Compliance

TCPA Compliant Phone List Cleaning Guide

A single TCPA violation costs between $500 and $1,500 per call or text. If your phone list has 10,000 numbers and 5% are non-compliant, you are looking at $250,000 to $750,000 in potential liability. Here is how to clean your list before it becomes a lawsuit.

March 2026·11 min read

TCPA Basics: What You Need to Know

The Telephone Consumer Protection Act is a federal law that regulates telemarketing calls, auto-dialed calls, pre-recorded calls, text messages, and unsolicited fax transmissions. Enacted in 1991 and significantly strengthened through subsequent FCC rulings and court decisions, the TCPA creates strict requirements around consent, calling times, caller identification, and do-not-call compliance. Violations are enforced through both FCC action and private lawsuits, and the private litigation aspect is what makes the TCPA uniquely dangerous for businesses.

The penalty structure is what keeps compliance officers up at night. Each individual call or text message that violates the TCPA is a separate violation carrying a penalty of $500 in statutory damages. If the violation is found to be willful or knowing, the penalty triples to $1,500 per violation. These damages are per-violation, not per-lawsuit. A mass text campaign sent to 50,000 numbers with 2,000 non-compliant entries could generate $1 million to $3 million in liability from a single campaign send.

TCPA class action lawsuits have exploded in volume. Plaintiff attorneys actively monitor businesses for violations, and consumers who receive unwanted calls or texts are eager to join class actions. Settlements routinely reach millions of dollars. The only reliable defense is demonstrating that you had proper consent for every number you contacted and that your calling practices complied with all TCPA requirements.

What Makes a Phone List Non-Compliant

Understanding the specific ways a phone list can fall out of compliance is essential for building an effective cleaning workflow. Each of these issues represents a distinct category of TCPA risk.

Reassigned Numbers

Phone numbers get reassigned to new subscribers when the original owner disconnects their service. The FCC estimates that approximately 35 million phone numbers are reassigned every year in the United States. If you obtained consent from the original owner of a phone number and that number has since been reassigned, you no longer have consent to contact the current owner. Calling or texting a reassigned number is a TCPA violation, even though you had valid consent at the time of collection. The FCC's Reassigned Numbers Database, launched in 2021, provides a mechanism to check for reassignments, but many businesses still fail to use it.

Landlines Contacted via Autodialer or SMS

The TCPA requires prior express consent to make auto-dialed or pre-recorded calls to cell phones. However, the practical risk extends to landlines as well. Sending an SMS message to a landline number obviously will not work, but the attempt itself may still constitute a violation depending on the platform and how the message is routed. More practically, landlines in your SMS campaign list represent wasted spend and failed deliveries. Cleaning landlines out of SMS lists is both a compliance measure and a performance optimization.

Revoked Consent

Consumers can revoke their consent to receive calls and texts at any time, through any reasonable method. This includes replying "STOP" to a text message, verbally requesting removal during a call, sending an email, submitting a web form, or even posting a request on social media. Once consent is revoked, you must stop contacting that number immediately. The operational challenge is ensuring that revocation in one channel is honored across all channels and all systems. If a customer texts "STOP" to your SMS platform but their number remains in a spreadsheet used for a separate outreach campaign, you are at risk.

Do Not Call Registry Numbers

The National Do Not Call Registry maintained by the FTC contains over 240 million phone numbers. Telemarketing calls to numbers on this registry are prohibited unless you have prior express written consent or an established business relationship. You are required to scrub your calling lists against the DNC registry at least every 31 days. Failing to perform this scrub is itself a violation, separate from the violation of actually calling a registered number.

Missing or Invalid Consent Records

If you cannot prove that you obtained proper consent for a phone number, you are effectively operating without consent. The burden of proof is on the caller. You must be able to produce records showing when consent was obtained, how it was obtained, what the consumer was told, and the specific scope of consent given. Phone numbers from purchased lists, scraped from websites, or imported from old databases without associated consent records are a ticking time bomb.

The Phone List Cleaning Workflow

A thorough phone list cleaning process addresses each category of risk systematically. Here is the workflow that compliance teams use to prepare phone lists for campaigns.

Step 1: Standardize All Phone Numbers to E.164

Before you can validate phone numbers, they need to be in a consistent format. E.164 is the international standard for phone number formatting, used by Twilio, the FCC's Reassigned Numbers Database, and virtually every telephony platform. An E.164 number starts with a plus sign, followed by the country code and the subscriber number with no spaces, dashes, or parentheses. For U.S. numbers, the format is +1XXXXXXXXXX (11 digits total).

Your raw phone list will contain numbers in dozens of formats: (555) 123-4567, 555.123.4567, 555-123-4567, 15551234567, +1 555 123 4567, and more. Standardizing to E.164 first ensures that all subsequent validation steps work correctly and that you can match numbers across different systems. For a detailed explanation of the format and how to convert in bulk, read our complete guide to E.164 phone number format.

Step 2: Validate Phone Number Types

Once numbers are standardized, classify each number as mobile, landline, or VoIP. This classification determines what types of communication are permitted under the TCPA. SMS messages should only go to mobile and SMS-capable VoIP numbers. Auto-dialed voice calls to cell phones require prior express consent. Landlines have different consent requirements than mobile numbers. Use a phone type lookup service that queries the carrier database in real time, as number portability means that the area code alone is not a reliable indicator of phone type.

