MobileConnect Guide for Sending SMS Messages to the United Arab Emirates

General Guidelines and Deliverability

There are 19 million active mobile phone numbers in the UAE with a smartphone penetration of around 80% of the adult population.

Supported Codes

Note

The provisioning times listed in this table are estimates based on historical trends. The mobile carriers don't provide firm lead times, so the actual time required to obtain your phone numbers can differ from these estimates. Holidays, increased demand, and carrier network freeze periods (which vary by country and carrier) can cause delays.

Consent Management Service

Two major carriers in the UAE (Etisalat and Du) have implemented a framework for application-to-person SMS messaging called Consent Management Service (CMS). The CMS service is intended to reduce the number of unsolicited messages that are sent to recipients in the UAE. Companies, organizations, and brands that plan to send SMS messages to recipients in the UAE are required to create a CMS account. In the CMS account, senders must register their FromNames (alphabetic sender IDs) and provide subscriber consent details for marketing SMS messages.

Marketing Cloud Engagement customers are required to register any new SMS programs (and re-register existing ones) that target recipients in the UAE.

Note

If you have existing registered FromNames that aren’t registered in the CMS portal, you must re-register them in the CMS portal. When you register, you must also upload a NOC (Non-Objection Certificate) letter before submission. The letter must be printed on Corporate letterhead and must be signed and stamped. An NOC template is provided on page 13 of the Etisalat CMS Policy document. Alternatively, your Salesforce account executive or success manager can provide a template.

You can register your SMS sending programs by completing these steps.

Step 1: Register for a CMS account

Obtain a Party ID (business customer number) with Etisalat. If your organization already has a Party ID through an existing relationship with Etisalat, you can register for a new CMS account by contacting your account manager.

If your organization doesn’t have a Party ID, you must send an authorized senior-level executive to register at an Etisalat Business Center. The executive must provide this documentation:

• Valid Trade License for the company.
• Passport or valid UAE ID card.
• Power of attorney or letter of authorization (LOA) if the applicant is the same signatory of the trade license. This letter confirms that the executive is authorized to submit the application on behalf of the organization. You can find an LOA template on page 16 of the CMS Service FAQ document.
• A completed CMS application.

After you submit your CMS application, the carriers create your account. When your account is ready, they contact you by email and SMS and provide log-in credentials.

Step 2: Register FromNames

Log in to the CMS portal using the credentials provided by Etisalat. In the portal, you can complete these tasks:

• Create and delete FromNames.
• Display active FromNames.
• Access your database of subscribers who have provided consent.
• Upload new consent records.
• View uploaded consent records.
• Manage the users for your CMS account.

Follow the instructions to register your FromNames. You can register as many unique FromNames as you require. Registration is on a first come, first served basis. Keep these guidelines in mind as you register new FromNames:

• FromNames that you plan to use for marketing or promotional use cases must begin with “AD-”. For example, if you plan to send promotional messages using the name MyBrand, you must register the FromName “AD-MyBrand”.
• FromNames can contain between three and 11 characters. If you send promotional or marketing messages, the required characters “AD-” are counted in this limit.
• FromNames must be associated with your company, brand, or organization.
• You can’t register generic FromNames, such as “AD-Promo”, “AD-Offer”, or “AD-Alert”.
• FromNames can contain a space and up to two special characters. In promotional and marketing messages, the hyphen in “AD-” isn’t counted as a special character.
• FromNames can contain a mix of numbers and letters or just letters.
• You must link each FromName to one of these market sectors.

After you submit your FromName registration, the carriers review your request. This review process usually takes about 48 hours. If the carriers approve your FromName request, they provide a unique blockchain ID for that FromName. You can view a list of all FromNamee requests and their statuses in the CMS portal.

Step 3: Manage Consent Management for Marketing SMS Messages

You must provide consent templates for all of the FromNames that you register. You can link a consent template to a single FromName or to several. The consent text must explicitly state what recipients are opting into, including the scope, time period, and any other relevant information. The following template is an example of an acceptable consent statement: “I agree to receive marketing communications via SMS from NTO Inc and its group of brands advertising new season product lines, events, and promotions.”

