What are 10DLC trust scores?

How to register for an A2P 10DLC trust (or RISQ) score as P2P SMS long code messaging for businesses is phased out

OpenMarket – January 30, 2020

Does your business send mobile messages to US customers? Then it’s time to get ready for A2P 10DLC.

One of your first steps should be to look into whether you need to obtain a trust score (also known as a RISQ score or vetting score) for 10DLC (10-digit-long-code) use cases.

Not all businesses will need them. But many will. This post sets out why a trust score is so important – and what you need to do next.

(This blog post was updated on April 12, 2020)

10 DLC summary

For years, the big US carriers have wanted to stop businesses communicating with customers via long codes designed for person-to-person (P2P) use. They instead want this traffic to be transported via 10DLC originators sanctioned for application-to-person (A2P) messaging.

Verizon – which has just become the first to launch its 10DLC service – has announced it will charge businesses $.0025 per SMS message and $.0052 per MMS. The other major carriers – AT&T, T-Mobile and Sprint – are to introduce similar charges. It’s not yet clear when they will launch.

The demands on businesses and networks caused by COVID-19 looks to have pushed timetables back for all of them. However, it would seem reasonable to expect that all of the big US carriers will have launched their 10DLC services by the end of 2020.

How to vet your SMS long code use cases

To protect their 10DLC routes, Verizon, AT&T, T-Mobile and Sprint want to make sure the traffic being sent on them won’t result in bad messaging experiences for their customers.

In other words, they want to keep spam and smishing off their network. Requiring brands to obtain trust or RISQ (Routine Information and Services Quality) scores from independent verification agencies is one way for US carriers to protect their networks. We’ve been in discussions with the carriers about how they might use these scores.

First off, it’s likely that established, well-known brands will be exempt from third-party vetting requirements, and will receive high throughput for all their 10DLC uses.

The thinking is they wouldn’t damage their brand by sending spam-like traffic on 10DLC. Businesses that send few messages a month might also be exempt from any vetting requirements, as the risk they pose is inconsequential.

However, each carrier will have its own policies and processes. They are all subject to change. But below are the approaches we think they might take.

Verizon doesn’t require businesses to obtain a trust score. Instead it is using filters to block any traffic it deems to be a spam risk.

It’s not yet clear what criteria Verizon is using to determine high quality from low quality traffic. But we are in touch and will pass on information as soon as we have it. (Until then, it’s worth referring to prohibited campaign types identified by AT&T at the end of this post).

As part of the 10DLC campaign registration process, each campaign is expected to be given a “message class” by AT&T. A certain amount of throughput is expected to be assigned to each class.

If you need more throughput than the message class allows for, you might be given the opportunity to go through a vetting process with a verified independent agency. A good trust score from them might lead to higher throughput.

T-Mobile’s position on vetting and any rules they might apply to throughput is not yet clear.

We don’t have any information from Sprint to share at this time.


We also don’t yet have any specific throughput figures from the big US carriers to share. But for guidance, a throughput of one message per second is low for business use cases. Around 30 per second is a typical throughput seen in A2P messaging generally. But throughput for short codes can be much higher – hundreds a second (even up to 1,000).

Our feeling is that if a brand has a good reputation, and the use case is deemed to be a low spam risk,  then they will receive a throughput that is suitable for almost every type of use case.

Which use cases are deemed high risk?

An example of a use case likely to receive a high score would be SMS-based two-factor authentication (2FA). This is because consumers have asked for this traffic, they respond to it, and it’s safe and necessary.

Promotional marketing campaigns by third party affiliates would be on the other end of the scale. These are considered more likely to pose a spam risk. However, a marketing campaign run by a well-known brand with a good reputation is almost certainly likely to be considered safe traffic and should therefore receive a good score.

AT&T has released an illuminating code of conduct that sets out types of traffic it considers to be undesirable. It includes:

– Loan advertisements with the exception of messages from direct lenders for secured loans
– Credit repair
– Debt relief
– Work from home, ‘secret shopper,’ and similar advertising campaigns
– Lead generation campaigns that indicate the sharing of collected information with third parties

Where can you get a trust score from?

You can obtain a trust score from agencies including WMC Global. The vetting of mobile messaging use cases is new for these agencies, so there’s not yet much literature around to guide you. We’re happy to share what we know, so get in touch with one of our experts.

At OpenMarket we can also help you:

— Navigate the vetting process
― Search by area code and purchase 10DLCs
— Determine if you can reuse your existing landline numbers
― File a campaign brief (to the US carriers that require it)
― Configure your 10DLCs to use your messaging applications
― View the status of US campaigns

To talk about your options get in touch. We’d be happy to guide you along your 10DLC path.

See all blogs

Related Content