Disclaimer: This article is educational information, not legal advice. If you believe your rights have been violated, consult a licensed attorney who handles consumer protection or telecommunications law.
Most people who receive an unwanted marketing text don't know they have a federal law on their side. The Telephone Consumer Protection Act — commonly called the TCPA — has covered text messages since at least 2003, yet it remains one of the least-known consumer protections in the country. If you're getting texts you never signed up for and the "STOP" replies go nowhere, this guide explains what the law actually requires, where it applies, and what your options are.
Before filing anything, it helps to know who's behind the number. Who Sent That Text Message lets you look up the carrier and basic origin information for any phone number — useful context when you're documenting a violation.
What Is the TCPA?
The Telephone Consumer Protection Act (47 U.S.C. § 227) was signed into law in 1991, primarily to address the explosion of telemarketing calls to residential landlines. Congress later extended its protections to fax machines and, through FCC rulemaking, to mobile phones and text messages.
The TCPA is a federal statute enforced by the Federal Communications Commission (FCC). It also creates a private right of action — meaning individual consumers can sue violators directly in federal or state court without waiting for the government to act. This private enforcement mechanism is what makes the TCPA one of the most actively litigated consumer protection laws in the United States.
Key facts about the TCPA:
- Enacted: 1991; extended to wireless devices via FCC rulemaking in 2003
- Enforced by: The FCC; state attorneys general; private plaintiffs
- Covers: Calls and text messages to mobile phones, fax transmissions, calls to residential landlines
- Damages: $500 per violation; up to $1,500 per willful violation
What the TCPA Requires for Text Messages
The TCPA draws a clear line between two categories of text messages: informational messages and marketing messages. The consent requirements differ significantly between them.
Prior Express Consent for Informational Texts
A business or organization may send you informational text messages — appointment reminders, package delivery updates, two-factor authentication codes, bank transaction alerts — if you have given prior express consent. This generally means you voluntarily provided your mobile number in a context where it was reasonably clear you'd receive texts. Giving your number to your doctor's office or your bank typically satisfies this standard.
Prior Express Written Consent for Marketing Texts
Marketing texts require a higher standard: prior express written consent. The FCC's 2012 rulemaking (FCC 12-21) established that this consent must be:
- In writing (a digital signature counts under the E-SIGN Act)
- Signed by the consumer
- Clear that the consumer agrees to receive autodialed or prerecorded marketing calls/texts
- Not a condition of purchasing any goods or services
A pre-checked opt-in box on a checkout form does not satisfy this standard. Neither does fine print buried in a terms of service document. The consent must be unambiguous and specifically authorize marketing texts.
The ATDS Question and Facebook v. Duguid (2021)
The TCPA's most stringent restrictions apply to messages sent using an Automatic Telephone Dialing System (ATDS) — commonly called an autodialer. For years, courts disagreed about what equipment qualified as an ATDS, creating legal uncertainty for businesses and plaintiffs alike.
In Facebook, Inc. v. Duguid, 592 U.S. 395 (2021), the Supreme Court resolved this split. The Court held that an ATDS must have the capacity to store or produce telephone numbers using a random or sequential number generator and then dial those numbers. Systems that simply dial from a stored list of known numbers — without any random or sequential generation component — do not qualify as autodialers under the federal statute.
This ruling narrowed TCPA exposure for many businesses, but it did not eliminate it. Several states have enacted their own telephone consumer protection statutes with broader definitions of prohibited dialing equipment, and the FCC continues to update its rules. The TCPA's opt-out and do-not-call provisions also apply regardless of whether an ATDS is used.
Common TCPA Violations in Text Messaging
Understanding what constitutes a violation is the foundation of any enforcement action. The most frequent text messaging violations include:
Texting Without Any Consent
Sending marketing texts to a number without obtaining any prior express written consent. This is the most straightforward violation and the easiest to document — there is simply no consent record because none was ever obtained.
Failure to Honor Opt-Out Requests
The TCPA requires businesses to maintain an opt-out mechanism and honor it promptly. Under FCC rules, if a consumer replies "STOP" (or similar words like QUIT, CANCEL, UNSUBSCRIBE, or END), the sender must stop all marketing texts to that number. Continued texts after a valid opt-out request are a separate, independent violation for each message sent.
