Log in Documentation Status

Skip to content
Schedule a Meeting

What Businesses Need to Know About SANs Before Making Telemarketing Calls

Relying on a vendor's SAN can leave you open to massive DNC violations. Discover why your company must hold its own SAN and how to properly set it up.

SAN Article graphic

Article Key

Click on the topic and it will automatically scroll you to the relevant section.

  1. What Is a SAN?
  2. How to Obtain a Subscription Account Number (SAN)
  3. Why Is SAN Registration Necessary for Do Not Call Compliance?
  4. How Much Does a SAN Cost?
  5. Do Not Call Registry Exemptions
  6. Can You Use Pre-Scrubbed Lead Lists for Do Not Call Compliance?
  7. What Is Unattributed DNC Scrubbing?
  8. Enforcement Example: Lead Lists That Were Not Properly Checked Against the Registry
  9. Enforcement Example: Accessing the Registry Using Another Company’s SAN
  10. Why Using a Compliance Vendor Matters
  11. A Critical Warning: A Compliance Vendor Should Ask for Your SAN
  12. The Risk of a False Sense of Compliance
  13. Conclusion
  14. FAQ

Abstract:
Organizations that make telemarketing or sales calls must comply with the National Do Not Call Registry under the Telemarketing Sales Rule, including regularly screening their call lists against registry data. This process must be tied to a Subscription Account Number (SAN), which connects registry access and compliance activity to the organization placing the call.

When companies rely on pre-scrubbed lead lists or compliance processes that are not tied to their own SAN, they may create gaps in their ability to demonstrate compliance.

  • A SAN is required to access the National Do Not Call Registry
  • Call lists must be scrubbed no earlier than 31 days, against the National Do Not Call Registry, at the time calls are made.
  • Pre-scrubbed leads do not transfer compliance responsibility to the buyer
  • Unattributed SAN scrubbing can occur when lists are screened under one entity’s SAN but used by another organization to place calls, this is a violation.
  • Any company acting as a seller or telemarketer that conducts telemarketing calls, whether to numbers on or off the DNC Registry, may be subject to violations if they have not purchased a SAN. Violations can carry fines of up to $53,088 per call, with each individual call potentially constituting a separate violation.
  • Registry access and screening should be tied to the caller’s SAN
  • Using another company’s SAN or vendor-only scrubbing can create compliance gaps
  • When using third parties such as BPOs, each seller must maintain its own SAN and registry subscription
  • Violations of Do Not Call rules can result in significant penalties and enforcement actions
  • The first five area codes are free, while additional registry access requires annual subscription fees

SAN Registration, Lead Lists, and the Hidden Risk of Unattributed DNC Scrubbing

Organizations that make telemarketing or sales calls are required under the Telemarketing Sales Rule (16 CFR Part 310) to check their call lists against the National Do Not Call Registry before contacting consumers.

What many organizations do not realize is that this compliance process must be tied to their own Subscription Account Number (SAN).

A SAN is more than just a registration number. It is the mechanism that connects registry access, list scrubbing, and compliance accountability to the organization placing the call.

When companies rely on pre-scrubbed lead lists, or on compliance processes that are not tied to their own SAN, they may unknowingly create a compliance gap sometimes referred to as unattributed DNC scrubbing.

Any business operating as a seller or telemarketer is potentially subject to violations if it conducts telemarketing calls without first obtaining a Subscription Account Number (SAN). This applies regardless of whether the called numbers are listed on the Do Not Call Registry. With fines of up to $53,088 per call — and each call potentially treated as a distinct violation — the financial exposure can be substantial.

Understanding how SAN registration works, and how it relates to telemarketing compliance, is essential for any organization conducting outbound calling campaigns.

What Is a SAN?

Organizations obtain a Subscription Account Number (SAN) when they register to access the National Do Not Call Registry, which is administered by the Federal Trade Commission.

The SAN functions as the account identifier that authorizes telemarketers, sellers, and service providers to download registry data used to screen outbound calling lists.

