small businesses using SMS tools — not legal advice. When your use case is high-risk (debt collection, healthcare, political messaging), talk to a qualified attorney.
Why "just texting customers" gets businesses in trouble
Because most owners treat SMS like email: import a list, write a promo, hit send. Text is a different channel — tighter federal rules, angrier recipients, and carriers that silently block unregistered traffic.
The pain shows up two ways. Legally, a recipient who never opted in can complain — and TCPA cases add up fast (more on penalties below). Operationally, texts that worked in testing stop delivering after a week because A2P 10DLC was never finished — the business texting not delivering pattern we see on almost every DIY setup.
Fix the legal layer first, then register with carriers. Automations like missed call text-back and review requests only work when both are in place.
TCPA basics in plain English
The Telephone Consumer Protection Act (TCPA) is the main US federal law governing texts to mobile numbers. In practice it means:
- Get consent before you text — especially for marketing. "They gave us their number" is not the same as "they agreed to SMS."
- Identify yourself — the business name should be obvious in the message.
- Make opt-out easy — STOP must work, every time, without an argument.
- Respect quiet hours and state rules — TCPA is federal; some states add stricter marketing rules.
Marketing texts generally need express written consent — a clear yes on a form, checkbox, or keyword opt-in with disclosure of message frequency and that msg&data rates may apply. Informational texts tied to a service they signed up for sit in a narrower lane, but the line blurs the moment you add a coupon.
Opt-in: what actually counts as consent
Good consent is specific, documented, and easy to explain to a carrier reviewing your A2P campaign. Strong examples:
- Booking form checkbox: "I agree to receive appointment reminders by SMS from [Business]. Msg frequency varies. Msg&data rates may apply. Reply STOP to opt out."
- Keyword opt-in: customer texts JOIN to your number after seeing a sign that explains what they'll receive.
- Verbal opt-in captured in CRM notes — weaker alone; pair with a follow-up text confirming opt-in only if your process is airtight.
Weak or risky "consent":
- Purchased lists, scraped numbers, or "everyone who ever called us."
- Pre-checked marketing boxes hidden in terms of service.
- Adding SMS to an email-only list without a fresh opt-in.
On GoHighLevel and similar platforms, collect opt-in at the moment you capture the mobile number — booking widget, pipeline form, or review workflow — not later from a spreadsheet.
STOP handling (non-negotiable)
When someone replies STOP, UNSUBSCRIBE, CANCEL, or similar, your platform must:
- Suppress them from marketing sends immediately.
- Send a one-time confirmation ("You're unsubscribed — no more messages from [Business].").
- Keep them suppressed unless they opt in again through a fresh consent path.
Most CRMs enable carrier-standard STOP handling by default once A2P is approved — do not disable it to "reduce unsubscribes." Manual lists in Notes are how businesses accidentally text someone who opted out six months ago.
Consent records you should keep
If a carrier rejects your campaign or a recipient disputes a text, your defense is documentation. Store, per contact:
- What they agreed to (reminders only vs marketing).
- When (timestamp).
- Where (form URL, keyword, in-store tablet, call recording reference).
- Exact disclosure language shown at opt-in.
- Opt-out events (STOP date).
GoHighLevel contact timelines, form submission exports, and workflow logs usually cover this if you set forms up correctly at the start — not if you bulk-import without source tags.
Transactional vs marketing messages
Transactional / informational — tied to an active relationship and expected by the customer: appointment confirm/reminder, "your tech is on the way," password reset, receipt. Stay factual; one reschedule link is fine; a sale pitch is not.
Marketing / promotional — anything designed to sell or re-engage: discounts, review asks with incentive language, "we miss you," event invites. Treat these as marketing even if you send them to past customers — they need written consent and stricter A2P campaign types.
Gray area: a review request after service. Many businesses treat it as conversational follow-up (informational) if the customer opted into service texts; carriers often classify review SMS as marketing anyway. Safest path: disclose review texts in your opt-in and register an appropriate campaign — our Google reviews guide walks through that build.
US A2P 10DLC — the carrier layer on top of TCPA
Even with perfect consent, US mobile carriers filter unregistered business SMS. A2P 10DLC is the registration system: your brand (business identity) and campaign (use case + sample messages) must be approved before volume sends reliably.
Symptoms of missing registration: texts deliver to your own phone in testing, then fail to customers; sudden drop in delivery rates; carrier error codes in logs. That is not "bad luck" — it is the expected outcome until registration completes.
