Is Cold Texting Illegal? The Nuanced Answer Most Guides Get Wrong
You just fired off 500 "quick intro" texts to a prospect list your SDR bought last week. Each one carries $500-$1,500 in potential TCPA liability. That's up to $750,000 in exposure from a single campaign, and the enforcement surge that ramped through 2025 hasn't slowed down one bit in 2026.
The Quick Answer
Marketing texts without prior express written consent are illegal under the TCPA. Penalties run $500-$1,500 per text. B2B texting isn't automatically exempt either - dual-purpose mobile numbers trigger the same consent rules as consumer lines. And 10DLC registration? That's a carrier requirement, not a legal shield. It gets your texts delivered. It doesn't make them lawful.
If cold texting is too risky for your outreach motion, cold email under CAN-SPAM is far more permissive. You don't need SMS-style opt-in to send a cold email - you just need accurate sender info, a physical address, and a working unsubscribe. If you're building a multi-channel outbound motion, start with proven sales prospecting techniques that don't rely on SMS.
What the TCPA Actually Requires
The Telephone Consumer Protection Act creates a tiered consent system that trips up even experienced marketers:
| Consent Level | When Required | How to Obtain |
|---|---|---|
| PEWC (Prior Express Written Consent) | Marketing texts via autodialer | Written opt-in, clear disclosure |
| PEC (Prior Express Consent) | Informational/transactional texts | Verbal consent or voluntarily providing number |
| Prior express invitation/permission (in writing) | Marketing to DNC numbers (unless EBR applies) | Written invitation/permission or established business relationship |
Penalties compound faster than most teams realize. The baseline is $500 per violation - per text, not per campaign. Willful violations triple to $1,500. A 500-text campaign with willful violations? $750,000 from a single afternoon's work. The statute of limitations runs four years, so a class action can reach back and aggregate years of texts into one lawsuit. TCPA litigation climbed nearly 95% through 2025, with class actions spiking 285% in September alone.
The established business relationship exception has tight windows worth memorizing: 90 days after an inquiry, 18 months after a transaction. Miss those windows and you need fresh consent. No exceptions. We've watched teams assume a six-month-old inbound lead still counts. It doesn't after day 90.
The B2B Myth
Here's the thing: every SDR manager we've talked to assumes B2B texting lives in some legal safe harbor. It doesn't. If you're still considering it, compare the risk profile against other channels like cold calling and email.
The problem is dual-purpose mobile numbers. When you text a VP of Sales on their cell phone, that number is often also their personal line. Cell phones are treated as residential for Do Not Call purposes, so B2B texts can still trigger DNC rules when the number serves residential purposes - even if it's sometimes used for business.
It gets worse at the state level. Arizona, Louisiana, New Jersey, Texas, and Wyoming restrict even manually dialed marketing calls and texts, so the "we're not using an autodialer" defense doesn't hold everywhere.
If your average deal size is under $25K, the TCPA risk math on unsolicited SMS never works in your favor. One complaint wipes out dozens of closed deals. Save texting for prospects who've opted in, and use email for cold outreach. If you're tightening your outbound process, build a repeatable lead generation workflow so compliance doesn't get skipped.
Cold texting exposes you to $500-$1,500 per message in TCPA liability. Cold email under CAN-SPAM requires no prior opt-in - just accurate sender info and a working unsubscribe. Prospeo gives you 98% verified emails across 300M+ profiles for ~$0.01 each, so you can run compliant outbound at scale without risking a single SMS lawsuit.
Replace TCPA risk with compliant cold email that actually connects.
10DLC Doesn't Equal Legal Permission
This misconception is everywhere - especially on Reddit, where real estate wholesalers routinely ask if 10DLC registration plus DNC scrubbing makes cold texting "alright." In that thread, the poster describes being 10DLC compliant, not contacting the DNC list, scrubbing litigators, and including opt-out language. Basically treating operational hygiene as a substitute for consent.
Use 10DLC for getting your texts actually delivered. As of February 2025, US carriers block all text traffic from unregistered 10DLC numbers.
Don't treat 10DLC as a legal defense. It's carrier infrastructure, not consent. Being registered means your messages reach the inbox. It says nothing about whether you had permission to send them.
What Changed in 2025 - and Carries Into 2026
The legal ground shifted dramatically through 2025, and every change carries forward:
McLaughlin v. McKesson (June 2025): The Supreme Court ruled that district courts aren't bound by FCC interpretations in civil TCPA cases. Courts can now interpret the TCPA differently from what the FCC says - and they do.
Circuit split on texts as "calls": On the same day, Jones v. Blackstone (Illinois) ruled texts don't qualify as "telephone calls" under TCPA do-not-call rules, while Wilson v. Skopos (Oregon) ruled the opposite. Your liability depends on your jurisdiction.
