{"id":13279,"date":"2025-05-15T15:15:45","date_gmt":"2025-05-15T13:15:45","guid":{"rendered":"https:\/\/www.efidem.com\/?p=13279"},"modified":"2026-01-13T16:08:58","modified_gmt":"2026-01-13T15:08:58","slug":"marketing-sms-sender-id-security","status":"publish","type":"post","link":"https:\/\/www.efidem.com\/en\/blog\/2025\/05\/15\/marketing-sms-sender-id-securite\/","title":{"rendered":"SMS marketing: French Sender ID rules and practices to be adopted from early 2025"},"content":{"rendered":"
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

News about SMS marketing campaigns<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Sms marketing: the upsurge in SMS scams (smishing) calls for tougher security measures. Mobile operators, aggregators and professional associations (AF2M) recall that a \"significant number of cases of fraud\" have necessitated the adoption of new contractual rules. The sender identifier (SenderID or OADC - Originator Address Code<\/em>) of messages is now closely monitored to prevent identity theft. These provisions, which have been in force since March 10, 2025, are designed to protect subscribers against costly scams, often directed against well-known brands or institutions.<\/p>\n

<\/p>\n

What is smishing and what does it mean for SMS marketing?<\/h2>\n

<\/p>\n

Visit smishing<\/em> (SMS-phishing) is a scam in which the attacker sends a fraudulent SMS message impersonating a legitimate entity. The message invites the victim to click on a link or provide personal or banking data, under the pretext of an alarming situation (suspicious bank transfer, parcel delivery, overdue invoice, etc.).\u00a0<\/p>\n

In 95 % of cases, this fraudulent SMS contains a link redirecting users to a fake website usurping a well-known brand in order to steal bank details. The stakes are high: in addition to data theft and financial losses, these attacks damage the confidence of users and partners in mobile telephony services. This is why tightening controls on SenderID is part of a broader strategy to combat SMS phishing.<\/p>\n

<\/p>\n

New Sender ID requirements<\/h2>\n

<\/p>\n

For business SMS sent by web interface<\/a> or by API<\/a> (\u201cPush SMS\u201d), the sender can be a numeric short code<\/strong> (5 digits starting with 36xxx or 38xxx) or an alphanumeric SenderID (OADC)<\/strong> of no more than 11 characters. The new AF2M Business Messaging charter requires this personalized identifier to be limited to 11 characters, and to include only letters and numbers if necessary. Tout SenderID made up of numbers only,\u00a0<\/strong>outside official short numbers is prohibited. Likewise, no special characters or spaces are allowed.<\/strong><\/p>\n

<\/p>\n

AF2M has listed some generic terms that should no longer be used as SenderIDs. Identifiers such as ALERT<\/em>, RDV<\/em>, PAYMENT<\/em>, BANK<\/em>, PACKAGE<\/em>, DELIVERY<\/em>etc., are no longer permitted. These generic words, which do not refer to a specific brand, are not permitted in the sender field.<\/p>\n

<\/p>\n

In addition, the AF2M charter defines two categories of sensitive SenderID: \"Strictly Forbidden\" (SI) and \"Forbidden Unless Authorized\" (ISA). A marked OADC IF,\u00a0<\/strong>such as the names of public institutions or banks: all<\/em> SMS sent with such an OADC will be systematically blocked<\/strong> by operators. A classified OADC ISA,\u00a0<\/strong>trademarks such as Netflix<\/em>or\u00a0Amazon<\/em>\u00a0may only be used with the explicit authorization of the brand concerned and after declaration to AF2M.\u00a0<\/p>\n

<\/p>\n

Consequences of SMS marketing non-compliance<\/h2>\n

<\/p>\n

Failure to comply with these rules will result in strict measures:<\/p>\n

<\/p>\n