What Is A2P SMS? Application-to-Person Messaging Explained
Learn what A2P SMS is, how it differs from P2P messaging, regulatory requirements under TCPA, 10DLC registration mandates, and common A2P use cases.
What Is A2P SMS?
A2P SMS (Application-to-Person SMS) is any text message sent from a software application to an end-user's mobile phone. Unlike P2P (person-to-person) messages exchanged between two individuals using their native messaging apps, A2P messages originate from business platforms, APIs, or automated systems. Carriers, regulators, and industry bodies treat A2P traffic fundamentally differently from P2P traffic in terms of routing, pricing, filtering, and legal obligations.
A2P vs P2P: Core Differences
| Dimension | A2P (Application-to-Person) | P2P (Person-to-Person) |
|---|---|---|
| Origin | Software platform, API, or automated system | Human typing on a personal device |
| Direction | Typically one-way or request-triggered | Conversational, bidirectional |
| Volume | High — hundreds to millions of messages per day | Low — normal conversational patterns |
| Sender identity | Short code, toll-free number, or registered 10DLC | Personal mobile number |
| Consent requirements | Prior express written consent (TCPA) | None beyond social norms |
| Carrier treatment | Subject to A2P surcharges and filtering | Standard messaging rates |
| Registration | Required (10DLC, short code, or toll-free verification) | Not required |
The distinction matters because sending A2P traffic over channels designed for P2P messaging — sometimes called "grey route" or "snowshoe" sending — violates carrier acceptable use policies and can result in number deactivation, campaign suspension, or legal liability.
How Carriers Classify A2P Traffic
U.S. carriers (AT&T, T-Mobile, Verizon) and their filtering vendors use multiple signals to distinguish A2P from P2P traffic. No single signal is deterministic; carriers evaluate a weighted combination.
Technical Signals
- API origin. Messages submitted through a CPaaS API (Twilio, Bandwidth, Vonage, etc.) are flagged as A2P by default, regardless of content.
- Volume and burst patterns. Sending more than a few dozen messages per hour from a single number triggers A2P classification heuristics.
- Time-of-day clustering. Legitimate P2P traffic is distributed across waking hours. Batch sends concentrated in narrow windows signal automation.
- Identical or templated content. Messages with the same body sent to multiple recipients are a strong A2P indicator.
- Number type. Short codes and toll-free numbers are inherently A2P. Long codes (10-digit numbers) are presumed P2P unless registered for A2P through 10DLC.
Content Patterns
- URL presence. Links — especially shortened URLs — increase the A2P confidence score.
- Call-to-action language. Phrases like "Reply STOP to unsubscribe" or "Use code 482917" are A2P markers.
- Opt-out footers. Ironically, including a compliant opt-out instruction confirms the message is A2P.
- Brand references. Mentions of company names, product names, or order/tracking numbers signal business-originated traffic.
The Gray Zone: Virtual Numbers
A gray area exists around virtual phone numbers — 10-digit long codes provisioned through VoIP or CPaaS providers. These numbers can be used by individuals for personal communication or by businesses for A2P campaigns. Carriers historically lacked visibility into this distinction, which led to widespread abuse of unregistered long codes for bulk messaging.
The introduction of 10DLC registration resolved this ambiguity. As of February 2025, all A2P traffic sent over 10-digit long codes must be registered through The Campaign Registry (TCR). Unregistered long-code traffic is either blocked outright or subject to severe throttling by all major U.S. carriers.
Legal Framework: TCPA and the ATDS Question
TCPA Consent Requirements
The Telephone Consumer Protection Act (TCPA) of 1991 is the primary federal statute governing A2P messaging in the United States. The law distinguishes between different message types and imposes escalating consent requirements.
| Message Type | Required Consent Level | Example |
|---|---|---|
| Transactional / Informational | Prior express consent | Shipping notifications, account alerts, appointment reminders |
| Marketing / Promotional | Prior express written consent | Sales offers, coupons, product announcements |
| Emergency | No consent required | Fraud alerts, safety notifications from government entities |
Prior express written consent requires a signed (including electronic signature) agreement that:
- Clearly authorizes the specific sender to deliver messages.
- Includes the phone number to receive messages.
- Discloses that messages may be sent using automated technology.
- States that consent is not a condition of purchase.
Violations carry statutory damages of $500 per unsolicited message, trebled to $1,500 per message for willful violations. Class action litigation under TCPA remains one of the most active areas of U.S. consumer law.
The 2021 Facebook v. Duguid ATDS Ruling
In Facebook, Inc. v. Duguid (2021), the U.S. Supreme Court narrowed the definition of an automatic telephone dialing system (ATDS) under TCPA. The Court held that a device must have the capacity to store or produce phone numbers using a random or sequential number generator to qualify as an ATDS. Systems that merely store and dial numbers from a pre-existing list — which describes virtually every modern A2P messaging platform — do not meet the ATDS definition.
The practical effect: TCPA's ATDS-specific restrictions (which carry the highest penalties and allow private right of action without proving actual harm) apply to a much narrower set of technologies than previously assumed. However, the ruling did not eliminate consent requirements for A2P messaging. The FCC's 2024 one-to-one consent rule, CTIA guidelines, and carrier filtering policies continue to require robust consent management regardless of the ATDS classification.
10DLC Registration Mandate
What Is 10DLC?
10DLC (10-Digit Long Code) is the carrier-mandated registration framework for A2P messaging over standard 10-digit phone numbers in the United States. It is administered by The Campaign Registry (TCR) and enforced by all major U.S. carriers.
