Overview


Ensuring your website is compliant is a crucial part of passing A2P 10DLC registration and maintaining long-term SMS deliverability. Carriers and compliance partners review your website to verify that your brand is legitimate, transparent, and aligned with approved messaging standards.


Website compliance is also a key requirement enforced by U.S. carriers and The Campaign Registry (TCR), who expect your site to clearly display accessible, accurate, and verifiable information. These elements help protect consumers and ensure that only wanted, consensual messaging is sent.


This guide outlines the essential website requirements you must meet before submitting your SMS campaign for approval.

1. Why Website Compliance Matters


During A2P 10DLC review, carriers validate your:

  • Brand identity

  • Legitimacy of your business

  • Accuracy of contact information

  • Transparency around how SMS consent is collected

Any missing, mismatched, or incorrect website elements can result in campaign rejection or delays. A compliant website increases your chances of approval and protects your messaging reputation.

2. Website Compliance Requirements


Use the checklist below to ensure your website meets all necessary compliance standards before submitting your application.


A) Opt-In Method Clearly Described


Your campaign description must state the exact opt-in method(s) you use, such as:

  • Website Form

  • QR Code

  • Paper Form

  • Kiosk

  • Facebook Lead Form

  • Verbal

This helps reviewers understand where and how consent is collected.

Note: One of the most important elements of this process is domain consistency between your website and the opt-in form URL.


B) Include Links to All Opt-In Flows


Anywhere you collect SMS consent—forms, QR code pages, lead forms—should be linked or documented.
Upload screenshots where applicable so compliance reviewers can see proof of consent.


C) Website Must Be Live and Accessible


Your website should:

  • Load without errors (no 404, 500, password gates, or “coming soon” pages)

  • Be accessible to reviewers without logging in

  • Display your brand identity clearly

Inactive or “broken” websites are a frequent cause of A2P rejections.


D) Provide Both the Business Website URL and Opt-In Form URL


If your opt-in happens on a different page than the homepage, you must provide:

  • Business Website URL

  • Opt-In Form URL

Important: For website-based opt-ins, the domains must match (e.g., mybusiness.com and forms.mybusiness.com).


E) Your Opt-In Form Must Be Fully Compliant


Your opt-in form must include:

  • Business name

  • Clear, express consent wording

  • Message purpose (promotions, alerts, notifications, reminders)

  • STOP/HELP instructions

  • Message frequency (or “Message frequency varies”)

  • Optional but recommended: “Message & data rates may apply”

  • Phone number field

  • Links to:

    • Terms of Service (TOS)

    • Privacy Policy

Missing any of these items may result in rejection.


F) Add Your TOS & Privacy Policy to Your Website and Form


Your Terms of Service and Privacy Policy must:

  • Be publicly accessible

  • Include your business name

  • Match the identity you provide during brand registration

  • Appear wherever SMS consent is collected

These documents help verify your legitimacy and compliance.


G) Display Business Contact Information


Your website must show:

  • Business address

  • Support email

  • Phone number

These details must match the information submitted in your Brand registration.


H) No Selling or Buying Leads


Your website must not reference:

  • Purchasing leads

  • Selling leads

  • Affiliate lead programs

  • Lead reselling

Carriers blacklist businesses associated with lead trading. If any such wording appears on your website, your campaign may be automatically rejected.


I) DBA Names Must Be Displayed if Applicable


If you operate under a “Doing Business As” name, your website must display:

  • DBA name in footer
    OR

  • In the Privacy Policy
    OR

  • Terms & Conditions

This ensures the brand used in registration matches what appears publicly.

3. Common Reasons for Rejection

  • The website is offline, not publicly accessible, or cannot be verified.

  • The privacy policy is missing or does not clearly outline how data is handled or restricted.

  • The opt-in process is unclear, hard to validate, or not properly documented.

  • Business details on the website do not match the information submitted during registration.

4. Best Practices

  • Use simple, easy-to-understand language throughout your site and forms.

  • Ensure compliance links (privacy policy, terms of service, etc.) are clearly visible and easy to navigate to.

  • Keep your website current and make sure all compliance-related information is publicly accessible.

5. Summary: What a Compliant Website Looks Like


A compliant website must:

  • Be live, complete, and error-free

  • Accurately display brand details & contact information

  • Contain required legal documents (TOS + Privacy Policy)

  • Match your A2P brand identity

  • Include compliant opt-in language wherever SMS consent is collected

  • Avoid any reference to buying/selling leads

  • Use consistent domains for website and opt-in forms

With these elements in place, your campaign is much more likely to pass the A2P 10DLC approval process.