Follow our step-by-step A2P 10DLC registration guide before you scale any workflow — missed-call text-back, reminders, review asks, or re-engagement. Budget a few business days for approval and use sample messages that match real sends (including STOP language).
Sample compliant messages
Adapt names and links; keep structure.
Appointment reminder (transactional tone):
"Hi [Name], reminder: [Business] appointment Tue 3/12 at 2:30pm. Reply C to confirm or use
[link] to reschedule. Reply STOP to opt out."
Missed call text-back (conversational, not a blast):
"Sorry we missed you — this is [Business]. How can we help? Book here: [link]. Reply STOP to
opt out."
Review request (market as service follow-up; ensure opt-in covers it):
"Thanks for choosing [Business] today. If we did well, a quick Google review helps: [link].
Reply STOP to opt out."
Marketing promo (written consent required):
"[Business]: Spring tune-up special $49 this week. Book: [link]. Msg frequency ~4/mo. Reply STOP
to opt out."
Every sample you submit for A2P should mirror what you actually send — mismatches are a top rejection reason.
Penalties and complaints (plain English overview)
TCPA violations can trigger private lawsuits and regulatory action. Statutory damages are often quoted per message in bad-faith or large-scale cases — which is why one reckless blast to thousands of non-opted-in numbers can become a business-ending event, not a marketing oops.
Separate from lawsuits: carrier fines, number suspension, and platform account restrictions when spam rates spike. Customers also report brands publicly when texts feel invasive — reputation damage on top of deliverability loss.
The practical takeaway for a local service business: small, consented, useful texts (reminders, missed-call replies, one review ask) carry far less risk than imported lists and weekly promos. When volume or marketing mix grows, treat compliance as infrastructure, not a checkbox.
Common SMS compliance questions
Is it legal to text customers without their permission?
No — not for marketing or promotional messages. US law (TCPA) generally requires prior express consent before you text someone's mobile number, and marketing texts usually need express written consent with clear disclosure. Transactional messages tied to an existing relationship (appointment reminders, order updates) have a narrower path, but you still need a legitimate reason, honest identification, and easy opt-out. This is general information, not legal advice.
Do appointment reminders need written consent?
Often they can be sent as transactional or informational texts when the customer gave you their number in the normal course of business and reasonably expects updates about that appointment — but the message must stay factual (time, location, confirm/reschedule) and not sneak in promotions. Many platforms still collect explicit SMS opt-in at booking because it is cleaner evidence and helps A2P 10DLC campaign approval. When in doubt, get clear consent and log it.
What happens when someone replies STOP?
You must honor it immediately — typically within a few minutes through your SMS platform's automatic STOP handling. After STOP, do not send further marketing texts to that number; only narrow transactional messages required by law may still be allowed in some cases. Your platform should confirm the opt-out ("You're unsubscribed") and suppress the contact from marketing workflows. Keep a record of when they opted out.
Is A2P 10DLC the same as TCPA compliance?
No. TCPA is federal law about consent, identification, and opt-out. A2P 10DLC is a US carrier registration system — brands and campaigns register so business SMS is less likely to be filtered as spam. You need both: legal consent practices plus carrier registration, or texts may be compliant on paper but never arrive. See our A2P 10DLC guide for the registration steps.
Can I text customers whose numbers I already have?
Having a phone number from a past purchase or form fill is not automatic permission to market by text. You need to show they agreed to receive SMS — ideally with timestamp, source, and what they were told. Importing an old spreadsheet into a CRM and blasting "20% off today" is one of the fastest ways to get complaints, carrier blocks, and TCPA trouble. Segment: only text people with documented SMS consent.
Make your SMS stack compliant and deliverable
Do it yourself: audit every workflow that sends SMS — consent on the form, STOP enabled, sample messages match A2P — then start A2P 10DLC registration on day one of a GoHighLevel trial. If texts already stopped arriving, read business texting not delivering for the troubleshooting order.
Have us do it: consent forms, A2P brand/campaign, STOP handling, and your first compliant workflows (text-back, reminders, or review asks) — part of the done-for-you setup.
Get the GHL Setup Checklist — free
The exact checklist we run for paying setup clients: 27 steps from empty account to booked appointments, including the A2P compliance items everyone forgets. Drop your email and read it right away.
No spam, no sequence-of-doom. We only email when we publish something worth your time. Privacy policy.