In a major move to curb rising SMS-based fraud across India, the Telecom Regulatory Authority of India (TRAI) has issued a powerful new directive mandating pre-tagging of every variable field in commercial SMS templates. The reform is designed to shut down loopholes that scammers have been exploiting for years to push harmful links, fake APKs, and fraudulent callback numbers through legitimate sender IDs.
The decision, released on 18 November 2025, marks one of the biggest overhauls of India’s commercial communication ecosystem since the introduction of TCCCPR regulations in 2018.
Why TRAI Introduced the New Rule
Variable fields in SMS templates allow businesses to insert dynamic elements—like URLs, tracking links, OTPs, and contact numbers—while keeping the core text constant. However, TRAI’s investigations revealed massive misuse:
◆Fraudsters inserted non-whitelisted URLs
◆Added malicious OTT/app download links
◆Used fake callback numbers
◆Bypassed template checks by exploiting untagged variables
These gaps became a playground for phishing, financial fraud, and data theft, impacting millions of mobile users.
Despite earlier directives in February and May 2023, Access Providers failed to enforce uniform tagging—forcing TRAI to issue strict, non-negotiable orders now.
Key Features of the New TRAI Direction
1. Pre-Tagging Becomes Mandatory
Every variable must be tagged based on content type and purpose. Approved tags include:
#url# – General links
#urlott# – OTT/app/APK download links
#cbn# – Callback numbers
#email# – Email placeholders
#numeric# – OTPs, amounts
#alphanumeric# – IDs (max 40 chars)
No tag = No approval.
2. Strict Validation & Scrubbing
Access Providers must verify all dynamic fields against whitelisted:
URLs
APK/OTT links
Callback numbers
Scrubbing systems must go live within 30 days.
3. Rules for New & Existing Templates
New templates: Only tag-compliant ones approved after 10 days
Existing templates: Must comply within 60 days of scrubbing launch
This creates a clean, tamper-proof messaging ecosystem.
4. Logger Mode → Full Enforcement
For the first 60 days after scrubbing begins:
Messages get delivered BUT failures are logged
After 60 days:
Messages failing validation will be blocked instantly.
5. Accountability for Principal Entities
Access Providers must immediately notify companies responsible for template failures and push them to update, fix, or remove invalid templates.
Impact: Safer SMS, Less Frauds, More Trust
The move is expected to hugely strengthen India’s commercial SMS framework by:
●Reducing phishing attempts
●Preventing unverified links/numbers
●Eliminating template misuse
●Protecting banks, govt agencies, and essential services from brand spoofing
With millions relying on SMS for OTPs, banking alerts, and official communication, this crackdown promises higher security and user trust.
Industry Outlook
TRAI’s directive sets a new benchmark for digital communication safety in India. As operators transition from logging to full enforcement, users can expect cleaner, safer, and more transparent SMS interactions. The next 90 days will be critical as Access Providers update systems, revise Codes of Practice, and file compliance reports.
India’s commercial messaging ecosystem is entering a new era—tighter, safer, and fraud-proof.
