CloudMessage Service Policies

These ReachUC, LLC (“RUC”) Messaging Service Policies (“Policies”) are intended to provide general guidance and polices regarding your use of RUC’s Messaging Services. RUC makes no warranties in these  Policies. These Policies are not inclusive or exhaustive and are subject to change at RUC’s discretion, at any time. RUC reserves the right in its sole discretion to remove or deny any traffic which does not comply with these Policies.

1. Introduction

The RUC messaging solution supports superior quality and high integrity communications. These Policies are designed to promote best practices for exchange of messages. The viability of the messaging ecosystem is dependent on consumer perception of messaging as a trusted and convenient communication environment. These Policies are intended to preserve the credibility and utility of the ecosystem. These Policies are designed to enable wanted messages and prevent unwanted or deceptive messages. Those who violate these Policies may be subject to any penalty set forth below and if applicable those available to RUC under applicable law.

2. Enforcement and Violations

These Policies will be enforced by both RUC and its upstream providers. Violations of these Policies may result in affirmative action taken by RUC and/or its upstream carriers.

3. Definitions

Blacklisting: Numbers which have sent repeated known spam/unwanted content are subject to automatic blacklisting without notification for up to 30 days. Multiple or repeat offenses may result in permanent blacklisting. Additionally, numbers which have been reported by industry partners for spam/unwanted content may also be subject to permanent blacklisting.

Consumer: An individual person with uniquely assigned phone numbers (long codes i.e., local phone numbers) who subscribes to specific wireless messaging services or messaging applications. Consumers do not include agents of businesses, organizations or entities which send messages to consumers.

Non-Consumer: A business, organization or entity which uses messaging to communicate with consumers. Examples may include, but are not limited to, large-to-small businesses, financial institutions, schools, medical practices, customer service entities, non-profit organizations and political  campaigns.

Non-Consumer Application-to-Person (A2P): Messages sent from an application, typically web-based, to a mobile subscriber. Some common use cases include two-factor authentication (2FA), travel notifications, banking alerts or marketing messages. A2P delivery methods are either via toll-free messaging service or soon to be implemented 10DLC (10-digit long code).

Fingerprinting: The process of extracting data points from identified spam content is known as “fingerprinting”. Once message content has been fingerprinted as spam, all content found to be correlated to that fingerprint will be blocked in the future. Fingerprints do not expire or age out of existence.

MM4: MM4 is a 3GPP protocol for MMS service which covers the routing of an MMS from an originator  MMS relay/server to a recipient MMS relay/server. MM4 is based on SMTP (email) protocol. MM4 is an extension of Internet simple mail transport protocol (SMTP) according to STD 10 (RFC 2821).

Multimedia Message Service (MMS): Facilitates group messaging and allows for the exchange of multimedia content between mobile devices including video, pictures and audio.

REST API: Application programing interface (API) used to establish messaging connectivity for sending and receiving messages and other service-related access.

Short Message Service (SMS): Commonly known as “text messaging” is a service for sending and receiving messages of up to 160 characters to mobile devices. Longer messages will be fragmented into  smaller message fragments. Maximum character length per message fragment varies depending on the    character set used in the body of the message, whether GSM default alphabet or Unicode.

Short Message Peer-to-Peer (SMPP): SMPP is an open, industry standard Internet protocol designed to    provide a flexible data communication interface for the transfer of SMS messages between external short messaging entities (ESME), routing entities (RE) and short message service centers (SMSC).

Unwanted Messages: These include, but are not limited to, unsolicited bulk commercial messages (i.e., spam); “phishing” messages intended to access private or confidential information through deception;    other forms of abusive, harmful, malicious, unlawful or otherwise inappropriate messages; and messages which require an opt-in but did not obtain such opt-in (or such opt-in was revoked.

4. Global Policies

1. General Rules of Content

Message senders should take affirmative steps and employ tools which monitor and prevent unwanted   message content, including content which:

• Is unlawful, harmful, abusive, malicious, misleading, harassing, violent, obscene/illicit, or defamatory
• Is deceptive (e.g., phishing messages intended to access private or confidential information),  including deceptive links
• Invades privacy
• Causes safety concerns
• Incites harm, discrimination, hate or violence
• Intended to intimidate
• Includes malware
• Threatens consumers
• Does not meet age-gating requirements

2. Political Use Cases

Political messaging will be evaluated on a case-by-case basis. Such discretion will not be exercised with the intent of favor or disfavor of any political party or candidate. Due to high volumes of consumer complaints, messages containing the following content are not appropriate and may be blocked by carriers if sent over either P2P or A2P (toll-free/10DLC) messaging,  regardless of opt-in status:

