New SMS restrictions in the USA (aka 10DLC )

If your business utilizes SMS for any kind of messaging, you may be aware of new registration requirements and rules in the USA. In this article, I will discuss how GoToMyAccounts plans to respond.


GoToMyAccounts presently only utilizes SMS for account recovery and/or verification. In addition to SMS, users can also make use of Email, Signal, and Telegram.


Although our use of SMS for account recovery is obviously low-risk, the compliance cost and risk of costly fines make the technology unattractive and burdensome. Personally, I don't like SMS because it's not very private or secure - which is the whole point of using it for account recovery.


SMS 2FA Temporarily Unsupported

At present. we have no choice but to temporarily disable our use of SMS as a secondary account recovery method. All accounts can continue to use Email as a primary account recovery method with Signal Private Messenger and Telegram as available secondary methods.


Future Plans for SMS Integrations

GoToMyAccounts could go through the 10DLC registration process, but that would only allow us to send messages for our own domain and brand. If we allowed customers to send through our number, the telecoms could fine us anywhere from 10,000 USD to 50,000 USD for each violation. It's just not worth it and way too risky to use SMS in the way we were doing it previously.


Two new options for the future...


Customer Managed Twilio Account/API

Customers (portal admin) will need to signup for a Twilio account, procure a sending number, and go through the 10DLC registration process. We will then have a settings page in the portal app to configure the Twilio account API credentials. Once setup, customers can resume sending SMS messages using their own Twilio account with a registered phone number.


The Twilio "Verify API"

Another option would be the use of Twilio's "verify" API, which is strictly for 2FA validations. It does not require 10DLC registration, but they do charge $0.05 per validation - instead of the $0.01 normally paid for each SMS send. This would be an op-in feature with those costs passed along to the customer (portal admin) each month. The advantage of this option is there would be no requirement for procuring a Twilio account, setting up API keys, and completing the 10DLC number registration process.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.