What keywords opt a recipient out of SMS?

Under TCPA and CTIA guidelines, SMS platforms must recognize STOP, UNSUBSCRIBE, END, QUIT, CANCEL, STOPALL, REVOKE, and OPTOUT as opt-out keywords. The keyword is case-insensitive and must be honored even if the recipient includes additional text.

Am I required to send a confirmation after opt-out?

Yes. CTIA short code handbook and carrier requirements mandate a single confirmation message after opt-out: 'You have unsubscribed from [Brand]. No more messages will be sent. Reply HELP for help.' This is the one message you can send to an opt-out contact.

How quickly must I honor an opt-out?

Immediately — within seconds of receiving the opt-out keyword. TCPA case law interprets 'reasonable' as instantaneous given modern systems. Any scheduled message that was queued before the opt-out must be cancelled before sending.

Can an opt-out contact ever receive messages again?

Only if they explicitly re-opt-in through a new, standalone consent action (a new checkbox, a new keyword like JOIN). You cannot assume re-consent from any other interaction, and you cannot contact them to ask if they want to re-subscribe.

What happens if I text someone after they've opted out?

Each post-opt-out message is a TCPA violation with statutory damages of $500-$1,500 per text. Class-action plaintiffs routinely collect evidence by opting out then documenting subsequent texts. A single missed opt-out in a campaign of 10,000 can cost $500-$1,500. A class of 1,000 affected recipients can cost $500k-$1.5M.

How to Handle SMS Opt-Outs: STOP Keywords, Rules & Mistakes

One missed opt-out is the cheapest way to turn an SMS marketing program into a seven-figure legal problem. Of the TCPA class-action lawsuits that actually succeed, the majority are not about consent at all — they’re about a recipient who texted STOP and received another marketing message days or weeks later. $500 per text, tripled to $1,500 for willful violations, multiplied by the size of the class.

This guide covers exactly how opt-outs work under TCPA and CTIA rules, the exact keywords your platform must recognize, what auto-responses are required, and the single failure mode that causes most lawsuits.

The Keywords You Must Recognize

The CTIA Short Code Monitoring Handbook and TCPA case law together establish a standard list of opt-out keywords that every SMS platform must honor, regardless of which number type you send from (short code, 10DLC, or toll-free):

STOP
UNSUBSCRIBE
END
QUIT
CANCEL
STOPALL
REVOKE
OPTOUT

These are recognized case-insensitively. “stop,” “Stop,” and “STOP” all count. They’re also recognized with punctuation, spaces, and additional text. “Please STOP sending me these.” counts. “stop!” counts. “Stop, I don’t want these anymore” counts.

The “reasonable person” standard. TCPA case law consistently rules that if a reasonable person reading the reply would interpret it as an opt-out, you must honor it. “Leave me alone,” “Don’t text me again,” and “Remove” have all been held valid in court even though they’re not on the standard keyword list.

The Required Auto-Response

When a recipient sends a valid opt-out keyword, you are required by CTIA and carrier guidelines to send one — and only one — confirmation message. The confirmation must:

Acknowledge the opt-out clearly.
Identify your brand.
Confirm that no further marketing messages will be sent.
Offer HELP as an opt-in-recovery mechanism (optional but common).

Compliant opt-out confirmation example:
“You have unsubscribed from [Brand]. You will receive no more messages. Reply HELP for help.”

This is the only message you may send to an opt-out contact. Sending anything else — even “Are you sure you want to unsubscribe?” — is itself a TCPA violation.

Speed Requirements: Within Seconds, Not Days

TCPA originally specified opt-outs must be honored within “30 days,” but the FCC ruling in 2024 modernized this: systems must now honor opt-outs immediately. The 30-day window was a concession to manual back-office processes from the 1990s; modern platforms have no excuse for delay.

Your system must:

Detect the opt-out keyword in the inbound message.
Immediately add the sending number to the suppression list.
Cancel any queued or scheduled messages to that number.
Prevent future messages from any campaign, drip, or broadcast.
Send the single confirmation response.

All within the same second the inbound message is received. Any delay exposes you to violation if another message fires in the interim.

The Scope of an Opt-Out

A common misunderstanding: opting out of marketing messages from “[Brand A]” does not opt the recipient out of transactional messages, does not opt them out of marketing from other brands you operate, and does not opt them out of communications from other phone numbers.

Brand-Specific

An opt-out applies to the specific brand/sender the recipient subscribed to. If your company operates two distinct brands (“Acme” and “Acme Pro”) with separate 10DLC campaigns and separate opt-ins, an opt-out from Acme does not automatically opt the recipient out of Acme Pro. That said, best practice is to respect cross-brand opt-outs when the brands are clearly linked — it’s the right thing to do and it avoids a court having to decide later.