• Spoofing messages or snowshoed content across multiple numbers
• Data sharing between message senders
• Malicious content
• Phishing content

3. Inappropriate Use Cases

Due to high volumes of consumer complaints, messages containing the following content are not appropriate and may be blocked by carriers if sent over A2P (toll-free/10DLC) messaging,  regardless of opt-in status. If messaging traffic is identified by a provider as associated with one of the following use cases, RUC cannot do much to assist in the removal of blocking:

• Social marketing
• Collections
• Financial services, whether account notifications, marketing, collections or billing for:

1. High-risk/subprime lending/credit card companies
2. Auto loans
3. Mortgages
4. Payday loans
5. Short-term loans
6. Student loans
7. Debt consolidation/reduction/forgiveness

• Insurance

1. Car Insurance
2. Health Insurance

• Gambling, Casino, and Bingo
• Gift cards
• Sweepstakes
• Free prizes
• Investment opportunities
• Lead generation
• Recruiting
• Commission programs
• Credit repair
• Tax relief
• Illicit or illegal substances (including Cannabis)
• Work from home
• Get rich quick
• UGGS and RayBan campaigns
• Phishing
• Fraud or scams
• Cannabis
• Deceptive marketing
• SHAFT: Sex, Hate, Alcohol, Firearms or Tobacco

4. Additional Prohibited Practices

4.4.1 Snowshoe Messaging

Snowshoe sending is a technique used to send messages from more source phone numbers or short        codes than are needed to support an application’s function. This technique is often used to dilute reputation metrics and evade filters. Message senders must not engage in snowshoe messaging. Service providers should also take measures to prevent snowshoe messaging. Certain cases with similar campaigns may use different numbers. In that case, it is important for message senders to identify their messages with a distinct brand and URL naming convention. If there is  any doubt about campaign content, submit use case proposals or questions to RUC’s messaging team.

4.4.2 Proxy Numbers

Message senders might utilize a phone number as a proxy number, which functions as a relay point between possibly large sets of phone numbers and/or frequently changing phone numbers in certain wireless messaging use cases. For example, a driver for a ride-sharing service may need to communicate with a prospective passenger to confirm a pick-up location. The proxy phone number functions as a conference call bridge phone number, allowing the driver and passenger to communicate without either party having to reveal their personal phone number. A 10-digit NANP phone number used as a proxy is typically a means to connect two individuals, but proxy numbers are commonly reused in a way which may create volumes of messaging traffic exceeding typical consumer operation. Given the use of proxy numbers to facilitate bulk messaging traffic among multiple 10-digit NANP phone numbers, the proxy number qualifies as non-consumer (A2P) messaging traffic and may be subject to additional validation, vetting and monitoring.

4.4.3 Spoofing Phone Numbers

Message number spoofing includes the ability of a message sender to cause a message to display an originating number for the message, which is not assigned to the message sender, or when a message sender originates a message through a service provider other than the service provider to which reply messages will be delivered or received. Message number spoofing must be avoided and must comply with all applicable laws.

5.0 Non-Consumer (A2P) Best Practices

5.1 Consumer Consent

The messaging ecosystem must operate consistent with relevant laws and regulations, such as the TCPA and associated FCC regulations regarding consumer consent for communications. Regardless of whether these rules apply and to maintain consumer confidence in messaging services, non-consumer (A2P) message senders should:

• Obtain a consumer’s consent to receive messages;
• Obtain a consumer’s express written consent to specifically receive marketing messages; and
• Ensure consumers have the ability to revoke consent.

Consent may vary upon on the type of message content exchanged with a consumer.

The table in the following page provides examples of the types of messaging content and the associated consent that should be expected. The examples below do not constitute or convey legal advice and should not be used as a substitute for obtaining legal advice from qualified counsel. Reference to “business” below is used as an example of a non-consumer (A2P) message sender. Individual service providers may adopt additional consumer protection measures for non-consumer (A2P) message senders, which may include, for example, campaign pre-approval, service provider vetting, in-market audits, or unwanted message filtering practices which are tailored to facilitate the exchange of wanted messaging traffic.

