GUIDE · EMAIL & SMS MARKETING

TCPA and CAN-SPAM for Contractors: How to Text and Email Customers Legally

Your customer list is worth real money, and one careless blast can turn it into a lawsuit. Here is what TCPA and CAN-SPAM actually require before you send another text or email.

Be Seen, Contractors!9 min readUpdated 2026

The short answer

TCPA governs text messages and covers phone calls; CAN-SPAM governs email. Both require you to get permission before you market to someone, both require an easy way to opt out, and both carry real penalties: TCPA violations run $500 to $1,500 per text, CAN-SPAM violations run up to $53,088 per email as of the current FTC schedule. Most contractors are not breaking these laws on purpose. They are breaking them because nobody told them a signed estimate is not the same thing as marketing consent.

What TCPA Actually Requires Before You Text a Customer

The Telephone Consumer Protection Act is a federal law that predates smartphones, written for robocalls and expanded by the FCC to cover text messages. If you send a marketing text to a customer's cell phone, TCPA applies, full stop. It does not matter if you run a two-truck plumbing outfit or a 40-man roofing crew. The law does not care about your size, and it does not care that you meant well.

The core requirement is prior express written consent for marketing texts. That means the customer affirmatively agreed to receive text marketing from your business specifically, in a way you can prove later. A phone number they gave you on a work order so you could confirm an appointment is not consent to receive your spring maintenance-plan pitch six months later. Those are two different permissions, and the FCC treats them as two different permissions.

There is a narrower category called transactional or informational texts (appointment confirmations, "your tech is on the way," invoice reminders) that carries a lower consent bar because it is not marketing. This is the distinction that trips up contractors most often: the tech-is-on-the-way text is fine under a service relationship, but the follow-up text three weeks later asking if they want a maintenance plan is marketing and needs its own consent. It is worth writing down, in plain language, which of your own recurring texts are transactional and which are promotional, because most owners have never actually separated the two in their own head, let alone on paper.

  • Consent must be specific to text messages, not bundled into a vague "contact me" checkbox.
  • Consent must be in writing (a checked box, a signed form, a reply keyword like "JOIN" all count if documented).
  • You need to be able to produce that consent record if a customer or the FCC ever asks.
  • Consent does not transfer if you buy or merge with another company's customer list.

The practical fix most contractors skip: add one specific checkbox on your estimate form and website contact form that reads something like "Yes, text me about specials and reminders" and keep a timestamped record of every checkbox check. That single line, done right, is what separates a defensible texting program from a lawsuit waiting to happen.

CAN-SPAM: The Rules for Email That Most Contractors Get Half Right

CAN-SPAM is friendlier than TCPA in one respect: it does not require opt-in consent before you email someone. You can email a past customer without a signed form. But it has its own list of requirements, and the FTC enforces them, and getting one wrong on every email in a campaign multiplies the exposure fast.

Every commercial email you send needs: an accurate "from" line that does not disguise who is sending it, a subject line that is not deceptive, your physical business address (a PO box is allowed) somewhere in the email, and a working unsubscribe mechanism that you honor within 10 business days. That last part is where contractors get caught. An ESP that takes three weeks to process opt-outs, or a reply-to address nobody checks, is a compliance gap even if you did not mean it to be.

RequirementWhat it means in practice
Accurate header infoYour business name and a real reply address, not a spoofed domain
Honest subject lineNo "Re:" tricks, no fake urgency that misleads about content
Physical addressStreet address or registered PO box in the footer
Clear opt-outOne-click unsubscribe, no login required, no hidden menus
10-business-day honor windowOpt-out requests must be processed, not just received

The good news: any decent ESP (Mailchimp, Klaviyo, Constant Contact, the platforms most contractors already use) builds the footer and unsubscribe link in by default. Where contractors get exposed is exporting a list into a personal Gmail account and blasting from there, or using a "reply-only-if-interested" line instead of a real unsubscribe. If it looks like you built a workaround to avoid honoring an opt-out, that is exactly what the FTC is watching for. Texting platforms built for compliance solve this automatically; a personal email account or a repurposed group-text app does not, and the gap between the two shows up the day someone actually complains.

The Quiet Hours, Frequency, and Content Rules Nobody Reads Until They're Sued

Beyond consent, both laws (and a growing pile of state-level texting statutes) restrict when and how often you can reach someone. Texas, Florida, Oklahoma, and a handful of other states have added their own SMS marketing rules on top of federal TCPA, generally tightening the same areas: timing, frequency, and required disclosures.

