What TCPA Actually Requires Before You Text a Customer
The Telephone Consumer Protection Act is a federal law that predates smartphones, written for robocalls and expanded by the FCC to cover text messages. If you send a marketing text to a customer's cell phone, TCPA applies, full stop. It does not matter if you run a two-truck plumbing outfit or a 40-man roofing crew. The law does not care about your size, and it does not care that you meant well.
The core requirement is prior express written consent for marketing texts. That means the customer affirmatively agreed to receive text marketing from your business specifically, in a way you can prove later. A phone number they gave you on a work order so you could confirm an appointment is not consent to receive your spring maintenance-plan pitch six months later. Those are two different permissions, and the FCC treats them as two different permissions.
There is a narrower category called transactional or informational texts (appointment confirmations, "your tech is on the way," invoice reminders) that carries a lower consent bar because it is not marketing. This is the distinction that trips up contractors most often: the tech-is-on-the-way text is fine under a service relationship, but the follow-up text three weeks later asking if they want a maintenance plan is marketing and needs its own consent. It is worth writing down, in plain language, which of your own recurring texts are transactional and which are promotional, because most owners have never actually separated the two in their own head, let alone on paper.
- Consent must be specific to text messages, not bundled into a vague "contact me" checkbox.
- Consent must be in writing (a checked box, a signed form, a reply keyword like "JOIN" all count if documented).
- You need to be able to produce that consent record if a customer or the FCC ever asks.
- Consent does not transfer if you buy or merge with another company's customer list.
The practical fix most contractors skip: add one specific checkbox on your estimate form and website contact form that reads something like "Yes, text me about specials and reminders" and keep a timestamped record of every checkbox check. That single line, done right, is what separates a defensible texting program from a lawsuit waiting to happen.
CAN-SPAM: The Rules for Email That Most Contractors Get Half Right
CAN-SPAM is friendlier than TCPA in one respect: it does not require opt-in consent before you email someone. You can email a past customer without a signed form. But it has its own list of requirements, and the FTC enforces them, and getting one wrong on every email in a campaign multiplies the exposure fast.
Every commercial email you send needs: an accurate "from" line that does not disguise who is sending it, a subject line that is not deceptive, your physical business address (a PO box is allowed) somewhere in the email, and a working unsubscribe mechanism that you honor within 10 business days. That last part is where contractors get caught. An ESP that takes three weeks to process opt-outs, or a reply-to address nobody checks, is a compliance gap even if you did not mean it to be.
| Requirement | What it means in practice |
|---|---|
| Accurate header info | Your business name and a real reply address, not a spoofed domain |
| Honest subject line | No "Re:" tricks, no fake urgency that misleads about content |
| Physical address | Street address or registered PO box in the footer |
| Clear opt-out | One-click unsubscribe, no login required, no hidden menus |
| 10-business-day honor window | Opt-out requests must be processed, not just received |
The good news: any decent ESP (Mailchimp, Klaviyo, Constant Contact, the platforms most contractors already use) builds the footer and unsubscribe link in by default. Where contractors get exposed is exporting a list into a personal Gmail account and blasting from there, or using a "reply-only-if-interested" line instead of a real unsubscribe. If it looks like you built a workaround to avoid honoring an opt-out, that is exactly what the FTC is watching for. Texting platforms built for compliance solve this automatically; a personal email account or a repurposed group-text app does not, and the gap between the two shows up the day someone actually complains.
The Quiet Hours, Frequency, and Content Rules Nobody Reads Until They're Sued
Beyond consent, both laws (and a growing pile of state-level texting statutes) restrict when and how often you can reach someone. Texas, Florida, Oklahoma, and a handful of other states have added their own SMS marketing rules on top of federal TCPA, generally tightening the same areas: timing, frequency, and required disclosures.
The baseline that holds up almost everywhere: no marketing texts before 8am or after 9pm in the recipient's local time zone. If your customer list spans time zones (snowbirds, a regional franchise footprint, a call center handling multiple markets), you need to track that per-contact, not send on your own clock and hope for the best.
- Frequency: There is no hard federal cap on how many marketing texts you can send, but state laws and carrier filtering both punish blast behavior. Three to four texts a month to an opted-in list is a reasonable ceiling for most trades; storm-response outfits get a pass to send more during active weather events because the content is time-sensitive, not promotional.
- Content triggers: Every marketing text needs a way to opt out ("Reply STOP to unsubscribe") and, depending on the platform, an identification of who is texting. Carriers increasingly filter or block messages that skip this, which means non-compliant texts do not even reach the phone.
- Recordkeeping: Keep consent records for as long as you keep the contact in your marketing list, plus a reasonable buffer after removal. If a complaint surfaces two years later, "we probably had consent" is not a defense; a timestamped record is.
None of this is exotic. It is the same discipline a well-run trade business already applies to permits and lien deadlines: know the rule, document the step, keep the paper trail. The businesses that get burned are the ones treating their customer list like a personal contact book instead of a regulated marketing channel.
One more wrinkle worth knowing: several states now require specific disclosure language in the message itself (message frequency, "msg and data rates may apply") on top of the STOP instruction. A texting platform built for marketing compliance bakes these in by default; a business owner texting from a personal cell phone usually has no idea the requirement exists until a complaint points it out.