If your organization has registered marketing FromNames, you’re responsible for registering your consent templates and subscriber details before you send any marketing SMS messages. This registration proves that your marketing lists contain subscriber numbers that have explicitly consented to receive promotional SMS messages from you. The carriers block promotional messages that you send to recipients that you haven’t provided consent for, so it’s important to the success of your marketing campaigns to complete this step.

Consent uploads must include all of this information:

• The mobile phone number (MSISDN) including country code 971
• Date that consent was given
• Time of consent given (optional)
• Channel consent was given (web or app)
• The URL or app name
• Digital ID: system-generated ID, log, or customer email

If recipients provide written consent, you must upload scanned copies of the consent record with subscriber number, date, signature, and consent statement. For more information about CMS consent management, see the Etisalat Consent Management Service Policy document.

Note

You don’t need to upload consent details for transactional SMS communications. Examples of transactional use cases include service or account alerts, two-factor authentication, password reset requests, booking confirmations, or delivery status updates.

Step 4: Provide your sender ID information to Salesforce

Send the details of your approved FromNames to your Salesforce account or success manager. You must complete this step before you start testing and deploying SMS messages in the UAE. In your correspondence, provide all of these items:

• List of approved Sender IDs.
• Unique Blockchain ID for each approved Sender ID.
• Associated NOC letters.

When we receive this information, we add your sender IDs to an allow list, which enables your account to send SMS messages using the listed sender IDs. This process typically takes seven business days to complete. We notify you when this setup process is complete.

Successful Sending and Best Practices

UAE carriers apply strict filtering of all SMS message content and Sender IDs against pre-approved SMS programs in the CMS portal. If you attempt to send messages using an unregistered FromName, or you send messages to recipients who haven't provided consent, your message sends result in failure. You’re responsible for making sure that the messages you send align with the templates that you registered in the CMS. We strongly recommend that you test your messaging campaigns before you deploy them.

CMS and Regulatory Compliance

The CMS framework is primarily designed to curb the abuses of spam and fraud. Salesforce customers must therefore abide by the code of conduct rules set out by the carriers and the local regulator TDRA and ensure their promotional programs are CMS-compliant and follow best practice. Observe these following considerations:

• Consent must be explicit. For example, it can’t be inferred or hidden within the terms and conditions listed on a webpage or in small print.
• The terms and scope of the marketing program, including the brand name and service, must be explicitly conveyed to the subscriber before they opt in.
• A current business relationship doesn’t authorize the sending of marketing messages. For example, proof of purchase isn’t valid consent.
• Requests for consent can’t be made via a voice call or SMS text message.
• Verbal communication isn’t valid.
• Consent received via the internet must also capture the IP address.
• Promotional SMS can only be sent between the hours of 8 AM and 9 PM Gulf Standard Time.
• All consent must be digitally verifiable or presented in a tangible form when requested by a carrier or the regulator TDRA.
• Failure to provide proof of consent results in SMS program suspension, financial penalties, or litigation.
• Respond to spam complaints within 24 hours.

Consent can be acquired via these channels:

• Written
• Web
• Mobile app

Managing Opt-Outs

All promotional SMS must contain an opt-out call to action (CTA) as a message footer. It’s mandatory to include the carrier short code 7726 as the unsubscribe mechanism. Until recently, it was common practice to provide an opt-out path via a private short code, web link, or customer preference center. These channels are no longer available for enterprises and brands to manage opt-outs, because the CMS database now manages them.

Subscribers who want to opt out of promotional SMS programs can do so by requesting a block on a specific Sender ID. For example, a promotional message with Sender ID “AD-MyBrand” must contain an opt-out CTA such as “To opt out, text B MyBrand to 7726”. All blocking requests are automatically added to the Do Not Disturb (DND) registry managed by CMS. Subscribers can opt back into an SMS program by texting “U” plus the Sender ID to the short code 7726. For example, by texting “U MyBrand”, the subscriber number is removed from the DND registry for the sender ID MyBrand.

Restricted Content

Messages that contain this content are forbidden:

• Adult content.
• Tobacco-related content.
• Gambling-related content.

Best Practice and Compliance Reference

• Consent Management Service FAQ
• Consent Management Service Policy
• Telecommunications and Digital Government Regulatory Authority