What are 10DLC trust scores?

How to register for an A2P 10DLC trust (or RISQ) score as P2P SMS long code messaging for businesses is phased out

OpenMarket – January 30, 2020

Does your business send mobile messages to US customers? Then it’s time to get ready for A2P 10DLC.

One of your first steps should be to look into whether you need to obtain a trust score (also known as a RISQ score or vetting score) for 10DLC (10-digit-long-code) use cases.

Not all businesses will need them. But many will. This post sets out why a trust score is so important – and what you need to do next.

10 DLC summary

For years, the big US carriers have wanted to stop businesses communicating with customers via long codes designed for person-to-person (P2P) use. They instead want this traffic to be transported via 10DLC originators sanctioned for application-to-person (A2P) messaging.

Verizon – which has just become the first to launch its 10DLC service – has announced it will charge businesses $.0025 per SMS message and $.0052 per MMS. The other major carriers – AT&T, T-Mobile and Sprint – are set to launch 10DLC in the coming months. They’re expected to introduce similar charges.

How to vet your SMS long code use cases

To protect their 10DLC routes, Verizon, AT&T, T-Mobile and Sprint want to make sure the traffic being sent on them won’t result in bad messaging experiences for their customers.

In other words, they want to keep spam and smishing off their network. Requiring brands to obtain trust or RISQ (Routine Information and Services Quality) scores from independent verification agencies is one way to protect their networks. We’ve been in discussions with these carriers about how they might use these scores.

First off, it’s likely that established, well-known brands will be exempt from third-party vetting requirements, and will receive high throughput for all their 10DLC uses.

The thinking is they wouldn’t damage their brand by sending spam-like traffic on 10DLC. Businesses that send few messages a month might also be exempt from any vetting requirements, as the risk they pose is inconsequential.

However, each carrier has its own policies and processes. Below are the approaches we think they’re going to take.

Verizon doesn’t require businesses to obtain a trust score. Instead it is using filters to block any traffic it deems to be a spam risk.

It’s not yet clear what criteria Verizon is using to determine high quality from low quality traffic. But we are in touch and will pass on information as soon as we have it. (Until then, it’s worth referring to prohibited campaign types identified by AT&T at the end of this post).

As part of the 10DLC campaign registration process, each campaign is expected to be given a “message class” by AT&T. A certain amount of throughput is expected to be assigned to each class.

If you need more throughput than the message class allows for, you could choose to go through a vetting process with a verified independent agency. A good trust score from them could lead to higher throughput.

It looks like T-Mobile will assign a base throughput for all customers. If you need more throughput, then you might have to go through a third-party vetting process to receive a trust score. Low message volume senders, however, won’t need to be third-party vetted, T-Mobile will rely on the aggregator they send messages through to do the vetting and due diligence.

We don’t have any information from Sprint to share at this time.


We also don’t yet have any specific throughput figures from the big US carriers to share. But for guidance, a throughput of one message per second is low for business use cases. Around 30 per second is a typical throughput seen in business messaging generally. But throughput for short codes can be much higher – hundreds a second (even up to 1,000).

Which use cases are deemed high risk?

An example of a use case likely to receive a high score would be SMS-based two-factor authentication (2FA). This is because consumers have asked for this traffic, they respond to it, and it’s safe and necessary.

Promotional marketing campaigns would be on the other end of the scale. These are considered more likely to pose a spam risk.

AT&T has released an illuminating code of conduct that sets out types of traffic it considers to be undesirable. It includes:

– Loan advertisements with the exception of messages from direct lenders for secured loans
– Credit repair
– Debt relief
– Work from home, ‘secret shopper,’ and similar advertising campaigns
– Lead generation campaigns that indicate the sharing of collected information with third parties

Where can you get a trust score from?

You can obtain a trust score from agencies including WMC Global. The vetting of mobile messaging use cases is new for these agencies, so there’s not yet much literature around to guide you. We’re happy to share what we know, so get in touch with one of our experts.

At OpenMarket we can help you:

  • Search for and purchase 10DLCs
  • File a campaign brief (to the US Carriers that require it)
  • Configure your 10DLCs for use with our SMS APIs


To talk about your options get in touch. We’d be happy to guide you along your 10DLC path.

See all blogs

Related Content