Two Different Jobs, Two Different Rules
Bulk SMS covers a surprisingly wide range of use cases — from a promotional flash sale to an authentication code to an appointment reminder to a delivery notification. These all look similar on the surface (a text message to a phone number), but they're fundamentally different in purpose, compliance requirements, and what makes them effective.
Treating them all the same is one of the most common mistakes we see. Teams apply their marketing SMS setup to transactional messages, or their transactional infrastructure to promotional sends, and both fail in predictable ways.
Let's separate them properly.
Defining the Difference
Transactional SMS is a message the recipient expects and wants because they took an action that triggered it. Examples:
- •OTP / two-factor authentication code
- •Order confirmation
- •Shipping notification
- •Appointment reminder
- •Password reset code
- •Delivery notification
- •Payment receipt
- •Account alert (unusual login, low balance)
The defining characteristic: the recipient initiated the relationship and the message is a direct response to their action or a fulfilment of a service they signed up for.
Marketing SMS is a message the sender initiates for commercial purposes. Examples:
- •Flash sale announcement
- •Product launch notification
- •Win-back campaign ("We miss you, here's 20% off")
- •Loyalty reward announcement
- •Event invitation
- •Upsell / cross-sell campaign
The defining characteristic: the sender is reaching out for a commercial purpose, not in response to a specific recipient action.
The grey area: Some messages blur the line. An appointment reminder is transactional. An appointment reminder that also says "and don't forget to book your follow-up visit — use code RETURN15 for 15% off" is partially marketing. We'll come back to this.
Compliance: Where the Frameworks Differ
This is the most important difference and the one that causes the most problems.
Marketing SMS Compliance
Marketing SMS requires explicit opt-in consent in the UK (PECR), US (TCPA), and EU (GDPR/ePrivacy). The recipient must have actively agreed to receive promotional messages from you.
Every marketing SMS must include an opt-out mechanism — "Reply STOP to opt out" or equivalent.
Sending marketing SMS to someone who hasn't opted in is a regulatory violation. Even one valid complaint can trigger ICO investigation. TCPA class actions in the US have resulted in settlements in the tens of millions of dollars.
Transactional SMS Compliance
Transactional SMS rules are more lenient precisely because the recipient expects the message.
In the UK, you don't need marketing opt-in consent to send transactional SMS — but you do need a lawful basis under UK GDPR for processing the phone number. "Performance of a contract" or "legitimate interests" typically cover transactional messages: you collected the phone number to deliver a service, and sending an OTP or order confirmation is part of delivering that service.
However: Transactional messages must NOT be used as a vehicle for unsolicited marketing. This is a real line that providers and regulators watch for. Wrapping a promotional offer in an OTP message doesn't make the promotion transactional. Carriers can and do filter messages that appear transactional in format but contain marketing content.
Opt-out requirements for transactional messages: Strictly speaking, you don't need an opt-out in a transactional message the way you do in a marketing one. But it's good practice to include a way for recipients to manage their communication preferences, particularly for messages that aren't critical to the service (like some types of alerts or notifications).
Technical Setup: Keep Them Separate
A very practical recommendation: keep transactional and marketing SMS on separate infrastructure — separate API keys, separate sender IDs, separate sending accounts if possible.
Here's why this matters:
If your marketing sender ID gets flagged by a carrier (spam reports, content filter trigger, high opt-out rate), it can affect deliverability for all messages using that sender ID. If your transactional OTPs are on the same sender ID as your promotional campaigns, a marketing deliverability problem becomes a transactional delivery problem. Authentication codes and appointment reminders failing to deliver is significantly worse than a flash sale SMS being filtered.
The BulkSMSRates API supports multiple sender IDs and sub-accounts on the same master account. Setting up a dedicated transactional sender ID costs nothing extra and protects your critical message flows from being contaminated by marketing sender reputation issues.
Best Practices for Transactional SMS
Speed Is Everything
For OTPs and authentication codes, delivery speed is more important than almost any other factor. A code that takes 4 minutes to arrive is a failed authentication from the user's perspective — they've already closed the app or given up.
Use direct tier-1 routes for transactional messages, not grey routes. Set a short message validity period (5–30 minutes for OTPs). Monitor median delivery latency, not just average — you want to know what the 95th percentile looks like.