Campaign-Specific vs All Marketing

If your brand has multiple campaigns (e.g., “order updates,” “promotions,” “loyalty rewards”), the recipient may opt out of one without opting out of others. The keyword STOP typically applies to all marketing from your brand; more specific keywords like STOP PROMOTIONS can be used to scope more narrowly — but only if you’ve explicitly offered that option.

Transactional Messages Continue

Marketing opt-outs do not automatically suppress transactional messages (order confirmations, shipping updates, account alerts, 2FA codes). Transactional messages operate under a different TCPA consent standard and are legal as long as the original transactional consent is intact. Don’t send marketing to opt-outs; do still send operational messages if needed.

The Single Mistake That Causes Most Lawsuits

Cross-platform sync failure.

A typical enterprise SMS stack has multiple senders: a campaign platform, a customer service tool, an appointment reminder system, a cart abandonment automation, and a transactional microservice. Each of these has its own contact list and its own message pipeline. When a recipient texts STOP, it needs to propagate to all of these systems within seconds.

The typical failure: STOP propagates to the campaign platform (the system that received the reply), but not to the drip automation that was also targeting that number. Two days later, the drip fires. The recipient receives an unsolicited text after opting out. Lawyer’s field day.

The fix: Use a single platform for all outbound SMS, or ensure every sending system subscribes to a centralized opt-out webhook that updates every downstream tool within seconds. Anything less is a ticking lawsuit.

Re-Opt-In: When Can Someone Come Back?

Once a recipient opts out, you cannot contact them — period — unless they explicitly re-opt-in through a new standalone action:

Filling out a new web form with an SMS checkbox.
Sending a new opt-in keyword (e.g., “START” or “RESUBSCRIBE”) to your number.
Signing up again through checkout or a loyalty enrollment.

You cannot text them to ask if they want to re-subscribe. You cannot email them to ask for re-consent (TCPA consent is medium-specific). You cannot add them back from a purchased list. The only way they come back is if they come to you voluntarily and re-opt in.

This seems harsh — some opt-outs are situational (“I’m traveling,” “too many messages this week”) — but the strictness is intentional. The legal system trades long-term recovery for clear consent boundaries.

Documentation: Prove the Opt-Out Was Honored

When someone sues, the burden of proof is on you to show:

The exact date and time of the opt-out.
The keyword or language used in the opt-out message.
The time the opt-out was propagated to your suppression list.
The confirmation message sent in response.
All subsequent messages to that number (to prove they were all transactional, not marketing).

Retain these records for at least four years — the TCPA statute of limitations. Your platform should store this data automatically and make it retrievable on demand.

HELP: The Other Required Keyword

In addition to opt-out keywords, you must recognize and respond to HELP. When a recipient sends HELP, your platform must auto-reply with:

Your brand name
What messages the recipient is subscribed to
Instructions on how to opt out
A customer service contact (URL, phone, or email)

Compliant HELP response:
“[Brand] Support: You are subscribed to promotional messages. Msg & data rates may apply. Reply STOP to cancel. Help: support@example.com”

HELP responses do not count as marketing messages — sending one to an opt-out contact in response to HELP is permitted, because they initiated it.

Special Case: The Replying-from-Wrong-Number Problem

What if someone texts STOP from a number that was never subscribed? You must still honor it (you can’t prove they aren’t the owner of the subscribed number), and your platform should also check: is this number on our active subscriber list? If yes, suppress it. If no, still add it to your opt-out list as a safety measure, because:

Phone numbers get recycled. The person who has the number now may not be the person who originally opted in.
A STOP from any number reduces legal risk regardless of whether it matches a known subscriber.

How ReadySMS Handles Opt-Outs Automatically

ReadySMS processes opt-outs in real time across every campaign, drip, and broadcast. The platform:

Detects all standard opt-out keywords (and fuzzy matches common variants like “remove me”).
Adds the number to a centralized suppression list within milliseconds.
Cancels queued messages to that number across every active campaign.
Sends the required confirmation response automatically.
Retains complete audit logs for four years — the TCPA statute of limitations.

If you run SMS through multiple tools (say, ReadySMS plus a separate appointment reminder system), you can wire the opt-out webhook to suppress contacts across all of them. Our GoHighLevel, HubSpot, and Zapier integrations sync suppression lists in both directions so a STOP on one side updates everything.

The Bottom Line

Opt-out handling is the highest-risk, lowest-effort compliance task in SMS marketing. The rules are straightforward: honor every keyword immediately, send one confirmation, never message that number again (unless they re-opt in), and document everything. The brands that get sued are the ones where one system out of five didn’t get the memo — and that’s a solvable problem that doesn’t require a legal team, just disciplined platform choice.

For the full regulatory picture, read our TCPA compliance guide. For the consent side of the equation, read our SMS list-building guide.

How to Handle SMS Opt-Outs: STOP Keywords, Rules & Mistakes to Avoid