11th Circuit vacates one-to-one consent rule (January 2025): The FCC's lead-generation consent rule was struck down, removing a layer of protection that would've required sellers to get individualized consent from lead-gen forms. This makes lead-bought lists even murkier legally - especially if you're wondering whether list buying is allowed at all (see: Is It Illegal to Buy Email Lists?).
FCC consent revocation rules: Consumers can revoke consent by any reasonable method, including replying STOP or UNSUBSCRIBE. Cross-channel revocation effects took full force in April 2026.
Texas SB 140 (September 2025): Texas expanded "telephone solicitation" to include text messages - covering manual texting, not just autodialers. The law requires a $200 registration fee and $10,000 security bond, enforces 9am-9pm quiet hours, and applies to anyone texting into Texas regardless of location. A November 2025 settlement has been described as exempting consent-based marketing texts from some Chapter 302 registration/bond/reporting requirements, while other Texas telemarketing rules still apply.
More than 15 states now have mini-TCPA statutes, and the trend is toward more regulation, not less. The compliance floor got higher in 2025, and nothing in 2026 has brought it back down.
International Cold SMS Rules
UK (PECR Regulation 22): Marketing texts to individuals require specific consent. B2B texts to companies are allowed, but sole traders and some partnerships are treated as individuals, so consent rules apply to them too. The "soft opt-in" exception lets you text existing customers about similar products if you offered opt-out at collection. ICO guidance has been under review since the Data (Use and Access) Act passed in June 2025.
Canada (CASL): Implied consent lasts two years after a purchase and six months after an inquiry. After that, you need express consent. Every message needs sender identification and a working unsubscribe mechanism.
Compliant Alternatives to Cold Texting
The good news: compliant outreach channels exist, and some are more effective than unsolicited SMS anyway. If you want a deeper breakdown of the channel itself, see our guide on cold texting.
Build Proper Opt-In Flows
The most straightforward path is collecting proper opt-ins. Build PEWC-compliant consent flows with clear disclosure language, standalone opt-in checkboxes, and auditable records. Once you have written consent, you can run compliant SMS campaigns within those boundaries.
Transactional and informational texts - order confirmations, appointment reminders, account updates - require only the lower PEC standard, not full written consent. And if someone inquired in the last 90 days or purchased in the last 18 months, your established business relationship gives you a window. Use it before it expires.
Switch to Cold Email
Look, this is the move we recommend for most B2B teams. Cold email under CAN-SPAM is far more permissive than SMS - you don't need opt-in consent, just accurate sender info, a physical address, and a working unsubscribe. We've seen teams pivot from SMS to cold email in under a week once they understand the risk math, and their pipeline doesn't skip a beat. If you need a structure for sequencing, start with a B2B cold email sequence.
Cold email only works if your data is clean, though. Bounced emails tank your domain reputation, and a burned domain is worse than no outreach at all. Prospeo delivers 98% verified email accuracy at roughly $0.01 per lead, with a free tier and no contracts - making it the fastest way to pivot from risky SMS to compliant email outreach. If you're troubleshooting performance, use these email bounce rate benchmarks and fixes, and follow an email deliverability guide to keep inbox placement stable.
Skip cold texting entirely if your team doesn't have a dedicated compliance resource reviewing every campaign. The penalties are per-message, the statute of limitations is four years, and the plaintiff's bar is paying very close attention. For teams under $50K ACV, the risk-reward ratio simply doesn't justify it when cold email is sitting right there. If you're scaling volume, keep an eye on email velocity so you don't torch your sender reputation.
If your deal size is under $25K, one TCPA complaint wipes out dozens of closed deals. Teams using Prospeo's verified email data book 35% more meetings than Apollo users - with bounce rates under 4% and zero domain flags. Skip the SMS legal minefield entirely.
Stop gambling on texts. Start booking meetings with verified emails.
FAQ
Is B2B cold texting legal?
Not automatically. Business cell phones are often dual-purpose personal lines, which means TCPA consent and DNC rules still apply. States like Arizona, Texas, and New Jersey restrict even manually dialed marketing texts. Treat B2B mobile numbers with the same caution as consumer numbers.
Does 10DLC registration make cold texting legal?
No. 10DLC is a carrier deliverability requirement - it ensures your texts get delivered, not that they're lawful. You still need TCPA-compliant consent before sending marketing messages. Think of 10DLC as the postal service accepting your mail; it doesn't mean the contents are legal.
What's the safest channel for cold B2B prospecting?
Cold email under CAN-SPAM is the lowest-risk, highest-reach option - no opt-in consent required, just accurate sender info and a working unsubscribe. Pair it with verified contact data to protect your sender reputation and keep bounce rates under control.