Types of Messaging Content & Associated Consent Principles
Conversational	Informational	Promotional
Conversational messaging is a back-and-forth conversation which takes place via text. If a Consumer texts a business first and the business responds quickly with a single message, then it is likely conversational. If the consumer initiates the conversation and the business simply responds, then no additional permission is expected.	Informational messaging is when a consumer gives their phone number to a business and asks to be contacted in the future. Appointment reminders, welcome texts, and alerts fall into this category because the first text sent by the business fulfills the consumer’s request. A consumer needs to agree to receive texts for a specific informational purpose when they give the business their mobile number.	Promotional messaging is a message sent which contains a sales or marketing promotion. Adding a call-to- action (e.g., a coupon code to an informational text) may place the message in the promotional category.Before a business sends promotional messages, the consumer should agree in writing to receive promotional texts.Businesses which already ask consumers to sign forms or submit contact information can add a field to capture the consumer’s consent.
First message is only sent by a consumerTwo-way conversation	First message is sent by the consumer or businessOne-way alert or two-way conversation	First message is sent by the businessOne-way alert
Message responds to a specific request	Message contains information	Message promotes a brand, product, or servicePrompts consumer to buy something, go somewhere, or otherwise take action
IMPLIED CONSENTIf the consumer initiates the text message exchange and the business only responds to each consumer with relevant information, then no verbal or written permission is expected.	EXPRESS CONSENTThe consumer should give express permission before a business sends them a text message. Consumers may give permission over text, on a form, on a website or verbally. Consumers may also give written permission.	EXPRESS WRITTEN CONSENTThe consumer should give express written permission before a business sends them a text message.Consumers may sign a form, check a box online, or otherwise provide consent to receive promotional text messages.

5.2 Clear and Conspicuous Calls-to-Action

A “call-to-action” is an invitation to a consumer to opt-in to a messaging campaign. The primary purpose of disclosures is to ensure that a consumer  consents to receive a message and understands the nature of the program. Message senders must display a clear and conspicuous call-to-action with appropriate disclosures to consumers about the type and purpose of the messaging consumers will receive. A call-to-action must ensure consumers are aware of:

• The program or product description;
• The phone number(s) or short code(s) from which messaging will originate;
• The specific identity of the organization or individual being represented in the initial message;
• Clear and conspicuous language about opt-in and any associated fees or charges; and
• Other applicable terms and conditions (e.g., how to opt-out, customer care contact information  and any applicable privacy policy).

Calls-to-action and subsequent messaging must not contain any deceptive language, and opt-in details  must not be obscured in terms and conditions (especially terms related to other services).

5.3 Consumer Opt-In

Message senders should support opt-in mechanisms, and messages should be sent only after the consumer has opted-in to receive them. Opt-in procedures reduce the likelihood that a consumer will receive an unwanted message. It can also help prevent messages from being sent to a phone number which does not belong to the consumer who provided the phone number (e.g., a consumer purposefully  or mistakenly provides an incorrect phone number to the message sender).

• Depending upon the circumstances, a consumer might demonstrate opt-in consent to receive  messaging traffic through several mechanisms, including but not limited to:

• Entering a phone number through a website;
• Clicking a button on a mobile webpage;
• Sending a message from the consumer’s mobile device that contains an advertising keyword;
• Initiating the text message exchange in which the message sender replies to the consumer only  with responsive information;
• Signing up at a point-of-sale (POS) or other message sender on-site location; or
• Opting-in over the phone using interactive voice response (IVR) technology.

While the common short code handbook is a separate document specific to the common short code program, the common short code handbook has additional examples of opt-in consent which may be helpful to message senders. Message senders should also document opt-in consent by retaining the following data where applicable:

• Timestamp of consent acquisition;
• Consent acquisition medium (e.g., cell-submit form, physical sign-up form, SMS keyword, etc.);
• Capture of experience (e.g., language and action) used to secure consent;
• Specific campaign for which the opt-in was provided;
• IP address used to grant consent;
• Consumer phone number for which consent to receive messaging was granted; and
• Identity of the individual who consented (name of the individual or other identifier (e.g., online  username, session ID, etc.)).

5.4 Confirm Opt-In Confirmation for Recurring Messages

Message senders of recurring messaging campaigns should provide consumers with a confirmation message that clearly informs the consumer they are enrolled in the recurring message campaign and provides a clear and conspicuous description of how to opt-out. After the message sender has confirmed that a consumer has opted-in, the message sender should send the consumer an opt-in confirmation message before any additional messaging is sent. The confirmation message should include:

• The program name or product description;
• Customer care contact information (e.g., a toll-free number, 10-digit phone number, or help command instructions);
• How to opt-out;
• A disclosure that the messages are recurring and the frequency of the messaging; and
• Clear and conspicuous language about any associated fees or charges and how those charges  will be billed.