Access to the registry is governed by the Telemarketing Sales Rule. This rule requires telemarketers to check their calling lists against the registry before initiating telemarketing calls.

Under 16 CFR §310.8, organizations must register for a SAN and subscribe to the appropriate area codes before they can access registry data.

Because registry access occurs through a SAN-registered account, registry subscriptions and downloads are associated with the organization that holds that SAN, establishing accountability for the entity responsible for screening its calling lists.

When organizations use a compliance provider to perform DNC scrubbing, the process can be further documented. Compliance vendors, like DNC.com, often maintain records showing when lists were scrubbed, which SAN the scrub was associated with, and when registry data was last synchronized.

These records can include:

  • The organization’s SAN associated with the scrub
  • Timestamps showing when lists were screened against the registry
  • Confirmation that the registry data used for the scrub was current

This documentation can be critical if an organization ever needs to demonstrate how and when its calling lists were screened for compliance.

How to Obtain a Subscription Account Number (SAN)

Organizations obtain a Subscription Account Number (SAN) by registering through the National Do Not Call Registry portal. This registration is required before an organization can access registry data used to screen outbound telemarketing call lists.

Step 1: Register Your Organization (Create Your SAN Profile)

  1. From a web browser, go to https://telemarketing.donotcall.gov/
  2. Select “Register New Users”
  3. Complete the Organization Information profile (business name, address, city, state, ZIP code, and related details)
  4. Enter either an EIN or SSN (as required by the portal)
  5. Enter the organization’s telephone number
  6. Select your function (for many organizations, this is “Seller”, if you fall under the exemption, put exempt)
  7. Identify your company’s designated representative for the SAN account
  8. Click Submit
  9. Review the Certification Agreements, then select “Yes, I agree” and click Certify

Step 2: Verify and Secure Your Account

After submission, complete these steps to avoid delays:

  • Record your Organization ID and login credentials shown on-screen. If credentials are not displayed or you cannot access your account, contact the registry for assistance through the portal.
  • Look for an email from donotcall.gov to verify your email address. Follow the verification instructions. If verification is not completed within the timeframe stated in the email, the profile may be deactivated.
  • After verification is completed, the registry will issue your SAN once processing is finalized.

Step 3: Subscribe to Area Codes

Once your SAN profile is active, you must subscribe to the area codes you intend to call.

  1. From the left navigation, select “Manage/Renew Subscriptions”
  2. Log in using the credentials from registration
  3. Click “Subscribe to Area Codes or Add Area Codes to Your Current Subscription”
  4. Follow the prompts to select the states and area codes you need

You can return later to review or add subscriptions by logging in at https://telemarketing.donotcall.gov/ as a current user and managing your area code subscriptions.

If the registration process is not completed and verified within the required timeframe, the profile may expire and need to be recreated.

Why Is SAN Registration Necessary for Do Not Call Compliance?

SAN registration is necessary because telemarketers must access the National Do Not Call Registry in order to screen their calling lists before contacting consumers.

Under the Telemarketing Sales Rule, telemarketers are required to check their calling lists against the registry and ensure that the registry data used for screening is no more than 31 days old.

Because registry access occurs through a Subscription Account Number (SAN), the SAN links that compliance activity to a specific organization. In practical terms, it identifies which entity accesses the registry data used to screen telemarketing calls.

This connection is important because the organization placing the call is responsible for ensuring its calling lists are compliant.

This gets a little complicated when Sellers use a third party such as a Business Protocol Outsourcer (BPO). If a telemarketing company is calling on behalf of multiple sellers, each seller must have its own subscription and SAN.

Under the Telemarketing Sales Rule, there's different roles:

  • Seller – the company whose goods or services are being sold
  • Telemarketer – the company making the outbound calls
  • Service Provider – companies that assist sellers or telemarketers in telemarketing activities. (List brokers/Lead vendors, compliance vendors, dialers, data vendors, etc)
  • FTC TSR definitions under 16 CFR §310.2
  • FTC business guidance on telemarketing compliance
  • A telemarketer cannot share registry access across multiple sellers
  • The cost of registry access cannot be split across sellers
  • Each seller must subscribe individually to the registry data used for their campaigns.

