You will learn
To expedite the short code application process, review the following checklist prior to applying to ensure that you have met all requirements.
Short codes are five- or six-digit numbers primarily used for high-throughput SMS marketing. Due to this, wireless carriers have strict requirements for how you can leverage SMS short codes. Short code programs must comply with carrier compliance requirements, industry standards, and applicable laws. Further, not all businesses are eligible for a short code.
You must apply and be approved for a short code. The goal of the short code application process is to communicate to wireless carriers about how a brand will use a short code. The application process takes 8–12 weeks to complete.
Note that this checklist only applies to the US short code application process. This process varies from country to country, and short codes are only good for the specific country where they’re approved.
This advice is for informational purposes only and is neither intended as nor should be substituted for consultation with appropriate legal counsel and/or your organization’s regulatory compliance team.
Important note about short code compliance
There are three levels of short code compliance: compliance with the TCPA, compliance with CTIA guidelines, and compliance with carrier requirements.
Carrier policies are often unpublished and only known through interactions with the carriers during the application process. These policies are also subject to change. Klaviyo works to stay informed of current requirements; however, changes to your short code application or mocks may be requested at any time to maintain compliance.
Klaviyo works to avoid any rejections or the need for re-review by vetting applications before they are sent to carriers. If a wireless carrier rejects a program, you may be able to modify it to meet the carrier’s requirements. Once the changes have been made, the program can be resubmitted to the carrier. However, resubmissions aren’t prioritized ahead of first-time applications, so be aware that the second review may result in delays in launching the short code.
US short code application checklist
Before applying for a US short code, complete the items in the checklist below.
- Review prohibited content and spam mitigation policies
- Optional: check if your vanity short code is available
- Collect company and contact information
- Determine SMS program service type(s)
- Collect and validate express consent for SMS
- Create SMS content
- Use branded link shorteners
- Ensure abandoned cart are compliant
- Audit your terms of service and privacy policy
- Submit a letter of authorization
- Recommended: include any subscribe keywords you want to use
If you are approved and change your short code number, you are required to notify recipients that you are changing numbers.
Review prohibited content and spam mitigation policies
Providers and carriers often filter SMS content related to sex, hate, alcohol, firearms, or tobacco (SHAFT) or spam messages. Review your content to make sure that it isn’t prohibited for SMS and MMS messages.
Ensure age-restricted content (tobacco and alcohol) is compliant
Some prohibited content such as tobacco and alcohol, may be allowed with the proper federally age restricted verifications in place.
Age-restricted content that is federally regulated (and not federally illegal, such as cannabis) is allowed with age verification in place. Double opt-in is required and the customer must reply with their birthdate to confirm their age (YYYY/DD/MM format).
If your privacy policy mentions age restrictions for any reason, verifying age outside of SMS (such as asking for birthdate in a web form) is sufficient for all non-federally regulated industries.
Ensure your charitable organization is compliant
All charitable organizations must meet the following qualifications:
- Qualified as tax-exempt under section 501(c)(3) of the Internal Revenue Code
- Accredited by a disinterested non-profit accreditation organization (e.g., Better Business Bureau, Wise Giving Alliance, Charity Navigator)
Charitable donation programs supported by a DCA must provide the following requirements:
- Be set up on a dedicated application address (for any charitable donation campaigns)
- Provide the following charitable organization information for proof of qualified as tax-exempt under section 501(c)(3) of the Internal Revenue Code:
- Name of company/non-profit organization
- Tax identification (EIN)
- Charitable organization website
- Accreditation organization website listing company/non-profit
Ensure your direct lending organization is compliant
Please answer the following questions and include responses in your SMS short code application. If the answer is no to any of the questions below, it is unlikely your application will be accepted.
- Is the message sender the direct lender: Y/N
- Can you provide a lending license: Y/N
- Is the lender licensed to lend in all states: Y/N
- Does this involve any affiliate marketing: Y/N
- Is there any redirecting to other/third party websites within the application, or links sent via SMS: Y/N
- Do the Terms or Privacy Policy have any mention of selling/renting/sharing end use data? Y/N (see Privacy Policy disclosure below)
- Will this short code campaign be used for marketing of loan products, or for account updates/information related to an existing customer account?
- Attach a copy of the lending license. This must include every state licensed in.
Optional: check if your vanity short code is available
If you want to choose the numbers in your short code, you need a vanity short code. Go to the Short Code Registry and query to see if your five- or six-digit code is available or if it is already in use. You can even be notified if the code becomes available in the future.
Collect company and contact information
Gather information regarding your business, point of contact, and contact details in case someone needs to reach out for assistance.
- Company name
- Company's website URL
- If you have a URL specific to your short code program, provide that; otherwise, enter your main company website URL.
