149 countries · crypto-native · no KYC

SMS for Debt Collection: The Compliance Rules That Keep You Legal

Texting debtors is legal and effective. But it's also one of the fastest ways to rack up statutory penalties if you get the rules wrong. Here's what Reg F, the FDCPA, and TCPA actually require.

$0.035/msg from sub-100ms median 98.6% delivered
SMS for Debt Collection: The Compliance Rules That Keep You Legal — smsroute
$0.004
per SMS from
149
countries
60s
to first message
6
crypto rails
SMS debt collection compliance starts from good news: texting debtors is explicitly permitted. The CFPB's Regulation F modernized the FDCPA to allow text and email, and it works, improving recovery by meeting people on the channel they actually read. It is also a compliance minefield where a single wrong message carries $500-1,500 in TCPA statutory damages, multiplied across every recipient. Three regimes stack here: the FDCPA (as updated by Reg F) governs collection conduct, TCPA governs consent and automated contact, and state laws add more. Miss any and 'effective' becomes 'expensive' fast. For the authoritative reference, see the TCPA.

Legal, effective, and heavily regulated at once

This guide is the compliance spine, not legal advice. Verify against current CFPB guidance and your counsel before sending. But these are the rules that catch collectors, laid out plainly.

The rules that actually catch people

The rules that actually catch people — comparison diagram
Rule What it requires Source
7-in-7 frequency More than 7 communications in 7 consecutive days creates a rebuttable presumption of harassment Reg F
Quiet hours No contact before 8 a.m. or after 9 p.m. in the consumer's local time Reg F / FDCPA
Validation notice Required disclosures, especially in the initial communication, before collecting FDCPA / Reg F
Opt-out Honor STOP or any reasonable method promptly; suppress future contact Reg F / TCPA
Consent + automated contact TCPA rules on consent for automated messaging; statutory damages per violation TCPA
Cease-and-desist A consumer's cease request goes beyond a keyword opt-out and must be honored FDCPA

The two that surprise people: the 7-in-7 rule caps total communications tightly (harassment is presumed past it), and the local-time quiet-hours requirement means you must know each debtor's time zone — a 9:30 p.m. text to someone whose zone you guessed wrong is a violation. Automate both as hard constraints, not guidelines. Use area code lookup or IP geolocation to set time zones, but remember daylight saving time shifts can break automated rules if your system does not update for spring and fall changes.

Building a compliant collection flow

  1. Verify consent and identity firstConfirm you have a lawful basis to text this number and that it belongs to the right person. A number lookup helps flag reassigned numbers, which are a distinct TCPA liability in collections.
  2. Enforce quiet hours by local timeResolve each recipient's time zone and block sends outside 8 a.m.-9 p.m. local. Bake it into the send layer so no message can violate it, ever.
  3. Cap frequency automaticallyCount communications per consumer per rolling 7 days and stop before the 7-in-7 threshold. This is a per-recipient rate limit: the token-bucket pattern applied to compliance rather than fraud.
  4. Handle opt-out and cease broadlySTOP and plain-language opt-outs suppress immediately across all channels, per our opt-out handling. Treat any cease-and-desist as a full stop that goes beyond a marketing unsubscribe.

Log everything: consent, every message sent, every opt-out, with timestamps. In a collections dispute the burden of proof is on you — a timestamped log is what turns 'we sent a notice' into evidence. Each log entry should include phone number, timestamp, message content, consent source, and opt-out keyword. Retain these records for at least 3 years per FDCPA requirements.

Content and delivery, done right

SMSRoute is a no-KYC SMS API with crypto billing (BTC, ETH, USDT, XMR, LTC, and SOL) — the delivery layer beneath a compliant collection flow, not the compliance engine itself. The quiet-hours logic, frequency caps, consent records, and cease handling are yours to build and own; we deliver the messages reliably once your rules have cleared them. Done right, SMS is genuinely one of the most effective collection channels there is. Done carelessly, it is a $500-per-text liability generator running unattended — the difference is entirely in the rules above.

SMSRoute's published route pages list delivery from $0.004/message (premium direct-carrier corridors up to $0.035) with sub-100ms median submission and ~98.6% delivered success (smsroute.cc route pages, 2026).

FAQ

Is it legal to text someone about a debt?
Yes. The CFPB's Regulation F explicitly permits debt collectors to use SMS, provided they comply with the FDCPA, TCPA, and state laws on consent, content, timing, frequency, and opt-out. The required disclosures (validation notice) and consumer protections must be honored, and texting itself is a permitted channel.
What is the 7-in-7 rule for debt collection texts?
Under Regulation F, more than seven communications with a consumer within seven consecutive days creates a rebuttable presumption of harassment. In practice, collectors cap total contacts per consumer per rolling seven-day window and stop before the threshold to avoid the presumption — enforce it automatically in your send layer.
What hours can debt collectors send texts?
Only between 8 a.m. and 9 p.m. in the consumer's local time zone, per Regulation F and the FDCPA. This means you must resolve each recipient's time zone and block any send outside that window — a text at the wrong local hour is a violation, so it should be a hard constraint in your system, not a guideline.
How must debt collectors handle opt-outs by text?
Honor STOP or any reasonable opt-out method promptly and suppress all future contact. Additionally, a consumer's cease-and-desist request under the FDCPA goes beyond a simple keyword unsubscribe and must be fully honored. Log every opt-out with a timestamp, since the burden of proving compliance falls on the collector.

Send your first SMS in 5 minutes

No KYC. Pay with BTC, ETH, USDT, XMR, LTC, and SOL. Live routes to 149 countries.

Get an API key →