Texting After a Business Relationship Ends
Even if a consumer originally consented as part of a business relationship, that consent does not last indefinitely. Once the relationship ends — the subscription is cancelled, the account is closed — the basis for consent expires. Continuing to send marketing texts constitutes a violation.
Texts to Numbers on the Do Not Call Registry
The National Do Not Call Registry applies to text messages as well as voice calls. Sending telemarketing texts to a registered number, without an established business relationship or prior written consent, violates both the TCPA and FTC regulations.
Texting Outside Permitted Hours
FCC rules prohibit unsolicited calls and texts before 8:00 AM or after 9:00 PM in the recipient's local time zone. Texts received outside these hours are an independent basis for a complaint.
Third-Party Consent Problems
Companies sometimes purchase lead lists where the purported consent was obtained by a third party through vague or misleading disclosures. Courts have increasingly held that consent obtained through such "lead generation" practices does not satisfy the TCPA's written consent standard, meaning the sending company has no valid consent defense.
What You Can Do About Violations
The TCPA is one of the few federal consumer protection laws that lets you take direct action without government involvement. Here are your options, from least to most formal:
Step 1: Document Everything
Before doing anything else, build your record:
- Screenshot every text message, including the sender's number and the date/time it was received
- Note the full phone number of each sender (including any short codes)
- Use Who Sent That Text Message to identify the carrier and determine whether it's a wireless, VoIP, or short code origin
- Save any opt-out replies you sent and note when you sent them
- Record the date and content of any messages received after you opted out
Step 2: File an FCC Complaint
The FCC accepts consumer complaints about unwanted texts at consumercomplaints.fcc.gov. Filing a complaint does not automatically result in an enforcement action or any payment to you, but it contributes to the FCC's enforcement database. When the FCC identifies patterns of violations, it can issue substantial fines — often in the millions of dollars for large-scale campaigns.
Step 3: File an FTC Complaint
The FTC also accepts complaints about unwanted text messages at ReportFraud.ftc.gov. The FTC's database, Consumer Sentinel, is shared with hundreds of law enforcement agencies nationwide and can trigger investigations that lead to enforcement actions against repeat violators.
Step 4: Consider Legal Action
The TCPA's private right of action is its most powerful feature for individual consumers. You can sue a TCPA violator in federal district court or, depending on your state, in small claims court. Statutory damages are:
- $500 per violation for each text sent in violation of the TCPA
- Up to $1,500 per violation if the court finds the violation was willful or knowing
Each individual text message counts as a separate violation. A sender who sent you 50 unsolicited marketing texts after you opted out faces up to $75,000 in statutory damages — before any legal fees or punitive considerations.
Class action lawsuits are also common under the TCPA when a sender has texted large numbers of people without proper consent. Settlements in TCPA class actions have ranged from tens of thousands to hundreds of millions of dollars.
If you are considering legal action, consult a consumer protection attorney. Many TCPA plaintiffs' attorneys work on contingency, meaning you pay nothing unless you win.
How to Opt Out of Text Messages (And What to Do When They Ignore You)
Valid Opt-Out Keywords
Under FCC rules, any of the following words, when sent as a reply to a commercial text sender, must be treated as a valid opt-out request: STOP, QUIT, CANCEL, UNSUBSCRIBE, or END. The sender is required to:
- Confirm the opt-out with a single reply text
- Cease all future marketing texts to your number immediately
The FCC has clarified that opt-out requests must be honored regardless of the format — even a "Please stop texting me" in plain English can constitute notice. Businesses cannot require consumers to use a specific opt-out method or navigate a web portal to stop receiving texts.
Timeline for Compliance
Opt-out requests should be honored within a reasonable time, which is generally interpreted as immediately or within one business day. There is no grace period for a sender to continue marketing texts after receiving an opt-out.
When They Ignore Your Opt-Out
Continued texts after a valid opt-out are independent TCPA violations — each one is a separate $500–$1,500 claim. If you replied "STOP" and the texts continued, document every message sent after your opt-out with timestamps. This pattern is exactly the kind of evidence that makes both regulatory complaints and private lawsuits compelling.
For step-by-step reporting guidance, see our article How to Report Scam Text Messages.