- Company physical or mailing address
- Tax ID
- Primary contact name
- Primary contact phone number
- Support phone number
- Support email address
Determine SMS program service type(s)
Figure out what kind of SMS program(s) you want to run. Below are the most common types:
- Promotional — provides marketing, advertising, coupons or deals highlighting the latest products, services, discounts, events, and upcoming offers
- Transactional — sends alerts, notifications, etc. (if any promotional content is in the message, it loses its transactional classification)
- Multi-factor authentication (MFA) - provides an extra layer of security verification
Collect and validate express SMS consent
The Telephone Consumer Protection Act (TCPA) indicates that customers must give “express written consent” before receiving an automated text message. It must be clear and conspicuous, so the customer understands what they’re signing up for. Sending a text message without the customer’s prior consent is prohibited.
You cannot make consent to your SMS program a condition of purchase of property, goods, or services. Further, consent for another marketing channel (e.g., email) does not count as consent for SMS.
Transactional messages
Transactional SMS messages require unique explicit consent and cannot be bundled with consent for promotional messages. If the opt-in method mentions both promotional and transactional messages, the customer must opt in to each use case separately. For instance, you can create a general signup form to gather consent for promotional SMS messages, and ask customers to opt into transactional messages when they create an account. To do so, you should assign customers to different lists depending on the signup method, or use custom properties so that you can create separate segments.
Carriers want transactional messages to be more defined or specific. When mentioning transactional messages, include example message types such as "updates, alerts, and information."
Create SMS content
For short code applications, carriers ask that you provide examples for your opt-in methods (e.g., signup forms) and two to three SMS messages. These examples can be either screenshots of live messages or forms, or designed mockups that contain placeholder information.
Carrier requirements around the format and syntax of SMS messages can be very precise and some elements are mandatory.
Requirements for forms/opt-In methods
In your form, or other opt-in method, you will need to provide:
- Separate opt-ins for transactional and promotional messages (if you plan to send both types using the short code)
- Details of how customers can opt into receiving SMS messages from your short code
- Web: phone number entered on website or mobile application
- Keyword: text message sent to your short code via a consumer mobile device
- Paper: point-of-sale location
- Verbal: over the phone, via a call center or interactive voice response (IVR) technology, or from a call script
- A compliant visual mockup of each opt-in method — this can be a mockup of a website; sign; or, in the case of verbal opt-ins, a script
- When providing website mockups, the mockups must be in context of the full web page so carriers can review placement
- Carriers may reject mockups where the opt-in form doesn’t appear optional, so:
- For signup forms, show that it can be closed (e.g., with an “x” at the top)
- For checkboxes, include “optional” or “I optionally agree to receive” in the opt-in language
- The following information (along with your company’s information) must appear wherever the short code is advertised (e.g., website, sign, etc):
- Service description and name
- Message and data rates may apply
- Message frequency (e.g., “Message frequency varies”)
- Contact info for information and opting out of the short code program (e.g., “Text HELP for help. Text STOP to opt out.”)
- Links to your short code program terms of service and your privacy policy (e.g., “Terms of Service: <URL to SMS terms of service>. Privacy Policy: <URL to privacy policy>”)
Requirements for example SMS messages
You need two to three example SMS messages. In these messages:
- Provide an example of a compliant visual mockup of each type of message that you plan to send using your short code; examples must be representative of actual messages that you plan to send with the short code
- Include the following mandatory compliance elements:
- Program name
- Call-to-action
- Reply HELP for help
- Reply STOP to cancel
- “Msg&Data rates may apply”
Ensure abandoned cart programs are compliant
Due to the complexity of these program service types, carriers require additional information to ensure quality and legal compliance. If you use SMS for these purpose, review this article on staying compliant with SMS abandoned cart flows programs.
Audit your terms of service and privacy policy
To leverage SMS, you may need to update your existing terms of service and privacy policy to ensure compliance. The SMS terms of service can exist as a separate section on your company’s existing terms of service page.
Follow the best practices for an SMS terms of service and privacy policy.
Submit a letter of authorization
Use the text below or similar text to create a letter of authorization and have it signed.
The signature can be handwritten or signed via an electronic signature software, preferably one that has tracking of signature date/identity. Simply typing in a signature is not accepted.
[Brand Letterhead]
Date:
RE: Letter of Authorization for short code
To Whom it May Concern:
[Company Name] approves the provisioning of the assigned short code via Klaviyo for [Company Name] Notifications.
Sincerely,
[Brand Representative]
[Signature]
[Title]
Recommended: include any subscribe keywords you want to use
While not required, it's a best practice to inform Klaviyo about any subscribe keyword you are using (except for JOIN) or plan to use.
The reason for this best practice is that if wireless carriers ever audit your short code program, having your keywords on file can help protect you.
Additional resources
- Learn more best practices for creating an SMS terms of service and privacy policy
- Learn more about sending numbers:
- Find out the difference between express consent and implied consent