5.5 Consumer Re-Opt-In on Toll-Free Numbers

A consumer may opt-in to a toll-free A2P campaign by texting the word “UNSTOP” to the sender’s toll- free number. This keyword is not case sensitive and triggers opt-in only when sent as a single word.

Examples of valid re-opt-ins:

• UNSTOP including variations such as unstop, Unstop or UNStop.

5.6 Single Opt-In per Campaign

Opt-ins are not transferrable. A consumer opt-in to receive messages should not be transferable or assignable. A consumer opt-in should apply only to the campaign(s) and specific message sender for which it was intended or obtained.

5.7 Renting, Selling, or Sharing Opt-In Lists

Message senders should not use opt-in lists which have been rented, sold or shared to send messages. Message senders should create and vet their own opt-in lists.

5.8 Consumer Opt-Out

Opt-out mechanisms facilitate consumer choice to terminate messaging communications, regardless of whether consumers have consented to receive the message. Message senders should acknowledge and respect consumers’ opt-out requests consistent with the following:

• Message senders should ensure consumers have the ability to opt-out of receiving messages at any time;
• Message senders should support multiple mechanisms of opt-out, including phone call, email or  text; and
• Message senders should acknowledge and honor all consumer opt-out requests by sending one  final opt-out confirmation message per campaign to notify the consumer that they have opted- out successfully. No further messages should be sent following the confirmation message.
• Message senders should state in the message how and what words effect an opt-out. Standardized “STOP” wording should be used for opt-out instructions, however opt-out requests with normal language should also be read and acted upon by a message sender except where a specific word can result in unintentional opt-out. The validity of a consumer opt-out should not be impacted by any de minimis variances in the consumer opt-out response, such as capitalization, punctuation or any letter-case sensitivities.

Examples of valid opt-out messages:

• STOP including variations such as Stop or STop
• Quit
• Cancel
• Unsubscribe
• End
• Opt me out

5.9 High Opt-Out Rate

Message senders who receive high volumes of opt-outs could be flagged for poor sending practices. Where the daily opt-out rate is 5% or higher, the toll-free carrier or other carriers may monitor the campaign. The carrier may reach out for campaign and opt-in details and/or suspend services of high opt-out rate flagged campaigns at its discretion, not to be unreasonably exercised. “Daily opt-out rate” is the total number of subscribers who received a campaign’s SMS divided by the number of opted out subscribers who received a campaign’s SMS in a 24-hour period.

5.10 Maintaining and Updating Consumer Information

Message senders should retain and maintain all opt-in and opt-out requests in their records to ensure future messages are not attempted (in the case of an opt-out request) and consumer consent is honored to minimize unwanted messages. Message senders should process phone deactivation files regularly (e.g., daily) and remove any deactivated phone numbers from any opt-in lists.

5.11 Privacy and Security

Message senders must address both privacy and security comprehensively in the design and operation  of messaging campaigns. RUC is not responsible of liable for any security or breaches experienced  by the message sender.

5.11.1 Maintain and Conspicuously Display a Clear, Easy-to-Understand Privacy Policy

 Message senders should maintain and conspicuously display a privacy policy easily accessed by the consumer (e.g., through clearly labeled links) that clearly describes how the message sender may collect, use, and share information from consumers. All applicable privacy policies should be referenced in and accessible from the initial call-to-action. Message senders also should ensure that their privacy policy is consistent with applicable privacy law and their treatment of information is consistent with their privacy policy.

5.11.2 Implement Reasonable Physical, Administrative, and Technical Security Controls to Protect and Secure Consumer Information

Message senders should implement reasonable security measures for messaging campaigns that include technical, physical, and administrative safeguards. Such safeguards should protect consumer information from unauthorized access, use, and disclosure. Message senders should  conduct regular testing and monitoring to ensure such controls are functioning as intended.

3. Conduct Regular Security Audits

Message senders should conduct either a comprehensive self-assessment or third-party risk assessment of privacy and security procedures for messaging campaigns on a regular basis and take appropriate action to address any reasonably foreseeable vulnerabilities or risks.