Step 3: Scrub Against the DNC Registry

Download the latest DNC registry data from the FTC and compare your phone list against it. Remove any numbers that appear on the registry unless you have documented prior express written consent from those specific consumers. The DNC registry is updated daily, and your scrub data is valid for 31 days. Set a recurring reminder to re-scrub before each campaign and at least once a month for ongoing outreach programs.

Step 4: Check for Reassigned Numbers

Query the FCC's Reassigned Numbers Database with your phone list and the date you obtained each number. The database will tell you whether each number has been permanently disconnected and reassigned since your consent date. Any number flagged as reassigned should be removed from your list immediately. This is one of the most overlooked cleaning steps, but it is critical for lists that are more than a few months old.

Step 5: Remove Duplicates

Duplicate phone numbers in your list mean duplicate calls or texts to the same person, which annoys consumers and increases your TCPA exposure. A single person receiving two unwanted texts from the same campaign represents two separate violations. Deduplication should be performed after E.164 standardization so that format variations like "(555) 123-4567" and "5551234567" are correctly identified as the same number. Our deduplication guide covers the techniques for removing duplicates from large phone lists.

Step 6: Verify Consent Records

For every number remaining on your clean list, verify that you have a consent record on file. The consent record should include the date and time consent was given, the method of consent (web form, verbal, written), the exact language the consumer agreed to, and the scope of consent (calls only, texts only, or both). Numbers without verifiable consent records should be segregated and not used for any outreach that requires consent under the TCPA.

Common TCPA Mistakes That Lead to Lawsuits

Buying Phone Lists

Purchased phone lists are the single most common source of TCPA violations. The seller may claim the list is "opt-in" or "compliant," but TCPA consent is specific to the entity that will be making the calls. Consent given to Company A does not transfer to Company B that purchases the list. Unless the consumer specifically agreed to receive communications from your company by name, you do not have valid consent. No amount of cleaning can fix a purchased list that lacks first-party consent.

Importing Old Data Without Re-Consent

When businesses migrate to a new CRM or marketing platform, they often import historical phone lists that are years old. These lists contain reassigned numbers, revoked consents, and numbers that have been added to the DNC registry since the data was originally collected. Importing old data into a new system without re-validating every number and re-verifying consent is a recipe for a class action lawsuit.

Ignoring the Internal DNC List

In addition to the national DNC registry, you are required to maintain your own internal do-not-call list. This list contains every consumer who has specifically asked your company to stop calling or texting them. Your internal DNC list must be maintained indefinitely and checked before every campaign. Many businesses maintain an internal DNC list in one system but fail to check it when sending from a different platform or using a different phone list.

Failing to Honor Opt-Outs Across Channels

A consumer who replies "STOP" to your SMS expects to stop receiving all text messages from your company, not just messages from the specific campaign or platform they responded to. If your opt-out process only updates one system and leaves the number active in other platforms and spreadsheets, you will continue contacting them in violation of both the TCPA and the consumer's expressed wishes.

NoSheet's Phone Validation and Formatting Tools

NoSheet provides the tools you need to execute the phone list cleaning workflow efficiently and at scale. The phone validation feature checks each number for proper format, identifies the line type (mobile, landline, or VoIP), and flags numbers that are likely disconnected or invalid. The E.164 formatter standardizes every number in your list to the international standard format, regardless of the input format.

For deduplication, NoSheet's fuzzy matching catches phone numbers that appear multiple times in different formats. The number "(555) 123-4567" in row 50 and "+15551234567" in row 3,000 are recognized as the same number and flagged as duplicates. This prevents the double-contact scenario that creates unnecessary TCPA exposure.

The entire cleaning process runs in a single workflow: upload your phone list, standardize formats, validate numbers, remove duplicates, and download a clean, compliant list ready for your campaign. What would take hours of manual work with spreadsheet formulas and multiple vendor lookups takes minutes with NoSheet. For bulk formatting specifically, see our guide on formatting phone numbers in bulk.

Building a TCPA-Safe Culture

Phone list cleaning is not a one-time project. It is a recurring process that must be embedded in your campaign workflow. Every phone list, whether compiled internally or received from a partner, should go through the full cleaning pipeline before any calls or texts are made. Establish a policy that no phone outreach occurs on uncleaned lists, and train every team member who touches phone data on TCPA requirements.

Document your cleaning process so that if a lawsuit arises, you can demonstrate that you took reasonable steps to ensure compliance. Courts look favorably on businesses that have documented TCPA compliance programs, even if an occasional violation slips through. The absence of a documented process, on the other hand, makes willfulness arguments much easier for plaintiffs to establish, which triples the per-violation penalty.

Integrate your internal DNC list, your opt-out records, and your consent database into a single source of truth. When a consumer opts out through any channel, that opt-out should propagate to every system within minutes, not days. The businesses that treat TCPA compliance as an operational discipline rather than a checkbox exercise are the ones that avoid seven-figure settlements. If you are also preparing your phone data for SMS campaigns, our campaign preparation guide covers the additional steps needed for deliverability and engagement.

Clean Your Phone List Before the Next Campaign

Upload your phone list and get instant E.164 formatting, type validation, deduplication, and compliance flagging. Protect your business from TCPA liability.

Validate Your Phone List