TCR Rejection Code Fix Directory
Comprehensive remediation guide for all 179 10DLC campaign rejection codes with step-by-step fixes and compliance tools.
The TCR (The Campaign Registry) system governs every 10DLC A2P SMS campaign sent over U.S. carrier networks. When your campaign registration is rejected, the platform returns a numeric error code that maps to a specific compliance gap — a missing privacy policy link, a non-conformant opt-in mechanism, a prohibited content category, or a mismatch between your declared use case and your sample messages.
This directory covers all 179 documented rejection codes across eight compliance categories. Each entry links to a dedicated fix guide. Structured remediation reduces average time-to-resubmission from days to hours and eliminates compounding $40 resubmission fees on preventable failures.
Understanding TCR Rejection Codes
TCR rejection codes are issued by Direct Connect Aggregators (DCAs) — primarily Twilio, Sinch, Syniverse, and iconectiv — during the vetting phase of campaign registration. A rejection does not mean your campaign is permanently blocked. It means one or more compliance criteria were not satisfied at submission time. Every rejection code corresponds to a specific CTIA guideline, carrier policy, or TCR platform rule that must be addressed before resubmission.
Codes are grouped into eight categories: Twilio-Specific (30800-series), Standard Vetting (500–800 series), Prohibited Content / SHAFT (700 and 7000-series), Brand & Website (1000-series), Call-to-Action (2100–4100 range), Message Flow (5000–6100 range), Privacy Policy (7100-series), and Use Case (8000–9000 series).
Critical-severity codes indicate violations that will result in carrier-level blocking and require immediate structural remediation. High-severity codes require specific field corrections before resubmission. Medium and Low codes are typically correctable with minor copy or configuration changes.
Standard TCR Error Remediation Workflow
TCR error remediation follows a defined operational sequence. Resubmitting before structural fixes are verified results in additional fees and queue delays. This workflow reflects carrier compliance documentation and CTIA guidelines.
Stop all in-progress registration attempts on the same brand. Multiple simultaneous failures on one EIN trigger escalated manual review or temporary suspension from the vetting queue.
Retrieve the complete rejection code list from your CSP dashboard or TCR portal. A single campaign can carry multiple codes. Address every code — DCAs do not accept partial fixes and do not credit prior remediation attempts.
Use this directory to identify the structural gap behind each code. Many codes share a common root — a non-compliant opt-in form may generate codes 2113 through 2118 simultaneously. Fix the form once; all six codes resolve.
Update consent mechanisms, privacy policies, sample messages, and brand registration fields. Changes must be live and publicly accessible over HTTPS before resubmission — DCAs perform real-time URL verification during vetting.
Run corrected campaign data through a compliance validator to confirm all required fields are present, all URLs are accessible, and sample messages align with your declared use case. Validation eliminates the $40 fee on preventable failures.
Submit the corrected campaign and monitor DCA review status. Standard review averages 24–48 hours for clean submissions. Code 808 is a lockout condition that cannot be cleared through normal resubmission — it requires CSP escalation.
Code 808 — Excessive Rejection Limit Reached: Contact your CSP compliance team with documentation of all remediation actions. The CSP initiates manual review escalation with the DCA. Ensure every other code is fully resolved before that call — a manual review surfacing additional violations restarts the lockout clock.
Category Reference: What Each Group Covers
Call-to-Action (CTA) Codes — 67 Violations
CTA codes are the largest single rejection category. They govern how consent is collected from subscribers prior to receiving messages. The CTIA requires that every opt-in mechanism — web form, paper form, verbal consent, keyword opt-in, or QR code — include a specific set of disclosures at the point of consent. Missing a single element generates a distinct rejection code. Common roots: web forms that link to privacy policies without placing STOP/HELP instructions adjacent to the submit button; verbal scripts referencing messaging without disclosing frequency; and online forms omitting "Message and data rates may apply."
The 3000-series codes (3001A through 3012A) are issued when the submitted CTA URL is audited by the DCA and found non-compliant. These are deterministic fixes — typically updating one web page resolves the entire cluster.
Prohibited Content / SHAFT Violations — 23 Codes
SHAFT stands for Sex, Hate, Alcohol, Firearms, and Tobacco. Cannabis and CBD are treated as a sixth prohibited category under most carrier policies. Gambling, high-risk financial products, and illegal firearms complete the taxonomy. All are Critical-severity.