Sources supporting these definitions include:

In addition:

The FTC registry FAQ explains: A telemarketer may not use registry data to place calls on behalf of more than one seller unless each seller has its own subscription and SAN.

The SAN therefore plays an important role in establishing accountability. It ties registry access and compliance activity directly to the organization conducting the telemarketing campaign.

Without this link between registry access and the calling organization, it becomes more difficult to demonstrate how and when calling lists were screened for compliance.

This is where problems can arise when organizations rely on pre-scrubbed lead lists or compliance processes that are not tied to their own SAN.

How Much Does a SAN Cost?

Access to the National Do Not Call Registry is based on the number of area codes an organization subscribes to.

Under the Telemarketing Sales Rule, the registry follows a tiered pricing structure:

• The first five area codes are available at no cost.
• Additional area codes require an annual subscription fee per area code.
• Organizations that access a large number of area codes may reach a maximum annual fee cap set by the FTC.

During registration, the FTC may display a total database value exceeding $22,000, which reflects the cost of nationwide access. However, this amount is not an invoice unless an organization selects and subscribes to those area codes.

Certain organizations, such as charities and other exempt entities, may qualify for free access to the registry.

Do Not Call Registry Exemptions

While the National Do Not Call Registry restricts telemarketing calls to registered numbers, the Telemarketing Sales Rule, 16 CFR §310.4(b)(1)(iii), does recognize several limited exemptions that may allow certain calls to occur.

These exemptions are designed to allow legitimate business communications in specific circumstances while still protecting consumers from unwanted telemarketing.

The referenced exemptions include:

  1. Established Business Relationship (EBR)
  2. Prior Express Written Consent
  3. Calls From Certain Organizations

An Established Business Relationship (EBR) exists when a consumer has an existing relationship with a company based on a recent transaction or inquiry.

Under the TSR, an EBR may allow a company to contact a consumer whose number appears on the Do Not Call Registry for a limited period of time following that interaction.

However, if a consumer asks a company not to call them again, the company must honor that request regardless of the EBR. EBR defined under 16 CFR §310.2(n).

Consumers may also authorize telemarketing calls by providing prior express written consent.

When valid consent is obtained, the consumer has effectively agreed to receive marketing communications from the organization that obtained the consent.

This consent must meet specific disclosure and documentation requirements under federal telemarketing regulations.

Certain types of organizations are generally exempt from the National Do Not Call Registry restrictions, including:

• charities
• political organizations
• telephone surveyors that do not involve sales

However, even these organizations may still be subject to other telemarketing regulations or internal do-not-call requirements.

Can You Use Pre-Scrubbed Lead Lists for Do Not Call Compliance?

No. Purchasing pre-scrubbed lead lists does not transfer compliance responsibility under the Telemarketing Sales Rule to the buyer.

Many organizations purchase lead lists that are advertised as “DNC scrubbed” or “Do Not Call compliant.”

However, relying on a lead vendor’s scrub does not necessarily satisfy an organization’s compliance obligations under the Telemarketing Sales Rule.

Under the TSR, telemarketers must ensure that their calling lists are checked against the National Do Not Call Registry and that the registry data used for screening is no more than 31 days old.

This requirement applies to the entity placing the call, not the company that generated or sold the lead list.

When a lead vendor scrubs a list against the registry using its own SAN and then sells that list to another company, the buyer may not have a record showing that the numbers were screened under its own registry access.

Without that connection, it can be difficult for the calling organization to demonstrate:

  • when the list was last scrubbed
  • which registry data was used
  • whether the screening occurred within the required 31-day window
  • whether the screening was tied to the caller’s SAN

This situation can create a compliance gap between the regulatory requirement to screen calling lists and the caller’s ability to demonstrate that the screening occurred under its own registry access.

If a lead vendor scrubs a list using their SAN and then sells those leads to another company, the buyer still has an independent obligation to ensure that the numbers are compliant before calling.