11. Content

5.12.1 Prevention of Unlawful Activities or Deceptive, Fraudulent, Unwanted or Illicit Content

Message senders should use reasonable efforts to prevent and combat unwanted or unlawful messaging traffic, including spam and unlawful spoofing. Specifically, message senders should take affirmative steps and employ tools to monitor and prevent unwanted messages and content, including for example content that: (1) is unlawful, harmful, abusive, malicious, misleading, harassing, excessively violent, obscene/illicit, or defamatory; (2) deceives or intends to deceive (e.g., phishing messages intended to access private or confidential information); (3) invades privacy; (4) causes safety concerns; (5) incites harm, discrimination, or violence; (6) is intended to intimidate; (7) includes malware; (8) threatens consumers; or (9) does not meet age-gating requirements. Message senders can also review the common short code handbook for further examples of unwanted message content. Further, message senders should take steps to ensure marketing content is not misleading and  complies with the Federal Trade Commission’s (FTC) Truth-In-Advertising rules.

5.12.2 Embedded Website Links

Message senders should ensure links to websites embedded within a message do not conceal or obscure the message sender’s identity and are not intended to cause harm or deceive consumers. Where a web address (i.e., Uniform Resource Locator (URL)) shortener is used, message senders should use a shortener with a web address and IP address(es) dedicated to the exclusive use of the message sender. Web addresses contained in messages as well as any websites to which they redirect should unambiguously identify the website owner (i.e., a person or legally registered business entity) and include contact information, such as a postal mailing address.

5.12.3 Embedded Phone Numbers

Messages should not contain phone numbers that are assigned to or forward to unpublished phone numbers, unless the owner (i.e., a person or legally registered business entity) of such phone numbers is unambiguously indicated in the text message.

5.13 Text-Enabling a Phone Number for Non-Consumer (A2P) Messaging

An authentication and validation process should be used to verify the message senders’ authority to enable non-consumer (A2P) messaging for a specific phone number. Message senders should only enable non-consumer (A2P) messaging with a phone number that the message sender has been assigned by a provider of telecommunications or interconnected Voice over Internet Protocol (VoIP) services.

5.13.1 Toll-Free Campaign Registration

For high volume and important toll-free campaigns, RUC recommends registration with the toll-free provider before sending traffic. The information below is required for campaign review. The review time is generally 4–5 business days. Submit all use case information to support@cloudmessage.io.

5.13.1.1 Use Case Information

• 8XX toll-free Number
• Use Case Summary
• Opt-In Process
• Message Examples
• Terms URL
• Privacy Policy

5.14 Political Messaging

Political campaigns should abide by the M3AAWG Mobile Messaging Best Practices for Political Programs Best Practices.

5.14.1 T-Mobile Political Messaging

To run 10DLC messaging campaigns on the T-Mobile network, a special registration and third-party verification check is required (Campaign Verify). This is required to ensure the authenticity of the political entity. Political candidates are required to send extended information that includes the following requirements:

• Campaign must be on a dedicated application address.
• 10DLC only: Vetting must be confirmed through Campaign Verify (www.campaignverify.org).
• Campaign Verify Token.
• FEC Committee ID.
• Politician/Organization Name.
• Politician/Organization Website.

5.15 A2P Toll-Free Messaging in Canada

The Canadian market is continuing to evolve with regards to texting over A2P routes. Please reference our entire Best Practices for adherence on Canadian networks. Additionally, we have  included the rules below, which should be followed.

5.15.1 Opt-Out

Opt-out must be below 1%

5.15.2 Stop Language

Campaigns must send stop language on the first and 5^th message or once a month for continued customer awareness. However, sending it on every message is recommended.

5.15.3 Single Number Sending

If a single number gets blocked with the Canadian carriers, do not move traffic to another number.

5.15.4 Brand Identity

Messages should always identify who the sender of the message is.

5.15.5 Message Frequency

The number of messages sent to a subscriber should not exceed 10 in a month. If there is an expectation that the subscriber will receive multiple messages, state so during  the opt-in process.

5.15.6 Customer Support Keywords

Campaigns should support HELP, INFO and STOP as well as all French translations and send a bounce back in the corresponding language of the keyword.

5.15.7 False Positives

RUC monitors on behalf of customers, but we encourage any issues to be reported to support@cloudmessage.io

5.15.8 Data Rates May Apply Verbiage

When a customer receives a message termination (MT) with a link to a website, messages must also state that “Data rates may apply.”

6.0 Resources

The following industry resources may be helpful as a message sender starts to craft messaging content. Messages should follow guidance from these resources, otherwise messages may be blocked.

• CTIA Messaging Principles and Best Practices 
• FTC Truth in Advertising
• MMA Best Practices 
• M3AAWG Best Practices
• M3AAWG Mobile Messaging Best Practices for Political Programs
• Telephone Consumer Protection Act (TCPA) Omnibus Declaratory Ruling (FCC 15-72)

                Page  of

                V1.0