New A2P 10DLC regulation for SMS sent to US numbers

|
Published

If you are using the EUM feature where the Microsoft Login One Time Passcode is sent to the user by SMS, and the SMS are being sent to the US numbers, then the new A2P 10DLC regulation will affect that functionality.

EUM uses Twilio's SMS service to send SMS to the users. Twilio is enforcing the A2P 10DLC regulation, and hence only numbers registered to the A2P 10DLC Campaign can send the SMS. Others will have the SMS undelivered, effective September 1st 2023. The blocked messages will return error code 30034.

Please refer to the following related articles from Twilio:

What is A2P 10DLC? – Twilio Support

How do I register to use A2P 10DLC messaging? – Twilio Support

Understanding US A2P 10DLC - YouTube

List of campaign use case types for A2P 10DLC registration – Twilio Support

US A2P Low Volume Standard Brand Registration for 2FA Campaign

To be able to send the SMS effectively, you will have to register to the A2P 10DLC Campaign. Please follow the below details while registering:

  1. Please select the Brand as US A2P Low Volume Standard Brand for Registration
  2. Please select the Campaign as 2FA. Please refer to List of campaign use case types for A2P 10DLC registration – Twilio Support
  3. Please register with a detailed Message Flow, and Description of the Campaign, including an Opt-In and Opt-Out method. Please refer to A2P 10DLC Campaign Approval Requirements – Twilio Support

Pricing

As per Twilio, this will involve a One Time Registration Fee of $4, and Monthly Campaign Fee of $1.50

Please refer Twilio for Pricing

Care Points for Message Flow

The primary purpose of the Message Flow (or Call to Action) and required disclosures is to ensure the end user consents to receive text messages and understands the nature of the program. The Message Flow must be accessible by a 3rd party reviewer so it can be verified.

Explain if the Call to Action is behind a login, not yet published publicly, is verbal, on paper. Provide a screenshot of the Call to Action in such cases. Host the screen shot on a publicly accessible website (like OneDrive or Google Drive) and provide the URL in this field.

Care Points for Campaign Description:

Provide a clear and comprehensive overview of the campaign's objectives and interactions the end-user would experience after opting in.

Care Points for the Opt-In workflow in the Description

Verify opt-in meets CTIA's guidelines. All methods of opt-in need to be listed. If opt-in is collected through a paper form or behind a login, please provide a hosted link to the image of opt-in. If opt-in occurs on a website, please provide a link to the website. The website needs to have a privacy policy and terms of service. Ensure opt-in is not shared with 3rd parties.

Care Points for the Opt-Out workflow in the Description

Verify that opt-out workflow is accurate and update Message Flow (labeled as 'How do end-users consent to receive messages' while submitting) description with opt-out process. If opt-out is managed, add opt-out keywords and update opt-out message to to include acknowledgement of opt-out request, confirmation that no further messages will be sent, and brand name.

Please refer to Twilio's Requirements for the US A2P Low Volume Standard Brand Registration

If Registration is Rejected

Please refer Twilio for possible causes of Rejection of the Registration.