Someone checks out. They tick the box (or you auto-enroll them) to get a text when their order ships. Three weeks later you fire a 20%-off flash sale to that same number. Feels harmless — they bought from you, right?
That send is a marketing message going out under transactional consent. The consent they gave — "text me about my order" — does not cover "text me about your sales." Different intent, different legal footing, and increasingly different treatment at the carrier level. This is one of the most common ways ecommerce stores quietly rack up TCPA exposure and campaign-registration mismatches without noticing, because nothing breaks immediately.
Full disclosure: I work for ReadySMS, so I have a horse in this race. But this problem is real regardless of who you send with, and the fix is the same everywhere.
Why transactional consent doesn't stretch to marketing
The line the FTC and the TCPA care about is purpose. A transactional message facilitates a transaction the customer already initiated — order confirmations, shipping updates, delivery notifications. A marketing message tries to start a new one — a sale, a new-product drop, a "we miss you" win-back.
Consent for one is not consent for the other. When a customer agrees to shipping texts, the reasonable expectation they're forming is "this store will text me about this order." Sending them a promo stretches past what they agreed to. That's the gap.
It shows up in two places:
- Legally. Unsolicited marketing texts carry statutory TCPA exposure in the $500–$1,500-per-message range. One promo blast to 3,000 transactional-only numbers is a lot of surface area if even a fraction complain.
- At the carrier level. 10DLC campaigns are registered by use case. If your transactional campaign starts pushing promotional content, that's a use-case mismatch, and carriers filter on it. We wrote about exactly this failure mode in registering the wrong campaign type — delivery drops silently, and you don't get a bounce telling you why.
The upgrade: convert inside the flow you already have
The good news is that the shipping notification is a high-trust moment. The customer just bought from you, the message is genuinely useful, and they're going to open it. That's the exact place to ask for the marketing opt-in — you don't need a separate campaign to chase them later.
The mechanic is a keyword reply. Your transactional message includes a clear, separate marketing invitation, and the customer texts back a keyword to opt in. That reply is the affirmative action that creates a new, marketing-specific consent record.
A worked version:
Order shipped! Your Aeropress is out for delivery, arriving Thu. Track: [branded-link]
>
Want early access to drops + subscriber-only deals? Reply DEALS to join. Msg&data rates may apply, ~4 msgs/mo, reply STOP to opt out.
Two things make this compliant instead of sneaky:
- The marketing ask is visibly separate from the order update. The customer isn't consenting to promos by receiving a shipping text — they're consenting by taking a distinct action (replying DEALS).
- The disclosures ride along: message frequency, "msg & data rates may apply," and STOP instructions. That's the standard set carriers and regulators expect on a marketing opt-in.
A reply keyword beats a trigger link here for a reason worth understanding — a tap on a link isn't the same as express written consent. We broke that down in why trigger links aren't consent, and it applies just as much to ecommerce as it does to GHL agencies.
The consent record this has to create
An opt-in you can't prove is an opt-in you don't have. When a customer replies DEALS, you need a durable record, not just a line in a conversation thread. At minimum:
| Field | Example value | Why it matters |
|---|---|---|
| Phone number | +1 555 018 2299 | The subject of consent |
| Consent type | Marketing (not transactional) | The whole point — keeps the two scopes distinct |
| Opt-in method | Keyword reply "DEALS" | Shows affirmative action |
| Timestamp | 2026-01-14 15:22 EST | When consent was given |
| The exact message shown | "Want early access… reply DEALS…" | Proves what they agreed to |
| Campaign / use case | Ecomm Marketing (10DLC) | Ties it to the right registered campaign |
ReadySMS records opt-in attestation for bulk and API sends and builds that audit trail automatically, so the keyword reply lands as a marketing consent event you can pull later rather than something you have to reconstruct from screenshots. Combine that with automatic STOP handling — when someone opts out, the suppression propagates so they can't be messaged again across campaigns — and you've got both halves of the consent lifecycle logged.
The reason this record matters isn't paperwork for its own sake. If a complaint ever surfaces, "here is the timestamp, the exact copy, and the reply that opted them in" is the difference between a resolvable dispute and an indefensible one.
Keep two campaigns, not one stretched campaign
The cleanest structure is two registered 10DLC campaigns:
- Transactional — order confirmations, shipping, delivery. Every customer who checks out lands here.
- Marketing — sales, drops, win-backs. Only numbers that replied to your opt-in keyword.
This keeps your transactional deliverability clean (it never carries promo content) and gives your marketing sends a properly consented, correctly registered home. If you're setting up registration for the first time, our ecommerce 10DLC guide walks the whole thing, and standard registration — roughly $10/mo per brand plus $20/mo per campaign — is all most stores need. Running two campaigns costs one extra campaign fee, which is trivial next to the cost of a filtered marketing list or a complaint.
The conversion math, honestly
Not everyone who gets a shipping text will reply DEALS. In practice, keyword opt-ins off a transactional message convert somewhere in the rough neighborhood of 5–15% depending on offer strength and how prominent the ask is — treat that as an approximation, not a promise. So this isn't a firehose. It's a slow, steady accretion of genuinely opted-in marketing subscribers, one order at a time.
Say you ship 2,000 orders a month and 8% reply DEALS. That's 160 new marketing subscribers monthly, 1,920 a year — a list you built with clean consent instead of borrowing against transactional consent you didn't have. And that list behaves: opted-in lists tend to see response rates in the rough 30–50% range, far above a scraped or assumed one.
The send cost is negligible against that. The keyword-invite line adds maybe 40–60 characters to a shipping text you were already sending, and inbound replies don't cost you an outbound segment. If you're on the Starter tier at $0.0155/segment plus the $0.0045 carrier pass-through, the marginal cost of the ask rounds to nothing per order.
What not to do
A few shortcuts that feel efficient and aren't:
- Auto-migrating transactional numbers into marketing because "they're customers anyway." That's the exact move that creates the liability. Purchase ≠ marketing consent.
- Pre-checking a marketing box at checkout and calling it done. Weak at best; a distinct, disclosed opt-in is far more defensible.
- Burying the STOP instruction or dropping the frequency disclosure to keep the text short. Those aren't optional decoration.
- Reusing the same campaign for both. It's the deliverability trap covered above.
If your existing list is old or partly assumed rather than confirmed, it's also worth a scrub before you lean on it — a year-old list is roughly 30% reassigned or disconnected numbers, and reassigned numbers are how "I never signed up for this" complaints happen.
The practical takeaway
Transactional consent is a real, useful thing — it just has walls. The shipping notification is the best real estate you own for asking permission to go further, because you've earned a moment of attention with a message the customer actually wanted. Put a clean, disclosed, keyword-based marketing invite in that message, log the reply as its own consent event, and keep the two 10DLC campaigns separate.
Do that and your marketing list grows the slow, boring, defensible way — which is the only way that survives a complaint or a carrier audit.
If you want to see how the opt-in tracking and STOP propagation work in practice, the ReadySMS pricing page has the tiers, and there's a cost calculator if you want to run your own order-volume numbers before committing to anything.