The baseline that holds up almost everywhere: no marketing texts before 8am or after 9pm in the recipient's local time zone. If your customer list spans time zones (snowbirds, a regional franchise footprint, a call center handling multiple markets), you need to track that per-contact, not send on your own clock and hope for the best.

  • Frequency: There is no hard federal cap on how many marketing texts you can send, but state laws and carrier filtering both punish blast behavior. Three to four texts a month to an opted-in list is a reasonable ceiling for most trades; storm-response outfits get a pass to send more during active weather events because the content is time-sensitive, not promotional.
  • Content triggers: Every marketing text needs a way to opt out ("Reply STOP to unsubscribe") and, depending on the platform, an identification of who is texting. Carriers increasingly filter or block messages that skip this, which means non-compliant texts do not even reach the phone.
  • Recordkeeping: Keep consent records for as long as you keep the contact in your marketing list, plus a reasonable buffer after removal. If a complaint surfaces two years later, "we probably had consent" is not a defense; a timestamped record is.

None of this is exotic. It is the same discipline a well-run trade business already applies to permits and lien deadlines: know the rule, document the step, keep the paper trail. The businesses that get burned are the ones treating their customer list like a personal contact book instead of a regulated marketing channel.

One more wrinkle worth knowing: several states now require specific disclosure language in the message itself (message frequency, "msg and data rates may apply") on top of the STOP instruction. A texting platform built for marketing compliance bakes these in by default; a business owner texting from a personal cell phone usually has no idea the requirement exists until a complaint points it out.

What a TCPA or CAN-SPAM Violation Actually Costs a Contractor

These are not abstract regulatory numbers. TCPA violations carry statutory damages of $500 per violation, tripled to $1,500 per violation if the violation is found willful or knowing. "Per violation" means per text message, not per campaign. A single blast to a list of 400 people that lacked proper consent is not one violation, it is potentially 400, and TCPA allows for class-action treatment, which is exactly how a $500 problem becomes a six-figure problem fast.

CAN-SPAM penalties are set by the FTC and adjusted for inflation; the current per-email maximum sits above $50,000, though actual enforcement typically targets egregious, high-volume, or deceptive senders rather than a single missed unsubscribe link. The realistic risk for most contractors is smaller in dollar terms but still expensive: legal fees to respond to a complaint, an ESP account suspension for spam complaints, and the time cost of a business owner fighting a claim instead of running jobs.

The more common cost, and the one that does not show up in a lawsuit database, is deliverability damage. Carriers and mailbox providers track spam complaints and opt-out ignore rates. A contractor who blasts an unconsented list gets numbers flagged, texts start landing in spam folders or getting silently blocked by carrier filters, and the whole marketing channel degrades even if nobody ever files a legal complaint. You do not need a lawsuit to lose the channel. You just need enough recipients hitting "report spam" for the platform to notice.

This is the argument for doing consent right from the start rather than cleaning it up later: a list built on real opt-in is an asset that gets more valuable and more deliverable over time. A list built by scraping every phone number off old invoices is a liability that gets more expensive and less deliverable every month you use it.

There is also an insurance angle owners rarely think about. General liability and E&O policies were not written with TCPA class actions in mind, and many exclude statutory-damages claims outright. That means a contractor facing a class-action TCPA complaint may be paying legal defense costs out of pocket with no policy to fall back on, which is a very different risk profile than a slip-and-fall claim on a job site.

Building a Compliant Opt-In Process Without Losing the List You Already Have

Contractors who hear all this often ask the wrong question first: "do I have to throw out my whole customer list?" Usually no. What you need is a clean re-permission pass and a documented process going forward, not a bonfire.

For an existing list where consent is murky, the safest move is a one-time re-opt-in campaign: an email or a single text (framed as a service update, not a pitch) that asks the customer to confirm they want to keep hearing from you, with a clear yes/no action. Anyone who confirms becomes a clean, documented contact. Anyone who does not respond gets moved to a service-only list (appointment reminders, invoice notices) rather than marketing, or gets removed after a defined window.

  1. Audit the source of every number and email. Work order? Estimate form? Old spreadsheet from 2019? Each source has a different consent story.
  2. Add a specific texting checkbox to every new estimate, contract, and website form, separate from the general "contact me" language.
  3. Timestamp and store consent records in whatever system holds the contact, not in a separate note nobody checks.
  4. Pick a platform built for compliance, not a personal phone or a scraped-list texting app. Most legitimate SMS platforms bake in STOP-word handling and quiet-hours enforcement automatically.
  5. Segment marketing from transactional. Appointment and invoice texts run on the lower consent bar; specials and maintenance-plan pitches run on the higher one. Mixing them in the same thread muddies your defense if ever questioned.