What a TCPA or CAN-SPAM Violation Actually Costs a Contractor
These are not abstract regulatory numbers. TCPA violations carry statutory damages of $500 per violation, tripled to $1,500 per violation if the violation is found willful or knowing. "Per violation" means per text message, not per campaign. A single blast to a list of 400 people that lacked proper consent is not one violation, it is potentially 400, and TCPA allows for class-action treatment, which is exactly how a $500 problem becomes a six-figure problem fast.
CAN-SPAM penalties are set by the FTC and adjusted for inflation; the current per-email maximum sits above $50,000, though actual enforcement typically targets egregious, high-volume, or deceptive senders rather than a single missed unsubscribe link. The realistic risk for most contractors is smaller in dollar terms but still expensive: legal fees to respond to a complaint, an ESP account suspension for spam complaints, and the time cost of a business owner fighting a claim instead of running jobs.
The more common cost, and the one that does not show up in a lawsuit database, is deliverability damage. Carriers and mailbox providers track spam complaints and opt-out ignore rates. A contractor who blasts an unconsented list gets numbers flagged, texts start landing in spam folders or getting silently blocked by carrier filters, and the whole marketing channel degrades even if nobody ever files a legal complaint. You do not need a lawsuit to lose the channel. You just need enough recipients hitting "report spam" for the platform to notice.
This is the argument for doing consent right from the start rather than cleaning it up later: a list built on real opt-in is an asset that gets more valuable and more deliverable over time. A list built by scraping every phone number off old invoices is a liability that gets more expensive and less deliverable every month you use it.
There is also an insurance angle owners rarely think about. General liability and E&O policies were not written with TCPA class actions in mind, and many exclude statutory-damages claims outright. That means a contractor facing a class-action TCPA complaint may be paying legal defense costs out of pocket with no policy to fall back on, which is a very different risk profile than a slip-and-fall claim on a job site.
Building a Compliant Opt-In Process Without Losing the List You Already Have
Contractors who hear all this often ask the wrong question first: "do I have to throw out my whole customer list?" Usually no. What you need is a clean re-permission pass and a documented process going forward, not a bonfire.
For an existing list where consent is murky, the safest move is a one-time re-opt-in campaign: an email or a single text (framed as a service update, not a pitch) that asks the customer to confirm they want to keep hearing from you, with a clear yes/no action. Anyone who confirms becomes a clean, documented contact. Anyone who does not respond gets moved to a service-only list (appointment reminders, invoice notices) rather than marketing, or gets removed after a defined window.
- Audit the source of every number and email. Work order? Estimate form? Old spreadsheet from 2019? Each source has a different consent story.
- Add a specific texting checkbox to every new estimate, contract, and website form, separate from the general "contact me" language.
- Timestamp and store consent records in whatever system holds the contact, not in a separate note nobody checks.
- Pick a platform built for compliance, not a personal phone or a scraped-list texting app. Most legitimate SMS platforms bake in STOP-word handling and quiet-hours enforcement automatically.
- Segment marketing from transactional. Appointment and invoice texts run on the lower consent bar; specials and maintenance-plan pitches run on the higher one. Mixing them in the same thread muddies your defense if ever questioned.
None of this requires a legal department. It requires picking a platform that was built with these rules in mind and setting up the checkbox and the segmentation once, correctly, so it runs itself after that. Most of the compliance headache contractors imagine disappears the moment the intake form and the sending platform are set up right the first time, instead of retrofitted after a complaint forces the issue.
How This Plays Out Differently by Trade
The compliance rules are federal and do not change by trade, but the practical risk profile does, because the volume and cadence of contact differs.
HVAC and plumbing outfits running seasonal maintenance-plan reminders (spring tune-up, fall furnace check) send the highest volume of recurring marketing texts of any trade in this guide's lane, which means the consent checkbox on the maintenance agreement matters more here than almost anywhere else. A maintenance-plan signup form is the single best place to capture documented, specific texting consent, because the customer is already agreeing to an ongoing relationship.
Roofing and storm-damage contractors have a narrower but higher-stakes window: post-storm outreach to a neighborhood or past-customer list happens fast and at volume, and "we texted everyone in the affected zip code" is exactly the kind of blast that draws TCPA scrutiny if those recipients never opted in. Storm response should route through informational, service-style messaging to existing customers and lean on other channels for new-area outreach.
Landscaping and pest control businesses running recurring service reminders sit closer to the transactional side (confirming a scheduled visit) but often blur into marketing when the same thread pitches an upsell ("add mosquito treatment this visit?"). That blend is fine as long as the underlying consent covers marketing content, not just service confirmations.
Electricians and general contractors doing lower-frequency, higher-ticket work typically send fewer texts overall, which lowers exposure, but also means each opt-in checkbox on an estimate carries more relative weight since there are fewer touchpoints to capture consent at all. Get it right on the estimate form, because there may not be another natural moment to ask.
Across every trade, the pattern holds: the moment you already have the customer's attention for a legitimate reason (signing a contract, scheduling a maintenance plan, closing out a job) is the moment to capture texting consent, because asking for it cold, out of context, rarely works and rarely gets documented well. Build the ask into a step you already do, and the compliance problem mostly solves itself.