Compliance
All message content is validated against carrier compliance rules before sending. Messages that violate these rules are rejected immediately. These restrictions apply to both the content of the message and the nature of the business sending it.
How it works
- You submit a message with a
bodyfield - The API analyzes the content before sending
- If the content is compliant, the message proceeds normally
- If violations are detected, the request is rejected with a
400response
SHAFT rules
The API evaluates message content against categories of prohibited content collectively known as SHAFT:
| Category | Description | Exceptions |
|---|---|---|
| S — Sex/Adult | Sexually explicit or adult-oriented content | None |
| H — Hate | Hate speech, harassment, or discriminatory content | None |
| A — Alcohol | Promotion of alcohol products | Allowed in the US on all number types with proper age-gating (date-of-birth input, not a yes/no question). Blocked into Canada without a carrier exemption. |
| F — Firearms | Promotion or sale of firearms and weapons | Not allowed on any number type regardless of age-gating. Gun advocacy groups are not considered firearms content. |
| T — Tobacco | Promotion of tobacco or vaping products | Tobacco allowed on Short Code with age-gating only. Vape/e-cigarettes are not allowed on any number type. |
Forbidden business categories
Certain business types are prohibited from using SMS/MMS messaging entirely, regardless of message content. Even transactional or 2FA messages are not permitted from these categories.
| Category | Examples | Notes |
|---|---|---|
| High-risk financial services | Payday loans, short-term high-interest loans, third-party loans, cryptocurrency, stocks/investing platforms | Third-party loan soliciting is forbidden. Crypto/stock businesses may only send 2FA or transactional messages. First-party loan content is acceptable if non-promotional. |
| Third-party lead generation | Buying/selling consumer data, affiliate lending, affiliate marketing, deceptive marketing | Consent must be obtained directly from end-users. Any business whose terms mention sharing or selling consumer data is non-compliant. |
| Debt collection or forgiveness | Third-party debt collection, debt consolidation, debt reduction, credit repair | First-party debt messaging with direct consent is allowed. Debt consolidation and credit repair are prohibited regardless of consent. |
| "Get rich quick" schemes | Work-from-home scams, risk investment opportunities, pyramid schemes, mystery shopping | Any use case promising minimal effort for maximum/guaranteed financial gain. |
| Illegal substances | Cannabis, CBD, kratom, vape/e-cigarettes, drug paraphernalia, fireworks | Prohibited regardless of federal or state legality. All use cases are disallowed, including 2FA. |
| Prescription drugs | Any drug requiring a prescription | Forbidden regardless of whether the business is a licensed professional. |
| Gambling | Casino apps, gambling websites, sweepstakes, 50/50 raffles, sports betting | Prohibited in the US and Canada on all number types. Community/local bingo messaging is permitted. |
URL and link restrictions
Shared or free public URL shorteners (such as bit.ly, tinyurl.com, goo.gl, etc.) are not permitted and will cause your messages to be filtered by carriers. If you need to shorten URLs, use a company-branded shortener on your own domain.
Messages containing links from public URL shorteners will be silently filtered by carriers and may never reach the recipient.
Additional content checks
Beyond the categories above, the API also checks for:
- Phishing — Messages that attempt to deceive recipients into revealing personal information
- Fraud — Content designed to mislead or scam recipients
- Malicious URLs — Links to known malicious or deceptive websites
Character validation
The API validates that the message body contains only supported characters. Unsupported control characters or special symbols are rejected with error code 33016.
Error response
Non-compliant messages return error code 33019:
{
"code": 33019,
"message": "Message content violates messaging compliance rules",
"status": 400,
"moreInfo": "https://docs.smsfactory.com/docs/error-codes"
}Best practices
- Know your business category. Some business types are prohibited entirely — verify your eligibility before integrating.
- Obtain direct consent. Consent must come directly from the end-user. Purchased lists, voter databases, and third-party opt-ins are not valid.
- Include opt-out instructions. For marketing messages, always include language like "Reply STOP to opt out."
- Use branded URLs only. Never use shared URL shorteners like bit.ly. Set up a shortener on your own domain if you need short links.
- Implement age-gating where required. Alcohol-related messaging requires date-of-birth verification (not a simple yes/no confirmation).
- Review content before sending. Ensure your messages don't accidentally contain language that could be flagged.
- Test with real content. Validate your actual message templates by sending test messages before launching campaigns.
Updated 3 days ago