The SMS playbook from the operator's seat

Email lives in a tab the user opens when they're ready. SMS lives on the lock screen, next to messages from their mum. That asymmetry is the whole story. The user opens almost every text — which is the appeal — but they also notice every text, which is the risk. One wrong message at the wrong time and they don't just ignore the next one. They opt out, and the channel is gone.

Every SMS program starts with opt-in architecture — the way you collect and prove a user said yes to receiving texts. Email gets away with softer consent (a checkbox at signup, an account creation flow). SMS doesn't. In the US the TCPA — the Telephone Consumer Protection Act, the federal law governing marketing texts and calls — requires express written consent before a single promotional message goes out. The UK's PECR (Privacy and Electronic Communications Regulations) and Canada's CASL (Canada's Anti-Spam Legislation) sit at similar bars. "Written" means a checkbox the user actively ticked, or a keyword they texted to a short code. It does not mean consent buried inside a terms-of-service document nobody reads.

What that buys you, operationally: every marketing SMS must include an opt-out — "Reply STOP to unsubscribe" is the standard line — and every opt-out must be honoured fast. 10 business days under the TCPA. Faster under most EU frameworks. Suppression has to apply across every channel and every campaign, not just the one the user STOP'd out of.

The bit most programs quietly get wrong: proof of consent. When a regulator gets a complaint and asks you to produce the moment a user opted in, they want the timestamp, the IP address, the form they submitted, and the exact text they agreed to. Most programs can't produce this because the form submission was never persisted anywhere. "We assume we got consent" is not an answer. It's the start of a fine — $500 to $1,500 per message under the TCPA, which compounds fast on a list of any size.

Every SMS is broken into segments — chunks of up to 160 characters, the longest a single text can be without splitting. Go over and your message ships as multi-part SMS: technically one bubble in the user's thread, but billed as multiple sends, and carriers treat longer chains as higher-risk content (more likely to be filtered or rate-limited).

Treat the limit as a free copy editor. Every word that doesn't earn its place gets cut by the medium itself. "Hi {{first_name}}" eats 20 characters for zero new information — they know their name. Preamble ("We hope you're having a great day") is worse. The operators who write SMS first and translate up to email produce sharper email copy than the ones who go the other direction. The medium teaches you discipline.

Three rules that fall out of the limit:

Lead with the value in the first ten characters. Most SMS clients show only the first line in the lock-screen preview, so anything that isn't doing work there is wasted. "Your order is" reads as transactional and important. "Hey there!" reads as ignorable.

One CTA URL, shortened. Short links eat less character budget and ping-track more cleanly — meaning the click data comes back tagged to the right send. Two links in one SMS dilutes the action.

If it can't work at 120 characters, it probably shouldn't be an SMS. The remaining 40 characters of the segment go to the link and the "STOP to opt out" compliance line. If the message itself needs more, the channel is wrong.

Email has implicit tolerance SMS doesn't share. Two emails in a day is annoying. Two SMS in a day is a reason to opt out. Three emails in a week is fine. Three SMS in a week is aggressive. The gap is smaller because the attention cost is higher — an email waits in an inbox the user chooses to open, a text interrupts whatever they were doing.

The frequency rules that work:

Cap marketing SMS at two per week per user. Hard cap of one per day including transactional sends (order confirmations, delivery updates). Anything more and complaint rates climb fast.

Exceptions for genuinely time-sensitive events — a flash sale closing tonight, an order issue the user needs to act on — must be explicit and rare. "Exception" behaviour that happens more than once a month isn't an exception any more. It's the baseline, and users will calibrate their complaint threshold against it. The cadence guide covers multi-channel frequency governance — the discipline of treating email, SMS and push as one combined budget rather than three independent ones.

Honour engagement signals aggressively. A user who hasn't clicked an SMS link in 60 days gets suppressed from marketing SMS — muted, not unsubscribed. The difference matters: suppressed users come back when a strong signal arrives (a purchase, a high-intent action), unsubscribed users are gone for good. Suppression keeps the engaged-subscriber file small, clean, and deliverable.

SMS is genuinely the right channel for: time-sensitive transactional confirmations, two-factor authentication codes, delivery notifications, appointment reminders, abandoned-cart nudges where the basket is large enough to justify the per-message cost, and urgent service alerts. Each of these earns the interruption — the value to the user is immediate and obvious.

SMS is the wrong channel for: generic marketing promotions that would work equally well in email, newsletter content, product announcements without urgency, and anything that needs more than 160 characters to say. Using SMS for email-style content doesn't get you better engagement — it gets you opt-outs from users who opted in expecting something different and feel they've been bait-and-switched.

The litmus test: would you wake someone up at 11pm to deliver this? If no, it doesn't belong in SMS, because the channel always carries some probability of doing exactly that — even with timezone discipline, edge cases happen.

Most US states restrict marketing SMS to 8am–9pm in the recipient's local time. The UK's PECR treats outside-hours SMS as per-se unreasonable — meaning regulators don't need to weigh context, the timing alone is the violation. These are hard rules. A single send that lands at 11pm local will generate complaints, and if it becomes a pattern, regulators notice.

The bug that ships every program at least once: scheduling in the sender's timezone instead of the recipient's. A send fires at 9am Pacific, hits New York at noon (fine), and lands in Sydney at 3am local (disaster). The fix is timezone-aware scheduling — your ESP or marketing platform stores each user's timezone on their profile and sends at 9am their time, not yours. Every test plan needs at least one profile in a distant timezone to catch this before production. The team that doesn't test timezone behaviour finds out about it from a regulator.

Best-practice opt-outs suppress across channels, not just the one the user opted out of. Channel-specific suppressions are legally defensible in most jurisdictions, but they create a worse user experience and higher long-term complaint rates. The user who STOP'd out of SMS because they're annoyed with you doesn't want the consolation prize of an extra email the next morning. They want quiet. Give it.

The Orbit SMS Playbook skill covers the full compliance and operational architecture, including the timezone scheduling patterns that actually work in Braze and the suppression logic that keeps engagement clean.