Registration Requirements
As of February 2025, all A2P SMS traffic sent over 10-digit long codes must be registered through 10DLC. There are no exceptions — unregistered A2P traffic is blocked or throttled to unusable levels.
Registration involves two steps:
| Step | What Is Registered | Key Information Required |
|---|---|---|
| Brand registration | The business entity sending messages | Legal name, EIN/tax ID, website, vertical, entity type |
| Campaign registration | The specific messaging use case | Use case type, sample messages, opt-in flow description, message volume estimate |
TCR assigns a trust score to each brand based on entity verification, business age, and other factors. This trust score directly determines throughput limits.
Trust Scores and Throughput
| Trust Score | Messages per Second (T-Mobile) | Daily Cap (AT&T) |
|---|---|---|
| Low (1-24) | 0.2 MPS (1 message per 5 seconds) | 2,000 messages/day |
| Medium (25-49) | 1 MPS | 10,000 messages/day |
| Medium-High (50-74) | 10 MPS | 75,000 messages/day |
| High (75-100) | 75+ MPS | 150,000+ messages/day |
Sole proprietors and unverified small businesses typically receive low trust scores. Large enterprises with established EINs and clean messaging histories receive high scores. Trust scores can be appealed through a re-vetting process, though results are not guaranteed.
For a deeper dive into 10DLC registration, trust scoring, and campaign types, see What Is 10DLC?.
Common A2P SMS Use Cases
A2P messaging spans virtually every industry. The following categories represent the most common campaign types registered through TCR.
Authentication and Security
- One-time passwords (OTP). Time-sensitive codes for login verification or transaction authorization.
- Two-factor authentication (2FA). Secondary verification layer sent after password entry.
- Fraud alerts. Automated notifications of suspicious account activity.
Transactional Notifications
- Shipping and delivery updates. Tracking numbers, estimated delivery times, delivery confirmations.
- Appointment reminders. Healthcare, salon, automotive, and professional service reminders with confirmation options.
- Order confirmations. Purchase receipts, booking confirmations, and reservation details.
- Account alerts. Balance notifications, payment due dates, subscription renewals.
Marketing and Engagement
- Promotional campaigns. Sales announcements, discount codes, product launches.
- Loyalty programs. Points balance updates, reward redemptions, exclusive offers.
- Re-engagement. Cart abandonment reminders, win-back campaigns.
Operations and Logistics
- Dispatch notifications. Ride-share ETAs, delivery driver assignments, field service scheduling.
- Internal alerts. System monitoring alerts, on-call notifications, shift reminders.
- Survey and feedback. Post-interaction satisfaction surveys, NPS collection.
A2P Pricing vs P2P
A2P messaging carries costs beyond standard per-message fees. The total cost stack includes multiple layers.
Cost Components
| Cost Layer | Description | Typical Range |
|---|---|---|
| CPaaS per-message fee | Base rate charged by the messaging provider (Twilio, Bandwidth, etc.) | $0.0075 - $0.02 per segment |
| Carrier A2P surcharge | Per-message fee imposed by the destination carrier | $0.003 - $0.005 per message |
| TCR brand registration | One-time fee for brand vetting | $4 (standard) / $40+ (enhanced vetting) |
| TCR campaign fee | Monthly fee per registered campaign | $10/month (standard use cases) |
| TCR monthly fee | Ongoing brand registration maintenance | $2 - $4/month |
P2P Comparison
Standard P2P messaging between consumer devices is bundled into carrier rate plans at no incremental per-message cost. There are no registration fees, no surcharges, and no throughput restrictions beyond normal device-level rate limits. This cost differential is a primary driver behind attempts to send A2P traffic over P2P channels — a practice that carrier filtering and 10DLC enforcement are specifically designed to prevent.
Surcharge Trends
Carrier A2P surcharges have increased steadily since their introduction. AT&T, T-Mobile, and Verizon each set their own surcharge schedules and adjust them periodically. Mixed-use campaigns (combining marketing and transactional messages) are charged at the higher marketing surcharge rate by most carriers, making campaign segmentation a cost optimization strategy.
Key Takeaways
| Topic | Summary |
|---|---|
| Definition | A2P SMS is any message sent from a software application to a person's phone |
| Classification | Carriers use API origin, volume patterns, content analysis, and number type to identify A2P traffic |
| Legal requirement | TCPA requires prior express written consent for marketing A2P; prior express consent for transactional A2P |
| ATDS ruling | Facebook v. Duguid (2021) narrowed the ATDS definition but did not remove consent obligations |
| 10DLC mandate | Since February 2025, all A2P over long codes must be 10DLC-registered — no exceptions |
| Throughput | Trust scores directly control messages-per-second limits; low trust = severe throttling |
| Pricing | A2P carries carrier surcharges + TCR fees on top of per-message rates; P2P is bundled in consumer plans |
Further Reading
- What Is 10DLC? — Brand/campaign registration, trust scores, throughput limits, and the full TCR workflow.
- TCPA & CTIA Compliance — Federal law, CTIA policy, consent collection best practices, and opt-out handling.
How SMS Works: PSTN, SS7, and Message Routing Explained
A technical guide to how SMS messages travel through the PSTN, SS7 signaling, SMSC routing, SMPP protocol, and how virtual numbers connect to carrier networks.
What Is 10DLC? The Complete Guide to Campaign Registration
Everything you need to know about 10DLC registration: The Campaign Registry (TCR), brand vetting, campaign types, trust scores, throughput limits, and carrier enforcement.