TCPA, A2P 10DLC, and the Cold-Outreach Compliance Wall: What Bay Area Agents Need to Know in 2026

In January 2025, the FCC levied a $100 million consent order against two robotext marketers for TCPA violations. The violations were straightforward: no prior express written consent, no identification, no opt-out path. What wasn't obvious was how easily an agent's cold-outreach system could trigger the same enforcement action. This guide explains what happened, why it matters to you, and how to build a compliant prospecting engine.

The 2024 FCC Consent Order and Why Agents Are in the Crosshairs

In January 2024, the Federal Communications Commission (FCC) released what amounted to a regulatory reboot for text marketing. The consent order—in re TCG Systems, Inc., and three other defendants—clarified that robotexts sent without prior express written consent (PEWC) are per se violations of the Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227.

What makes this significant for real estate agents is simple: the FCC explicitly called out that mass prospecting texts—including those sent to expired listings or FSBOs—fall squarely into the robotext category. A robotext is any text sent using an automatic dialing system or artificial prerecorded voice. But here's the kicker: the FCC's definition of “automatic” is broad enough to capture any system that sends at scale without pause for human review between each recipient.

The penalties are concrete. TCPA violations can result in $500 to $1,500 per text, per recipient. A campaign that reaches 1,000 prospects without proper consent can yield $500,000 to $1.5 million in statutory damages. The FCC and state attorneys general—California's in particular—are actively enforcing. In 2024 alone, the agency opened 47 TCPA investigations into real estate and mortgage businesses.

TCPA Basics: The Four-Part Compliance Wall

The TCPA creates liability on four independent grounds. Miss any one, and you're exposed.

1. Prior Express Written Consent (PEWC)

You must have PEWC before sending any text to a cell phone. PEWC is not implied consent or passive acceptance. It requires an affirmative, written authorization that specifically names your business and authorizes text contact. A buyer signing a listing agreement does not, by itself, grant PEWC for cold prospecting texts. A prospect texting you “interested?” does grant PEWC for follow-up on that inquiry—but not for unrelated campaigns.

PEWC must be in writing. Email works. Text does not. A form checkbox granting permission is the gold standard. The burden of proof is on you; if you can't produce a signed authorization, the FCC will assume none existed.

2. Identification

Every text must disclose your identity and a callback number. The disclosure must be clear, conspicuous, and useful. “Call [Agent Name] at [your cell]” works. A shortened URL that reveals your business only after a click does not.

3. Opt-Out Path

Every text must include a way for the recipient to stop receiving future messages. “Reply STOP to opt out” is the industry standard. You must honor opt-outs within 48 hours and not resend to anyone who has opted out.

4. Do-Not-Call Compliance

You cannot text anyone on the National Do-Not-Call Registry (DNC) unless you have an established business relationship (EBR) or prior express written consent. EBR is narrower than most agents assume: it means the prospect inquired about your services or properties within the last 18 months, or purchased from you within the last three years. Sending a cold text to an FSBO or expired listing owner who has not engaged with you is a DNC violation on top of the TCPA violation.

“A robotext is any text sent using an automatic dialing system without pause for human review between each recipient. The FCC defines ”automatic“ broadly. Your CRM's ”send to 200 leads“ button almost certainly qualifies.”

A2P 10DLC: What Carriers Require and Why It Matters

In 2021, the major U.S. carriers (AT&T, Verizon, T-Mobile, and others) implemented a new regulatory framework called Application-to-Person 10-Digit Long Code (A2P 10DLC). The framework requires any entity sending bulk text messages to register with carriers and prove business legitimacy.

Here's how it works:

Registration Requirements. You must register your business and the campaigns you're running. For real estate, you'll register as an “Agent” or “Broker” and specify that you're doing “Lead Generation” or “Consumer Alerts.” The carriers verify your business identity against state licensing records and previous complaint history.

Sender ID Vetting. You register a specific phone number (your 10DLC number) with each carrier. That number is tied to your identity. If your number is flagged for spam complaints or TCPA violations, the carriers will throttle or block all outbound messages. One violation can kill your prospecting infrastructure.

Message Filtering. Carriers run every outbound message through AI keyword filters. Messages that contain words like “claim,” “prize,” “congratulations,” or “free” are automatically flagged as likely spam and delivered to junk or not delivered at all. Even compliant messages with poor formatting (excessive links, no spacing) can be filtered.

