Text Message Spam Approaches: Canada vs America
I have recently been developing something in the realm of automated text messaging (sometimes called A2P or application to person). I started building my MVP in Canada, and things were so simple. I use the largest programmable SMS provider and sending messages to Canadian numbers works with very little setup. There are virtually no safeguards in place between me programming an automated text and it being delivered to my phone. Of course, there are laws with consequences if you send unsolicited texts, or try to mass spam people, but those are only good if the enforcement is seen as a real risk, and in particular are difficult to enforce.
After developing my product for a few weeks, I decided to try it out using an American phone number (I still have a number from when I lived in Minneapolis) and the messages were immediately rejected by the Carrier. I looked into why, and it seems there was a recent change that required all 10DLC (standard 10 digit) phone numbers to register their use case with a central authority before any texts are allowed through. This registration process is managed by a company called "The Campaign Registry" - they are the clearing house for text message deliverability and their database is used by all major carriers (eg - T-Mobile, AT&T) in the USA.
My beautiful SMS-based application would not work in America - so much for the land of the free. I was initially frustrated by what appeared to be bunch of required paperwork (submitting campaign, registering a proper business, etc) but have come around on the value added. Text messaging is a communication medium with an incredibly high success rate and a good degree of trust. This trust is being maintained by carriers and businesses constantly fighting back against what seems to be a stream of bad actors trying to spam and phish their way to easy money.
Let's contrast how spam-fighting works in Canada and America.
Canada 🇨🇦
- Canadian Radio-television and Telecommunications Commission (CRTC): Governs telecommunications and enforces the Canadian Anti-Spam Legislation (CASL).
- Canadian Wireless Telecommunications Association (CWTA): Represents the wireless industry and provides best practices similar to CTIA.
- Canada maintains a Do Not Call List that you can register for, but this doesn't seem to help with Spam via SMS (text messages).
America 🗽
- The Cellular Telecommunications and Internet Association (CTIA) is a trade association representing the wireless communications industry in the United States.
- It provides guidelines and best practices for A2P SMS to ensure consumer protection and industry standards.
- The allowlist for (automated) A2P messages is maintained by The Campaign Registry and is used by all major carriers.
The CTIA guiding principles are particularly inspiring (you can find this on their beautiful website):
- Consumers can exchange wanted messages with other Consumers;
- Non-Consumers and Consumers can exchange wanted messages; and
- Consumers are protected from Unwanted Messages.
These three principles guide their decisions, and it seems to be working - they blocked me at least!
Becoming Compliant
If you want to send texts to Americans, you need to jump though some compliance hoops. I applied for acceptance into The Campaign Registry. My use case is quite a bit different than the templates they provide which are mostly for simple 2FA apps or purchase notifications. I was building a smart AI that can potentially text you back anything you can imagine. Here's a copy of the submission I made to The Campaign (I managed the process through my SMS provider). You need to describe both end user consent, and typical messages the campaign might send.
To be frank, I did not expect that this would be approved since it is such a wild use case, but after a back and forth and two separate charges for submission fees, I got approved! It feels fantastic to be compliant and a good citizen in the world of SMS especially with such a weird use case. I'm excited that the Campaign Registry doesn't mind allowing AI on the airwaves for text messaging (as long as you follow certain rules).
Regulatory Differences Summarized: 🇨🇦 vs 🗽
I think the difference in approaches to fighting SMS spam between Canada and America can be viewed as an "denylist" and "allowlist" approach. If you are living in the Great North and have a cell phone, you have experienced the abject failure of a "denylist" approach. Lots of people receive spam - do they ever report it? This is a complex subject, but in my humble opinion, it's worth us taking another look. The American model hands over a lot of control to a private company (they can shut me down at any time) but I am not confident that the current approach is good enough.
The journey of developing an automated text messaging application has shown me the stark contrasts between the regulatory landscapes of Canada and the United States. While Canada’s more laissez-faire approach allows for easier entry but less control over spam, America’s stringent compliance requirements ensure a higher level of trust and security, albeit at the cost of increased bureaucracy. As we move forward, it's crucial to continue refining these frameworks to address the evolving threats in the digital communication landscape, and I really hope we can get it right.