It looks tempting on paper. Texts get opened in seconds, merchants always have their phones, and a list of cell numbers feels like a shortcut straight past the inbox. So sooner or later almost every MCA shop asks the same question: can we just blast these leads a text?
The short answer is no — at least not the cold, non-opted-in blasting most shops have in mind. Text and phone outreach in the US is governed by the Telephone Consumer Protection Act (the TCPA), and the TCPA is built on consent. If a merchant hasn't given you prior express permission to text them marketing, sending that text is generally illegal — and the penalties are charged per message, not per campaign.
This guide explains exactly why SMS blasting is a legal trap for MCA, what it actually costs when it goes wrong, why shops that try it keep getting shut down, and why cold email lives under a completely different — and far more permissive — law. One caveat up front: this is general education, not legal advice. Statutes change and edge cases exist, so for your specific situation, consult a qualified attorney.
The short answer: cold text blasting is generally illegal
Let's settle the headline first. Sending a marketing text to a merchant who never opted in to hear from you is, in almost every case, against the law in the United States. There's no clever workaround in the phrasing, no 'it's B2B so it's fine' exception that makes a cold blast safe. The default for unconsented marketing SMS is: don't.
The reason is the law that governs the channel. Texts and calls fall under the Telephone Consumer Protection Act — the TCPA — which is a consent-based statute. Before you can send marketing texts, you generally need the recipient's prior express written consent. No consent means no compliant text. That's the opposite of how cold email works, which is exactly why so many brokers get the two confused.
So when the question is 'is text blasting legal,' the honest answer for cold, list-based SMS is no. You can text people who have genuinely opted in — existing customers and prospects who asked to hear from you — but blasting a purchased or scraped list of merchant cell numbers is not a gray area. It's the thing the TCPA was written to stop.
What the TCPA is (and why SMS is not email)
The TCPA is the federal statute that regulates telemarketing calls, auto-dialed calls, prerecorded messages, and text messages. Courts have long treated SMS as a 'call' for TCPA purposes, which means your marketing texts are held to the same consent-first standard as a telemarketing phone call. The Federal Communications Commission enforces it, but — crucially — the TCPA also lets private individuals sue, which is what makes it so dangerous in practice.
Here's the distinction that trips up MCA brokers: email and SMS are not the same law. Cold email is governed by CAN-SPAM, which permits unsolicited B2B outreach with no opt-in requirement. Texting is governed by the TCPA, which requires consent before you send. Same merchant, same offer, two completely different legal answers depending on the channel you choose.
That's why borrowing your intuition from one channel and applying it to the other is so costly. A broker who has run compliant cold email for years can assume SMS works the same way and walk straight into liability. It doesn't. For texts, the rule is consent first; for email, the rule is honesty first. Know which channel you're on before you press send.
The part that ends MCA shops: $500–$1,500 per text
Here's the number that turns SMS blasting from a bad idea into an existential one. The TCPA carries statutory damages of $500 for each violating text — and if the violation is willful or knowing, a court can treble that to $1,500 per message. There's no need for the recipient to prove they suffered any actual harm; the damages are baked into the statute, message by message.
Now apply MCA math. A shop blasting a list isn't sending one text — it's sending thousands, often tens of thousands. At $500 to $1,500 each, a single campaign to a modest list can manufacture a damages figure in the millions. One mid-sized blast is enough to bankrupt a broker. This isn't a fine you negotiate down to a slap on the wrist; it's a per-message multiplier pointed straight at your send volume.
And the people collecting it aren't only regulators. The TCPA's private right of action has created a sophisticated plaintiffs' bar that actively hunts for blasted texts, files class actions, and settles them for serious money. Unconsented SMS doesn't just risk a regulator noticing — it invites lawsuits. That combination of per-text damages and eager litigants is precisely why MCA shops that try SMS blasting tend to get shut down, not slowed down.
Why carriers shut SMS blasters down before the lawyers even arrive
The legal exposure is the part that ends businesses, but the operational reality is what kills the channel day to day. Even before a single lawsuit is filed, the mobile carriers themselves are working against unconsented blasters. US carriers run aggressive spam filtering and require message senders to register their traffic and prove consent. Cold, list-based MCA texting fails those checks fast.
What happens next is familiar to anyone who's tried it. Numbers get flagged, throughput gets throttled, and sending numbers get deactivated — often within hours of a blast. MCA is already the most spam-complained-about industry online, so MCA texting draws complaints faster than almost anything else, which accelerates the shutdown. You buy new numbers, blast again, and burn those too. It's a treadmill that costs money and never builds anything durable.
So even setting the courtroom aside, SMS blasting is a channel that self-destructs. The carrier ecosystem is engineered to stop exactly this behavior, and it does. You can't build a reliable pipeline on infrastructure that's actively trying to evict you.
Cold text vs cold email: same merchant, opposite law
Put the two channels side by side and the contrast is stark. The merchant is identical. The offer is identical. The only thing that changes is the pipe you send through — and that single choice flips the legal answer from 'generally illegal' to 'permitted.'
Cold SMS lives under the TCPA: consent required, no exception for cold lists, $500–$1,500 in statutory damages per message, and a carrier system built to shut blasters down. Cold email lives under CAN-SPAM: no opt-in requirement, B2B cold outreach expressly permitted, and a clear checklist of honesty rules instead of a consent wall. One channel punishes you for sending cold; the other gives you room to operate at scale as long as you send honestly.
- Cold SMS → TCPA. Consent-based. Cold, non-opted-in texting is generally illegal.
- Damages → $500 per text, up to $1,500 for willful violations — assessed per message.
- Enforcement → FCC plus a private right of action that fuels class-action lawsuits.
- Cold email → CAN-SPAM. No opt-in required. B2B cold outreach is permitted when you follow the rules.
- Email rules → truthful headers and subject, a valid physical address, and a working opt-out you honor.
- Net effect → SMS blasting self-destructs; compliant cold email scales and lasts.
The durable channel: compliant cold email
If texting is a dead end, the obvious question is what to do instead — and the answer is the one channel where US law actually leaves the door open at volume. Cold email to business prospects is permitted under CAN-SPAM with no requirement that the merchant opted in first. You don't need consent; you need to send honestly. That makes email the durable, high-volume MCA channel that SMS can never be.
Compliant cold email isn't lawless, but the rules are a checklist, not a consent wall: truthful 'From' and subject lines, a real physical postal address in every message, and a working opt-out you honor promptly. Meet those and you're operating squarely inside the law — even on a merchant who never asked to hear from you. The catch isn't legality; it's deliverability, since MCA is the most spam-complained-about vertical and generic tools burn their domains within weeks.
That's the problem we built MCA Rocket to solve. We don't sell or supply lead data — sourcing real, valid business leads is the client's responsibility — but everything we send on your behalf runs through warmed, dedicated infrastructure built to land in the inbox and stay CAN-SPAM compliant on every message. Over 5+ years, $1.3B+ funded and 180K+ applications generated, we've handled millions of leads the right way, with a 90%+ inbox guarantee or your money back. No blasted texts, no per-message liability — just compliant email that returns full applications with bank statements.