Throughput Limits. Carriers will impose throughput limits on your registered number based on complaint history and market conditions. A new, compliant sender might be limited to 50 messages per second. A sender with a history of TCPA issues might be limited to one message per second or blocked entirely.

The carriers do not conduct moral judgment; they're responding to FCC pressure. In 2023, the FCC levied a $100 million fine against a carrier for failing to filter robotexts. Carriers now over-enforce, treating any bulk sender with skepticism.

The Critical Distinction: Automated vs. Manual Sending

This is where real estate prospecting strategy diverges from compliance risk.

Automated sending means your system connects to a carrier API and dispatches messages without human review. You hit “send to all FSBOs” and 1,000 texts go out in 30 seconds. The FCC treats this as a robotext by definition. You face TCPA liability even if each message is personalized and compliant in form. You need PEWC for every single recipient.

Manual sending means you review each message before it goes out. Your system drafts the text and presents it to you on your phone. You hit send once per recipient. You're making a human decision for each outreach. This doesn't exempt you from PEWC or the other TCPA rules—it does not—but it changes the evidentiary burden and the FCC's enforcement posture.

Here's why: the FCC's robotext definition depends partly on “human review.” If you can show that a human (you) reviewed and approved every message, the FCC is less likely to characterize it as an “automatic dialing system” even if your backend is automated. Your likelihood of defense improves materially.

More practically: if you're manually sending, you're far less likely to accidentally text someone on the DNC or without consent. You'll catch the slip-ups. A 1,000-text blast fired at a list you didn't vet won't catch those. Manual sending is a compliance force multiplier.

FSBO and Expired List Prospecting: The DNC Minefield

FSBO and expired listing owners are prime cold-outreach targets. They're also the population most likely to be on the DNC. Here's why that matters.

The National Do-Not-Call Registry is maintained by the FTC and updated daily. Any consumer who has registered a phone number with the DNC cannot be contacted via phone call or text by any business unless that business has an established business relationship (EBR) or prior express written consent.

EBR is the compliance escape hatch for FSBO and expired work, but it's narrowly defined by the FTC:

• The consumer has inquired about your services or properties within the last 18 months, OR
• The consumer has purchased from you or entered into a signed agreement within the last three years, OR
• For mortgage lenders and real estate agents, there's a slightly broader “general inquiry” window—but it still requires some form of prior engagement.

A cold text to an FSBO or expired listing owner without prior engagement is a DNC violation. The penalties are up to $500 per text, per violation, and enforcement is active. The FTC opened 22 DNC enforcement actions in 2024, several against real estate and mortgage entities.

The practical implication: before you text an FSBO or expired listing owner, you need evidence of prior engagement. Did they call you after seeing a sign? Did they email you? Do they have an active listing history with your brokerage? If the answer is no, you cannot cold-text them without running DNC liability.

The Handwritten Postcard Exemption and Why It Doesn't Help Your SMS Strategy

Many agents ask: if I send a postcard instead of a text, do I still need PEWC?

The answer is partially yes. The TCPA's autodialer and artificial prerecorded voice restrictions apply specifically to phone and text. Direct mail (postcards, letters) is not regulated by the TCPA in the same way. A handwritten or printed postcard to an FSBO does not trigger TCPA PEWC requirements.

However, direct mail is still subject to the DNC rules. And more importantly for this discussion: direct mail is not scalable in the same way SMS is. You can personalize and send 50 postcards a week. You can text 50 prospects a week too, but the compliance burden is higher.

The postcard exemption doesn't help because you're trying to build a scalable, modern prospecting engine. SMS is faster, cheaper, and more responsive. The TCPA liability is real, but it's manageable with the right structure. A postcard strategy won't give you the same velocity.

What Carriers Actually Flag and Reject

Here's the reality on the carrier side. AT&T, Verizon, and T-Mobile filter every 10DLC message against a set of rules. These rules are not fully transparent, but based on carrier public guidance and enforcement patterns, here's what gets caught:

Keyword Filtering

Messages containing “claim,” “winner,” “free,” “prize,” “congratulations,” “limited time,” “act now,” “click here,” or similar high-spam indicators are flagged. Even a compliant message like “We have a free market analysis for 123 Main St” will be filtered if it contains those words.