None of this requires a legal department. It requires picking a platform that was built with these rules in mind and setting up the checkbox and the segmentation once, correctly, so it runs itself after that. Most of the compliance headache contractors imagine disappears the moment the intake form and the sending platform are set up right the first time, instead of retrofitted after a complaint forces the issue.

How This Plays Out Differently by Trade

The compliance rules are federal and do not change by trade, but the practical risk profile does, because the volume and cadence of contact differs.

HVAC and plumbing outfits running seasonal maintenance-plan reminders (spring tune-up, fall furnace check) send the highest volume of recurring marketing texts of any trade in this guide's lane, which means the consent checkbox on the maintenance agreement matters more here than almost anywhere else. A maintenance-plan signup form is the single best place to capture documented, specific texting consent, because the customer is already agreeing to an ongoing relationship.

Roofing and storm-damage contractors have a narrower but higher-stakes window: post-storm outreach to a neighborhood or past-customer list happens fast and at volume, and "we texted everyone in the affected zip code" is exactly the kind of blast that draws TCPA scrutiny if those recipients never opted in. Storm response should route through informational, service-style messaging to existing customers and lean on other channels for new-area outreach.

Landscaping and pest control businesses running recurring service reminders sit closer to the transactional side (confirming a scheduled visit) but often blur into marketing when the same thread pitches an upsell ("add mosquito treatment this visit?"). That blend is fine as long as the underlying consent covers marketing content, not just service confirmations.

Electricians and general contractors doing lower-frequency, higher-ticket work typically send fewer texts overall, which lowers exposure, but also means each opt-in checkbox on an estimate carries more relative weight since there are fewer touchpoints to capture consent at all. Get it right on the estimate form, because there may not be another natural moment to ask.

Across every trade, the pattern holds: the moment you already have the customer's attention for a legitimate reason (signing a contract, scheduling a maintenance plan, closing out a job) is the moment to capture texting consent, because asking for it cold, out of context, rarely works and rarely gets documented well. Build the ask into a step you already do, and the compliance problem mostly solves itself.

Key takeaways

  • TCPA requires prior express written consent, specific to texting, before you send marketing texts, separate from any general contact permission.
  • TCPA damages run $500 to $1,500 per text and scale with list size, which is how a small mistake becomes a large exposure.
  • CAN-SPAM does not require opt-in for email but does require an honest header, a physical address, and a working unsubscribe honored within 10 business days.
  • Quiet hours (no marketing texts before 8am or after 9pm local time) and a documented STOP process are baseline requirements almost everywhere.
  • A murky existing list does not need to be scrapped. A one-time re-opt-in pass and a specific texting checkbox going forward cleans it up.
  • Ignoring consent rules degrades deliverability even without a lawsuit: carriers flag and filter numbers with high spam-complaint rates.

STRAIGHT ANSWERS

Quick answers.

01Does a signed estimate or work order count as consent to text market to a customer?

No. Signing an estimate or work order authorizes the job, not marketing contact. TCPA requires consent that specifically covers text marketing, so you need a separate checkbox or statement the customer affirmatively agrees to.

02Can I text past customers who never explicitly opted in?

Only for transactional messages tied to an existing service relationship (appointment reminders, invoice notices), not for marketing pitches. To market to them, run a re-opt-in campaign first and document who confirms.

03What is the difference between TCPA and CAN-SPAM in plain terms?

TCPA covers text messages and phone calls and generally requires opt-in consent before marketing contact. CAN-SPAM covers email and does not require opt-in, but it does require honest sender information and an honored unsubscribe. Different channels, different rulebooks.

04Is it enough to just add a STOP keyword to my texts?

It is necessary, not sufficient. STOP handling is one requirement among several. You still need documented upfront consent, quiet-hours compliance, and accurate sender identification. STOP alone does not fix a list you never had permission to text in the first place.

WANT THIS HANDLED FOR YOU?

Get your list compliant?

We wire up consent capture, quiet-hours logic, and opt-out handling as part of every email and SMS sequence we build, so you are not guessing at the rules mid-campaign. Book a strategy call and we will look at your current list and forms together.

Start With the Free Audit
Call (407) 705-2452 Text