Text Messaging SPAM

Scope

Intended Audience: All End Users

This document is intended to help customers to reduce their fraud attack from Text Messaging SPAM.

Text Messaging SPAM

Text messaging is a very convenient mode of simple and fast communication. Messages sent out via public networks to end users are required to comply with all relevant laws and regulations, including but not limited to the Telephone Consumer Protection Act (TCPA).

Unfortunately, bad actors can also leverage these technological capabilities to commit crimes by defrauding, impersonating, and extorting innocent victims. The text messaging industry generally operates in a more lightly regulated environment than voice calling does, so text messaging service providers must be that much more vigilant on fraud prevention and mitigation best practices.

At the outset, it’s important to understand the differences between Person-to-Person text messaging (P2P) and Application-to-Person text messaging (A2P).

Consumer (P2P) Messaging

P2P (Person-to-Person) is defined as two-way messaging. Typically, this is the conventional conversational two-way SMS or MMS messaging between individuals. From CTIA best practices: “Consumer (P2P) messaging is sent by a Consumer to one or more Consumers and is consistent with typical Consumer operation (i.e., message exchanges are consistent with conversational messaging among Consumers).”

Attributes of Typical Consumer Operation

• Throughput: 15 to 60 messages per minute. A Consumer is typically not able to originate or receive more than about one message per second.
• Volume: 1,000 per day. Only in unusual cases do Consumers send or receive more than a few hundred messages a day. A Consumer can’t typically send or receive messages continuously over a long period of time.
• Unique Sender: 1 telephone number assigned to or utilized by a single Consumer. A single Consumer typically originates messages from a single telephone number.
• Unique Recipients: 100 distinct recipients/telephone numbers per message. A Consumer typically sends messages to a limited number of recipients (e.g., 10 unique recipients).
• Balance: 1:1 ratio of outgoing to incoming messages per telephone number with some latitude in either direction. Consumer messages are typically conversational. An incoming message typically generates a response from the recipient.
• Repetition: 25 Repetitive Messages. Consumer messages are uniquely originated or chosenat the direction of the Consumer to unique recipients. Typical Consumer behavior is not to send essentially or substantially repetitive messages.

Consumer (P2P) Messaging Automation

Some Consumers utilize automation to assist in responding to communications. For example, a Consumer may direct their messaging service to auto-reply to a phone call in order to inform the caller about the Consumer’s status (e.g., “I’m busy” or “Driving now, can’t talk”). Such use of automation to assist Consumers in their composition and sending of messages falls within the attributes of typical Consumer operation. In contrast, the use of automation, in whole or in part, by Non-Consumers to facilitate messaging is not a typical Consumer operation.

Non-Consumer (A2P) Messaging

A2P (Application-to-Person) is one-way SMS to which recipients aren’t expected to reply. Typically this represents high-volume messaging between businesses and individuals. Some common examples are a logistics company sending delivery statuses and notifications, a dentist’s office sending one-way alerts and reminders, or a financial institution sending PIN codes to individuals either using short codes or long codes.

Non-Consumer (A2P) message traffic includes, but isn’t limited to, messaging to and from large-to-small businesses, entities, and organizations. For example, Non-Consumer (A2P) messages may include messages sent to multiple Consumers from businesses or their agents, messages exchanged with customer service response centers, service alerts and notifications (e.g., fraud, airline), and machine-to-machine communications. Non-Consumer (A2P) Message Senders may also include financial service providers, schools, medical practices, customer service entities, non-profit organizations, and political campaigns. Specifically, such Message Senders should adhere to the Non-Consumer (A2P) Best Practices, described in the CTIA Messaging Best Practices.

Non-Consumer (A2P) message traffic includes all messaging traffic that is automated, in whole or in part, but isn’t described as Consumer (P2P) messaging automation. If Consumer (P2P) messaging traffic is operating in a manner inconsistent with typical Consumer operation, such traffic may be filtered or subject to a Service Provider’s Unwanted Messaging threat mitigation efforts consistent with a Service Provider’s individual messaging service terms and conditions.

The one SMS/number/second message limits imposed in the guidelines for P2P messaging don’t apply to A2P messaging services. The use of an A2P text messaging service requires formal approval by us (and potentially carriers, depending on the use case and the company generating outbound traffic).

The major difference between the current P2P service that we offer today on U.S. and Canadian local 10-digit phone numbers, and the A2P Messaging service using toll-free numbers is that A2P formally allows TCPA compliant and opted-in use cases for many application-to-person use cases, such as alerts, PIN codes, requested marketing, and automated high-volume interactions between business/government and consumers.

Unwanted Messages

Protecting consumers from unwanted messages, particularly from high-volume messaging traffic, is a key consensus-based goal among messaging ecosystem stakeholders.

Unwanted Messages (or Unwanted Messaging) may include:

• Unsolicited bulk commercial messages (i.e., spam)
• “Phishing” messages intended to access private or confidential information through deception
• Messages that required an opt-in but didn’t obtain it (or had it revoked)
• Unwanted content, including other forms of abusive, harmful, malicious, unlawful or otherwise inappropriate messages

We recommend customers to follow best practices for Toll-Free (A2P) messaging and the CTIA messaging principles and best practices, as well as check out the CTIA Short Code Monitoring Handbook. Though this handbook is about text messaging shortcodes, the same basic principles and rules apply. We also recommend customers follow these additional industry-sanctioned Short Code guidelines.

Here are the best practices that customers can follow to prevent the flow of Text Messaging SPAM from their network toward ours. This type of SPAM traffic runs the risk of being BLOCKED by either us or by a downstream provider:

• Never send text messaging content that is related to S.H.A.F.T. Text messages with content that’s directly or remotely related to these categories will most likely be blocked as SPAM by either us and/or one or more Tier 1 Mobile Network/Handset operators in the U.S.
  • Sex
  • Hate
  • Alcohol
  • Firearms
  • Tobacco (including cannabis)
• The single most important practice is ensuring you have accurate, reliable opt-ins specific to the type of messages you’re sending consumers. Generally, opt-out rates are consistently low when you have obtained reliable and clear consumer opt-in consent. At any time, we or other wireless carriers may request evidence of documented opt-in consent for a particular message sent from you (or your customers).
• Don’t use publicly available URL shorteners. These same ‘free-public’ URL shorteners are used by bad-actors to evade detection and get their SPAM messages passed through text messaging platforms. We encourage you to build custom URL shorteners that relate to your company or product name. They’re still free. If a custom URL shortener is found to be used for fraudulent purposes, we can and will block messages containing them.
• Using a single number for both text and voice calls is not only a best practice but also a better overall user experience. Your customers can call and text the same number. But more importantly, you should avoid spreading messages across many source phone numbers, specifically to dilute reputation metrics and evade filters. This is referred to as “snowshoeing” and can result in your content being blocked. If your messaging use case requires the use of multiple numbers to distribute “similar” or “like” content, please discuss it with your sales rep.

[sms spam](https://docs.servantvoice.cloud/articles/fraud/text-messaging-spam/contact-us##search%5Fquery=sms spam) [text spam](https://docs.servantvoice.cloud/articles/fraud/text-messaging-spam/contact-us##search%5Fquery=text spam)