Due to CASL, Canadian Carriers Might be Locking Out Your Users
Time to read: 2 minutes
November 21, 2017
Written by
If you use SMS to send codes for two-factor authentication logins or to verify ownership of a phone numbers, you need to be aware of a growing trend where wireless carriers are starting to block your traffic and thus preventing people from signing up and logging into your application. Twilio has two APIs, Verify and Authy, which can help avoid these issues because they are pre-configured to comply with carriers changing policies.
For example Canada’s approach to reduce unwanted messages is to encourage use of short codes instead of long codes. Carriers are supporting this preference through increased filtering of A2P traffic on long codes. The change in law came from the Canadian Radio-television and Telecommunications Commission (CRTC) which, in 2017, started enforcing updates to Canada’s Anti-Spam Legislation (CASL). Specifically, they target bulk SMS messages sent from long codes, i.e. ten-digit phone numbers like (236) 555-1212. This type of traffic, when sent from software applications as opposed to other people’s phones, is called A2P, or Application to Person.
The increase in regulations is impacting companies who use SMS to verify new user signups (a practice known as phone verification) and/or deliver codes as part of two-factor authentication (2FA) secured logins. Essentially, when you send out numerous similar looking messages, such as “123456 is your code to login” they’ll likely fall into these spam filters. What’s unfortunate is these codes are critical to your users trying to login or signup, if they get blocked, people cannot get into your application.
The new policy requires that this traffic should only be sent from short codes and that long codes are only for person-to-person messages. If you are using SMS to send codes for 2FA or phone verification and you have users in Canada, users will be blocked from signing up for your application or successfully completing an authentication.
Twilio has a solution to avoiding this issue. We have an API for two-factor authentication, called Authy and another for phone verification, called Verify. They are already configured with short codes and agreements with carriers to avoid blocking of verification and authentication SMS messages. These APIs are not just configured for Canada, but for all global destinations where short codes are supported and we constantly maintain them as policy changes. As such, using these APIs will not only resolve the current Canadian issue but also address potential future carrier policy changes in other countries.
You can read more about these APIs at;
- Twilio Authy API for two-factor authentication
- Twilio Verify API for phone verification
We also have some ebooks which go into the subject in more depth
Related Resources
Twilio Docs
From APIs to SDKs to sample apps
API reference documentation, SDKs, helper libraries, quickstarts, and tutorials for your language and platform.
Resource Center
The latest ebooks, industry reports, and webinars
Learn from customer engagement experts to improve your own communication.
Ahoy
Twilio's developer community hub
Best practices, code samples, and inspiration to build communications and digital engagement experiences.