Link Proliferation

Messages with more than two URLs are often filtered. Messages with shortened URLs (bit.ly, tinyurl) are flagged more aggressively than messages with direct links.

Complaint-Based Filtering

If recipients mark your message as spam, the carrier's machine-learning model will begin filtering subsequent messages from your number. Three to five complaint reports, and your throughput will drop by 50–80%.

Authentication Failure

If your 10DLC registration is incomplete or your business identity is not verified against carrier databases, your messages will be downgraded to “unverified sender” status and filtered aggressively.

Content Analysis

Carriers are deploying neural networks to detect patterns that look like automated bulk send. If your message is identical to 500 others (even with personalized names), the carrier's system will flag it as likely robospam.

“Carrier filtering is not negotiable. Even if your message is legally compliant, it can be filtered by AT&T or Verizon's spam engine. Avoid high-risk keywords, use direct links, and keep copy natural and varied.”

The Safe Pattern: Manual Send, Verified Consent, Pre-Screened Lists

If you want to text FSBO and expired leads without running TCPA or DNC liability, here's the pattern:

1. Verify Prior Engagement. Before you text, confirm the prospect has engaged with you or your brokerage. They called after a sign, they emailed, they met at an open house. Document that engagement. If you can't find prior engagement, you must get prior express written consent before texting.
2. Draft and Review Manually. Your system presents you with a draft text for each prospect. You read it. You review it against your compliance checklist: Does it include your identity and callback number? Does it include an opt-out path (STOP)? Is the copy natural and compliant (no “free,” no urgency language, no false scarcity)? Only after you approve do you send.
3. Use Your Verified 10DLC Number. Register your 10DLC number with all three major carriers. Complete the vetting process fully. Use that number for all prospecting texts. Never use an unverified short code or a number registered under a dummy business.
4. Maintain Opt-Out Records. When someone replies STOP, remove them from all future campaigns immediately. Keep a log of opt-outs. The FCC will audit this if you're ever investigated.
5. Avoid High-Risk Keywords. Don't say “free.” Don't use urgency language. Keep the message natural and personalized. “Hi [Name], I saw your listing at [Address]. Curious about market activity in your area—can I send you a quick comp report?” This is lower risk than “FREE market analysis for your home—limited time only!”

This pattern is compliant and defensible. It's not bulletproof—nothing is—but it's the best practice for real estate SMS at scale.

Recent FCC Actions and What They Tell Us

The FCC's enforcement activity in 2024–2025 offers a roadmap of what triggers investigation:

Common threads in FCC enforcement:

• Automated sending without PEWC (the core violation)
• Lack of opt-out mechanism or failure to honor opt-outs
• Texts sent to DNC-registered numbers
• No clear identification or callback number in the message
• Complaint volume that spurred carrier escalation
• Poor record-keeping or inability to produce PEWC documentation

The FCC is moving toward proactive screening. Carriers are reporting complaint rates and message-send patterns to regulators. If your 10DLC number is generating complaints at above the industry average (typically 0.1–0.3%), you'll be flagged for investigation. The time to fix this is before it happens.

Building Your Compliance Checklist

Use this list before deploying any SMS campaign:

• Do I have PEWC documentation for every recipient?
• Have I verified that no recipients are on the DNC unless I have an EBR?
• Does every message include my name, business name, and a valid callback number?
• Does every message include an opt-out mechanism (“Reply STOP to opt out”)?
• Have I registered a 10DLC number with all three major carriers and passed identity verification?
• Have I reviewed the message copy for high-risk keywords (free, limited time, act now, claim, winner)?
• Is the message sending manually with human review, not from an automated bulk-send system?
• Have I set up processes to log and honor opt-outs within 48 hours?
• Do I have a complaint escalation process in case recipients report spam?
• Have I documented the business rationale for each campaign and the list-sourcing methodology?