We've seen clients hit median 4-second delivery latency on UK OTPs using the SMPP gateway. HTTP API adds some overhead but is still fast enough for most use cases.
Keep the Message Clear and Specific
Transactional messages should be unambiguous:
Good: "SHOPNAME: Your verification code is 847291. Valid for 10 minutes. Do not share this code."
Bad: "Your code is 847291. Did you know we have a sale on? Shop at shop.com/sale."
The bad example is bad for two reasons: it mixes transactional with marketing content (compliance issue), and it buries the critical information in noise.
Handle Delivery Failures Properly
If an OTP fails to deliver, your application should:
- 1.Detect the UNDELIV or EXPIRED DLR
- 2.Allow the user to request a resend (with rate limiting to prevent abuse)
- 3.Not expose whether the delivery failed (tells attackers whether a number is valid)
For appointment reminders: if the primary SMS fails, consider a fallback notification channel. Email works for this. Failed appointment reminders cost money (no-shows) in ways that failed promotional SMS doesn't.
Validity Periods
Set these correctly. Not the default. The right validity period depends on the message type:
| Message Type | Recommended Validity |
|---|---|
| OTP / 2FA code | 5–15 minutes |
| Password reset | 15–30 minutes |
| Flash sale notification | 2–4 hours |
| Appointment reminder | 24 hours |
| Shipping notification | 48 hours |
| General marketing | 24–48 hours |
An OTP that arrives 3 hours after it was requested is worse than no OTP. An appointment reminder that arrives 2 days after the appointment is actually actively harmful (confusing). Think about what happens if the message arrives late, and set validity accordingly.
Best Practices for Marketing SMS
Consent and List Quality First
The single biggest driver of marketing SMS performance is list quality. Consented, engaged subscribers who opted in specifically for SMS marketing outperform everyone else by a large margin. We've documented clients seeing 9–14% click-through rates from high-quality consented lists vs 1–3% from questionable lists.
Don't buy lists. Build yours through keyword opt-in, web forms, and in-store sign-ups. It's slower but the economics are much better.
The Offer Has to Be Real
SMS is a high-attention channel. If you burn that attention on weak offers, you waste it and erode subscriber trust. "Check out our new collection" is not an offer. "30% off everything for 24 hours — today only" is an offer.
The specificity of the offer directly correlates with click-through rate. A/B testing "30% off" vs "£15 off your next order over £50" is worth doing because the right offer structure varies by audience.
Frequency and Fatigue
Two to four sends per month is right for most retail/ecommerce businesses. Healthcare appointment reminders can be more frequent because they're expected and valued. Hospitality can be once a week if the offers are genuinely relevant.
Track opt-out rates per campaign. If you're consistently above 0.5% opt-outs, something is wrong: either frequency is too high, the offers aren't relevant, or the timing is off.
Mixing Transactional and Marketing: The Rules
The grey area example from earlier — adding a promotional element to an appointment reminder — needs careful handling.
You can include a very soft promotional mention in a transactional message in some cases: "Your appointment is confirmed for Thursday 3pm. We look forward to seeing you. Have you tried our new membership programme? Details at clinic.com/membership."
What you cannot do: use a transactional message as the primary vehicle for a marketing message, or send a promotional-heavy message to people who haven't consented to marketing and frame it as transactional.
The test: if you removed the transactional content (the appointment confirmation), would the remaining message be something you'd send as marketing? If yes, the transactional framing isn't genuine and you're in compliance risk territory.
Summary
| Dimension | Transactional | Marketing |
|---|---|---|
| Consent required | Contract/LI basis | Explicit opt-in |
| Opt-out required | No (but good practice) | Yes, every message |
| Timing constraints | Send immediately | 8am–9pm local time |
| Key metric | Delivery speed | Click-through rate |
| Sender ID | Dedicated, protected | Can be shared (with care) |
| Validity period | Short (minutes–hours) | Longer (hours–days) |
| Infrastructure | Separate from marketing | Separate from transactional |
Getting this right — keeping the two types genuinely separate, applying the right rules to each, and optimising for the right metrics — is foundational to any mature SMS programme.