Notable TCPA Enforcement Actions
The FCC has issued substantial fines for TCPA violations in recent years. Some illustrative examples of the scale of enforcement:
- The FCC has proposed fines exceeding $5 million against companies operating large-scale robocall and robotext campaigns targeting millions of consumers without consent
- Class action TCPA settlements have included payouts from major retailers, financial institutions, and telecommunications companies for failures in their consent management processes
- The FCC's 2023 one-to-one consent rule, which took effect in 2024, further tightened requirements by requiring that written consent name the specific company sending the texts — generic consent forms that purported to authorize messages from any "marketing partners" were disallowed
The size of these enforcement actions reflects the fact that large-scale texting campaigns can generate violations by the millions. At $500 per violation, even brief campaigns can create enormous liability.
Limitations of the TCPA
The TCPA does not protect against every unwanted text. Understanding its limits helps you set realistic expectations:
Individual Senders
The TCPA's autodialer provisions are designed for commercial senders using automated systems. A single person manually texting you from their own phone — even repeatedly and unwantedly — is generally not a TCPA violation. Harassment by an individual is better addressed through state anti-harassment statutes or a police report.
International Senders
Many spam texts originate outside the United States, often from spoofed numbers designed to appear domestic. While US law technically applies to communications sent to US numbers, enforcement against foreign senders is practically difficult. If you receive a suspicious text and want to verify the apparent sender's origin, Who Sent That Text Message can help identify carrier information that may reveal whether a number is genuinely US-based or likely spoofed. For more on identifying spoofed texts, see our guide How to Identify Spoofed Text Messages.
Political and Informational Messages
Political campaign texts occupy a complicated space. The FCC has held that political calls and texts to wireless numbers require prior express consent when using an ATDS, but enforcement has been inconsistent, and many political organizations use peer-to-peer texting platforms specifically to avoid autodialer classifications. Similarly, purely informational texts — those with no marketing component — have less stringent consent requirements than commercial marketing texts.
Calls from Your Existing Providers
Businesses you already have a relationship with — your bank, your insurer, your utility company — generally have broader latitude to contact you with informational messages. Consent obtained as part of establishing the account typically covers transactional texts. However, once you opt out of marketing communications, the higher standard applies again.
Quick Reference: TCPA Rights for Text Messages
- Who is protected: Anyone with a US mobile phone number
- What requires consent: All commercial/marketing texts; informational texts if sent with autodialer technology
- Consent standard for marketing: Prior express written consent — explicit, signed, specific
- Opt-out keywords: STOP, QUIT, CANCEL, UNSUBSCRIBE, END
- Damages per violation: $500 negligent; $1,500 willful
- Where to complain: FCC (consumercomplaints.fcc.gov), FTC (ReportFraud.ftc.gov)
- Can you sue? Yes — in federal court or state small claims court
- Key case: Facebook v. Duguid, 592 U.S. 395 (2021) — narrowed definition of autodialer
- Key statute: 47 U.S.C. § 227
Frequently Asked Questions
Does the TCPA apply to texts, not just phone calls?
Yes. The FCC has confirmed that the TCPA applies to text messages sent to mobile phones. Text messages are treated as "calls" under the statute for the purposes of the TCPA's consent and opt-out requirements.
What is the statute of limitations for a TCPA claim?
The TCPA has a four-year statute of limitations, meaning you can bring a claim for violations that occurred within the past four years. Courts use the general federal statute of limitations (28 U.S.C. § 1658) for TCPA private actions.
Can I sue for every text message I received?
Each unsolicited text that violates the TCPA is a separate violation with its own $500–$1,500 damage potential. If you received 20 texts without proper consent, that is potentially 20 separate claims. Courts have discretion over whether to award maximum damages, particularly for willfulness findings.
What if the company says I consented?
The burden of proving consent falls on the sender, not on you. If a company claims you consented to receive marketing texts, they must produce a written record of that consent — a dated, signed opt-in with your phone number specifically authorizing their marketing texts. Vague or pre-checked consent forms often fail to meet this standard.
Do I need a lawyer to file a TCPA lawsuit?
You can file in small claims court on your own for smaller amounts. For larger claims or cases involving multiple violations, a consumer protection attorney can significantly improve your outcome. Many attorneys handle TCPA cases on contingency.