How Do RCS Opt-Outs and Unsubscribe Work?

RCS Opt-Outs and Unsubscribe: Compliance Guide

Opt-in and opt-out compliance is critical for RCS. Here's what you need to know to stay compliant.

Opt-In Requirements

Explicit Consent Required

• You must obtain explicit opt-in before sending RCS messages
• Consent must be specific (not bundled with terms of service)
• Must clearly state message frequency and content type
• Must be documented and auditable

Acceptable opt-in methods:

• Web form with checkbox (unchecked by default)
• SMS keyword (e.g., "Text YES to 12345")
• In-store signup with clear disclosure
• Email confirmation
• Phone call with verbal consent (documented)
• Paper form with signature

Unacceptable opt-in methods:

• Pre-checked boxes
• Bundled with general terms of service
• Implied consent from purchase
• Purchased lists
• Assumed consent from existing relationship

What Counts as Opt-In

Single opt-in:

• Customer provides phone number and agrees to receive messages
• Can start sending immediately
• Lower compliance margin
• Higher opt-out rates

Double opt-in:

• Customer provides phone number
• Receives confirmation message
• Must reply YES to confirm
• Higher compliance margin
• Lower opt-out rates
• Industry best practice

Double opt-in is recommended for compliance and engagement quality.

Opt-Out Mechanisms

Required opt-out methods:

• Reply STOP (or equivalent keyword)
• Tap unsubscribe button in message
• Reply HELP for assistance
• Contact customer support

Must be:

• Easy to find and use
• Honored immediately (within 24 hours)
• Free for the recipient
• Available in every message

STOP keywords:

• STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, QUIT
• All must trigger opt-out
• Must process automatically
• Must send confirmation of opt-out

Opt-Out Processing

Timeline requirements:

• Process opt-outs within 24 hours (best practice)
• Maximum allowed: 10 days (regulatory requirement)
• Remove from all active campaigns immediately
• Add to suppression list permanently

What to do when someone opts out:

1. Stop sending marketing messages immediately
2. Send confirmation: "You've been unsubscribed. Reply HELP for help."
3. Add to suppression list (permanent)
4. Document the opt-out (timestamp, method, phone number)
5. Sync suppression list across all systems

Suppression Lists

What to include:

• Phone numbers that opted out
• Phone numbers that bounced
• Phone numbers that complained
• Invalid phone numbers
• Numbers on Do Not Call registries

Maintenance:

• Sync across all systems daily
• Check before every send
• Honor across all brands/divisions
• Retain indefinitely (for compliance)

Compliance Best Practices

Frequency caps:

• Don't send more than 4-6 marketing messages per month per recipient
• Adjust based on engagement (more for engaged, less for inactive)
• Honor "reduce frequency" requests

Timing restrictions:

• Avoid sending between 9 PM and 8 AM (recipient's time zone)
• Respect holidays and weekends (unless time-sensitive)
• Be mindful of work hours for B2B messages

Content guidelines:

• Identify yourself clearly in every message
• Include opt-out instructions in marketing messages
• Don't use deceptive subject lines
• Honor content preferences

Penalties for Non-Compliance

Carrier penalties:

• Message blocking (messages don't deliver)
• Brand verification revocation
• Fines ($1,000-$10,000+ per violation)
• Account suspension

Regulatory penalties:

• TCPA violations: $500-$1,500 per message
• GDPR violations: up to 4% of annual revenue
• State-specific penalties vary
• Class action lawsuit risk

Reputation damage:

• Customer complaints
• Negative reviews
• Loss of trust
• Difficulty acquiring new customers

Industry-Specific Requirements

Healthcare (HIPAA):

• Explicit consent for health information
• Minimum necessary disclosure
• Audit trails for all messages
• Business associate agreements

Financial Services:

• GLBA compliance
• Opt-in for promotional offers
• Transactional messages allowed with existing relationship
• Disclosure requirements

Age-Restricted Content:

• Age verification required (alcohol, cannabis, gambling)
• Additional consent documentation
• Time-of-day restrictions
• Geographic restrictions

Audit Trail Requirements

You must be able to prove:

• When opt-in was obtained
• What was disclosed at opt-in
• How opt-in was given (web, SMS, in-store)
• What messages were sent
• When opt-outs were processed
• Current suppression list status

Recommended retention: 3-5 years for compliance documentation.

Working with Your RCS Provider

Provider responsibilities:

• Process STOP keywords automatically
• Maintain suppression lists
• Provide opt-out reporting
• Enforce compliance rules
• Handle unsubscribe confirmations

Your responsibilities:

• Obtain proper opt-in
• Send only to opted-in recipients
• Honor opt-outs across all systems
• Maintain your own suppression lists
• Document consent

Common Compliance Mistakes

Using purchased lists Always a bad idea. Even if numbers are opted-in elsewhere, you don't have documented consent.

Not honoring opt-outs across systems Customer opts out of SMS but still gets email? That's a violation.

Burying opt-out instructions Must be clear and easy to find, not buried in fine print.

Ignoring "reduce frequency" requests Customer asks for fewer messages but you keep sending? Violation.

Not updating suppression lists Old list with opted-out numbers still being messaged? Violation.

The Bottom Line

Opt-in and opt-out compliance is not optional. It's a legal requirement with serious penalties for violations. Work with your RCS provider to ensure proper compliance, but remember that ultimate responsibility lies with you.

Best practices:

• Use double opt-in
• Honor opt-outs immediately
• Maintain clean suppression lists
• Document everything
• Train your team on compliance

Need help building a compliance framework for your RCS campaigns? I can help you design opt-in flows, suppression list management, and audit trail systems.