Most people who buy a scrub treat it like a light switch: on for everything, or off for everything. That's the wrong mental model. A scrub is insurance, and insurance is priced against the risk of the thing you're insuring. A number that came off your own web form carries almost none of that risk. A number that came off a purchased list carries a lot. Paying the same attention — or the same budget — to both is how you either overspend on clean lists or under-protect the ones that can actually get you sued.

Full disclosure: I work for ReadySMS, and we sell a standalone litigator + DNC scrub at $0.005 per contact. That number matters for the math below, so I'm putting it up front. But the framing here — that scrub spend should track hit rate by source — is true no matter whose scrub you use.

Why "flag rate" isn't a single number

The share of a list that trips a litigator or DNC-complainer flag depends almost entirely on where the numbers came from. A known TCPA litigator isn't randomly distributed across the population. These are people — and a handful of law firms behind them — who deliberately seed themselves onto lists that get bought, traded, and blasted. The more hands a list has passed through, the more of them it collects.

So the useful question isn't "what's the litigator flag rate?" It's "what's the flag rate for this list, from this source?" Those are wildly different answers.

Quick reminder on what a scrub actually catches, because people conflate two things: the DNC registry and the known-litigator database are not the same list, and a number can pass the first and still sue you. If that distinction is fuzzy, we wrote a whole post on it. A good scrub checks both.

Realistic hit rates by list origin

These are approximate ranges, framed as such — nobody publishes exact figures, and they drift over time. But the relative magnitudes hold up across the real estate, insurance, and lead-buying operations I've watched run scrubs.

List sourceApprox. combined litigator + DNC-complainer flag rateWhy
Your own opt-in web form / keyword~0.1–0.5%Self-selected, recent, single-origin. Litigators don't opt into your form.
CRM records with prior business relationship~0.3–1%Clean-ish, but ages and gets stale over time.
Skip-traced (property records, appended cell)~1–3%Numbers appended from third-party data; some contamination.
Purchased / rented marketing lists~2–5%+Multi-hop provenance. Seeded litigator numbers accumulate here.

The headline holds: a purchased list will commonly flag on the order of five to ten times the rate of your own opt-in list. Not because the seller is malicious — because that's the structural nature of a list that's been sold more than once.

A caveat worth stating plainly: none of these sources except your own opt-in gives you a compliant path to cold-text under 10DLC anyway. Buying a clean bill of health from a scrub on a purchased list doesn't manufacture consent. If you're in real estate wholesaling and thinking about texting property owners, read why cold-texting has no compliant SMS path before you spend a dollar on scrubbing. Scrubbing is one layer of risk reduction, not permission.

The budget math, per source

Here's where the flat-policy problem shows up in dollars. Say you're scrubbing at $0.005/contact. The cost of the scrub is fixed per number. What changes by source is the value you're getting for it — the number of live litigator/DNC hits you suppress before send.

Opt-in list, 10,000 contacts:

  • Scrub cost: 10,000 × $0.005 = $50
  • Expected hits caught (~0.3%): ~30 numbers
  • Cost per suppressed hit: ~$1.67

Purchased list, 10,000 contacts:

  • Scrub cost: 10,000 × $0.005 = $50
  • Expected hits caught (~4%): ~400 numbers
  • Cost per suppressed hit: ~$0.13

Same $50. The purchased list gives you roughly 13x more protection per dollar — because there was that much more risk sitting in it. Now weigh that against the downside it prevents. TCPA statutory damages run $500 to $1,500 per text. Suppress 400 litigator-adjacent numbers on the purchased list and, if even a handful of those were live plaintiffs, the $50 scrub paid for itself several hundred times over.

That's the actual argument for scrubbing purchased and skip-traced lists hard: not that the scrub is expensive, but that the exposure behind each flagged number dwarfs it.

So should you skip the scrub on opt-in lists?

Tempting, but no — and here's the honest tradeoff. The opt-in list flags at 0.1–0.5%, which sounds negligible. On 10,000 contacts that's still 10–50 numbers, and a single one of them being a live litigator is a $500–$1,500 problem. At $50 to scrub the whole list, the math still favors scrubbing.

What actually changes for opt-in lists isn't whether you scrub — it's how often. A fresh opt-in list barely needs it on day one. An opt-in list that's been sitting for a year is a different animal, because numbers get reassigned and the people who now hold them didn't opt into anything. A 12-month-old list is roughly 30% reassigned or disconnected numbers, and reassigned numbers are exactly how "clean" lists sprout new complainers.

Build a scrub policy by tier, not one rule for everyone

Here's the practical structure I'd run:

  1. Opt-in / first-party, fresh (< 90 days): Scrub once before first send. Low expected yield, but cheap insurance and it establishes your audit trail.
  2. Opt-in / first-party, aging: Re-scrub on a cadence — every send if you're texting monthly, or every 30 days minimum. Reassignment is the driver here, and a one-time cleanse expires. We laid out the re-scrub cadence logic separately.
  3. Skip-traced / appended: Always scrub, every batch. Higher contamination, and provenance you don't control.
  4. Purchased / rented: Scrub aggressively — and seriously reconsider whether you have consent to send at all. The scrub protects you from the litigators; it does nothing about the missing opt-in.

Notice the budget isn't flat. On a first-party list you might spend $50 quarterly. On a rotating book of skip-traced lists you might spend that every batch. The spend tracks the risk, which is the whole point.

Where scrubbing sits in the bigger picture

A scrub is one control, not a compliance program. It reduces the odds that a known plaintiff receives your message. It does not create consent, it does not set your send times, and it does not expire-proof your list. Think of it as the third layer alongside consent capture and quiet-hours enforcement — the three-layer model is here if you want the full stack.

In ReadySMS specifically, the scrub runs at $0.005/contact and auto-suppresses matches before send, so you're not manually pulling flagged numbers out of a blast. It pairs with quiet-hours holds and consent attestation on bulk sends, which together form the "did we do the reasonable thing" record you want if a claim ever lands. None of that makes you lawsuit-proof — compliance is ultimately the sender's responsibility — but it's the difference between a defensible operation and a careless one.

The takeaway

Scrub spend should be a function of list provenance, not a checkbox you flip once. Your own opt-in list flags at a fraction of a percent and only needs a periodic re-scrub as it ages. A purchased or skip-traced list flags several times higher, so scrubbing it delivers far more protection per dollar — and even then, the scrub doesn't fix the deeper problem of whether you had consent to send in the first place.

If you want to price it against your own lists, the scrub sits on our pricing page at $0.005/contact, and you can run a batch on your riskiest list before your next send to see what actually comes back. That flag rate will tell you more about your list quality than any vendor claim.