Many SHAFT-adjacent categories are not outright prohibited but require specific brand attributes enabled at the TCR level. Alcohol, tobacco, vaping, firearms, and gambling campaigns may be registerable by qualifying businesses — but require age-gate verification on the brand website and an explicit attribute declaration during brand registration. Codes 706, 707, 702, and 704 frequently fire against legitimate businesses because the age-gate attribute was not set during initial brand setup.
Message Flow Codes — 24 Violations
Message flow codes govern the content of the opt-in confirmation message, the HELP response, the STOP confirmation, and the sample campaign messages submitted during registration. CTIA Messaging Principles require that the opt-in confirmation include the brand name, message frequency disclosure, fee disclosure, and HELP/STOP instructions. Each missing element is a separate code in the 5000–6000 range.
Code 6101 (Duplicate Campaigns / Snowshoeing Detected) targets the practice of distributing messaging volume across near-identical campaigns to evade carrier filtering. Carriers treat this as a policy violation regardless of content. If you have multiple campaigns with similar descriptions and sample messages on one brand, consolidate before resubmitting.
Privacy Policy Codes — 7 Core Violations
10DLC privacy policy compliance extends beyond having a policy page. Carrier requirements mandate: the policy URL is live over HTTPS, the policy explicitly states consumer phone numbers will not be shared with third parties for their own marketing, the policy is linked directly from the opt-in consent point (not just from the site footer), and verbal consent flows include an audible or readable disclosure of data handling practices.
Code 7103 (Privacy Policy Allows Sharing) is the most common surprise for organizations using standard boilerplate. GDPR and CCPA templates frequently include permissive language about sharing data with "trusted partners" or "marketing affiliates." That language triggers this rejection. The policy must contain an affirmative statement prohibiting the sale or sharing of subscriber phone numbers for third-party marketing purposes. The GDPR disclosures can remain — you are adding a carrier-specific restriction, not replacing existing policy.
Standard Vetting Codes — 19 Violations
Standard vetting codes (500–800 range) represent general campaign registration quality failures across all DCAs: use case mismatches, brand-to-website inconsistencies, missing keyword responses, and sole proprietor eligibility issues. Code 601 (Attributes Mismatch) is one of the highest-frequency standard vetting rejections — it fires when the attributes declared during brand registration do not match what the DCA's automated review finds in the submitted website and sample messages. Align declared attributes precisely to what appears in your samples and on your website before every registration attempt.
Frequently Asked Questions
What is the difference between a TCR rejection and a carrier block?
Why am I receiving multiple rejection codes for a single campaign?
Do Twilio-specific codes (30880-series) apply to other CSPs?
What does "direct lending attribute" mean and why does it keep triggering rejections?
How do I handle code 808 — Excessive Rejection Limit Reached?
Can a sole proprietor register a 10DLC campaign?
Why does privacy policy code 7103 fire on a standard GDPR-compliant policy?
Required Elements: Cross-Category Compliance Reference
The following elements appear across multiple rejection code categories. Correctly implementing all seven eliminates the majority of CTA, message flow, and privacy policy violations before they occur. Each row maps the element to every code that fires when it is absent.
| Required Element | Where Required | Codes If Missing | Severity |
|---|---|---|---|
| Brand Name | Opt-in form, confirmation message, HELP reply, STOP reply, sample messages | 2113, 2133, 5104, 6001, 6007, 6010, 6012, 8101 | High |
| STOP Instructions | Opt-in form, verbal script, opt-in instructions, confirmation message | 2112, 2118, 2138, 3004A, 5101, 5108, 6003 | Critical / High |
| HELP Instructions | Opt-in form, verbal script, opt-in instructions, confirmation message | 2117, 2119, 2137, 3003A, 5103, 5107, 6002 | Critical / High |
| Frequency Disclosure | Opt-in form, verbal script, opt-in instructions, confirmation message | 2110, 2115, 2135, 3005A, 5105, 6004 | High |
| Fee Disclosure | "Msg & data rates may apply" — form, verbal script, instructions, confirmation | 2111, 2116, 2136, 3006A, 5106, 6005 | High |
| Privacy Policy Link | Adjacent to opt-in consent element, CTA URL page, campaign registration fields | 2121, 3008A, 7100, 7101, 7102, 805, 809, 851 | Critical |
| Non-sharing Statement | Privacy policy document — affirmative prohibition on phone number sharing for third-party marketing | 7103 | Critical |