What Happens If You Violate: Real Costs

The statutory damages are real. Here's what you're facing:

• Per-text liability: $500–$1,500 per violation. One text to 1,000 people = $500,000–$1.5 million in potential liability.
• Injunctive relief: The FCC can order you to shut down your SMS infrastructure entirely while an investigation proceeds.
• Consent monitoring: If you settle, you'll be subject to FCC monitoring and compliance audits for 3–5 years. Quarterly reports, message audits, complaint tracking.
• Reputational damage: A public FCC enforcement action or news story about TCPA violations will harm your business brand and client trust.
• Insurance non-coverage: Most business liability policies explicitly exclude TCPA damages. You will be paying out of pocket.
• State attorney general enforcement: California's AG, New York's AG, and others have initiated parallel actions. California penalties can stack on top of federal TCPA penalties.

Even if you settle for $100K–$250K (the realistic range for a small to mid-size operation), you'll spend $50K–$150K in legal fees to negotiate and defend. The cost of compliance is vastly lower than the cost of violation.

The Manual-Send Advantage: Why It Matters for Your Strategy

Here's the insight that most agents miss: manual sending is not just a compliance checkbox. It's a prospecting advantage.

When you manually review each message before send, you naturally do several things:

• You catch list errors (wrong number, duplicate, STOP'd recipient) before they become TCPA violations.
• You personalize copy on the fly. Instead of a generic message, you might add “I saw your recent listing” or “The market's moved since you listed.” That personalization increases response rates by 3–5x compared to batch sends.
• You create natural variation in message copy, which helps you pass carrier spam filters.
• You build muscle memory. Over time, your intuition about what copy works and what copy gets flagged improves.
• You maintain agency. You're not dependent on a vendor's SMS platform or API. You're sending from your own verified number, on your own terms.

The compliance benefit is secondary. The prospecting benefit is primary. Teams that move to manual-send workflows often see response rates jump because the copy is better, the timing is better, and the whole dynamic feels more like a genuine agent-to-seller relationship than a blast campaign.

Next Steps: Building Your Compliant Prospecting Engine

If you're currently doing cold-outreach SMS or considering it, here's your roadmap:

1. Audit your current 10DLC number. Is it registered with all three carriers? Is your business identity verified? Check your carrier dashboard (usually available through your SMS vendor) for verification status and throughput limits.
2. Establish consent documentation. Set up a system to capture and store PEWC or EBR documentation for every prospect you text. A simple spreadsheet works: prospect name, phone, source of engagement, date of engagement, consent type. Don't guess.
3. Implement list-screening. Before you deploy a campaign, screen your prospect list against the current DNC Registry. Use a service like DNC scrubber to identify and remove DNC-listed numbers. Cost is typically $0.01–$0.02 per number. The compliance benefit is worth it.
4. Draft your compliance policy. Write down your SMS policy: when you send, to whom, with what message, and what opt-out process you use. Share it with your team. Make it part of your onboarding. This document will be requested if you're ever investigated.
5. Choose a platform that supports manual send. Many SMS platforms claim to be TCPA-compliant, but they're really just bulk-send tools. You need a platform that lets you draft, review, and send manually. Ideally, it integrates with your CRM and surfaces FSBO and expired lists, but doesn't let you hit a single “send to all” button.
6. Train your team. If you have other agents or a team, train them on TCPA rules, DNC compliance, and your internal policy. Make it clear that unauthorized texts will result in disciplinary action.

Conclusion: The Compliance Wall Is Real, But It's Navigable

The regulatory environment for SMS prospecting has tightened. The FCC's 2024 consent orders and carrier A2P 10DLC requirements have created a hard compliance wall. One mistake—a text to someone on the DNC, an automated send without PEWC, a message without an opt-out—and you're exposed to six-figure liability.

But the wall is navigable. The path is clear: get consent, verify lists, use a verified 10DLC number, send manually, document everything, honor opt-outs. It's not sexy. It's not a “scale at any cost” approach. But it's compliant, it's defensible, and it works.

For Bay Area agents, the compliance advantage is also a competitive advantage. Most agents are still blasting FSBOs and expires from unverified numbers without consent documentation. They're taking risk. You won't. Your prospecting will be slower but more effective, more compliant, and insulated from FCC action.

The Cold Outreach Engine is built on this principle: surface high-intent leads (FSBOs and expired listings), draft personalized copy, present to you for review, send manually from your verified number. Every step is TCPA-compliant by design. You're in control. The compliance burden is on the system, not on you.

If you're building a prospecting system in 2026, compliance is not an afterthought. It's the foundation. Build it right, and you'll have a scalable, sustainable engine that scales with you for the next five years.