Simply relying on a vendor’s prior scrub does not satisfy this requirement.

This situation creates what can be described as unattributed DNC scrubbing.

What Is Unattributed DNC Scrubbing?

Unattributed DNC scrubbing occurs when a list is screened against the National Do Not Call Registry under one entity’s SAN, but the numbers are later used by a different organization to conduct telemarketing calls.

For example:

  1. A lead vendor downloads registry data under its SAN
  2. The vendor scrubs a lead list against that data
  3. The vendor sells the leads to multiple buyers
  4. The buyers begin calling those leads without performing their own registry screening

In this scenario, the organizations placing the calls may not have documentation showing that the lists were screened against the registry under their own SAN.

This can make it more difficult to demonstrate compliance with registry screening requirements.

Enforcement Example: Lead Lists That Were Not Properly Checked Against the Registry  

FTC enforcement actions demonstrate that companies cannot rely solely on lead vendors to ensure compliance with the National Do Not Call Registry.

In one case, the Federal Trade Commission brought an enforcement action against home security telemarketing company Versatile Marketing Solutions.

According to the FTC complaint, the company purchased consumer leads from lead generators and then placed telemarketing calls to those numbers. Many of the consumers contacted had already registered their phone numbers on the National Do Not Call Registry.

The FTC alleged that the company failed to independently check the numbers against the registry before placing telemarketing calls, resulting in violations of the Telemarketing Sales Rule. The case resulted in a $3.4 million penalty judgment.

When announcing the case, the FTC emphasized an important compliance principle:

Companies that buy lead lists must exercise due diligence when they purchase phone numbers or they can be responsible for illegal telemarketing calls.

This case illustrates a key point for organizations that purchase marketing leads. Even if a lead vendor claims that a list has been screened, the organization placing the calls remains responsible for ensuring that the numbers are properly checked against the National Do Not Call Registry before initiating telemarketing calls.

Enforcement Example: Telemarketing Campaign Calling Numbers on the Do Not Call Registry

Another enforcement action illustrates the scale of liability that can arise when telemarketing campaigns fail to properly screen calling lists against the National Do Not Call Registry.

In a case brought by the Federal Trade Commission, telemarketing company Day Pacer was accused of placing millions of unsolicited telemarketing calls to consumers whose numbers were listed on the National Do Not Call Registry.

According to the FTC, the company made approximately 3.6 million telemarketing calls to registered numbers as part of job-related marketing campaigns. The calls were alleged to have violated provisions of the Telemarketing Sales Rule, which prohibits telemarketers from contacting consumers whose numbers appear on the registry unless a valid exemption applies.

The case ultimately resulted in a civil penalty approaching $29 million, demonstrating the significant financial risk that can arise from non-compliant telemarketing practices.

This enforcement action reinforces a key compliance principle: organizations conducting telemarketing campaigns must ensure that their calling lists are properly screened against the National Do Not Call Registry before placing calls.

Enforcement Example: Accessing the Registry Using Another Company’s SAN

The Federal Trade Commission has also brought enforcement actions involving companies that attempted to access the National Do Not Call Registry using another entity’s subscription.

In one case, the FTC brought an action against telemarketing company PBS, alleging that the company accessed registry data using the Subscription Account Number (SAN) of a separate affiliated company rather than maintaining its own registry subscription.

According to the FTC complaint, PBS used the SAN of an affiliated insurance company in order to avoid paying the registry subscription fees required under the Telemarketing Sales Rule.

The FTC alleged that this practice violated the TSR because telemarketers must properly subscribe to the National Do Not Call Registry before accessing registry data used for compliance screening.

When announcing the case, the FTC emphasized that attempts to bypass the registry’s subscription requirements undermine the accountability structure built into the Do Not Call system.

An FTC official warned:

“Sellers who try to skirt the Do Not Call rules on technicalities are asking for trouble.” ¹

This case illustrates that registry access is intended to be entity-specific, and that organizations cannot rely on another company’s SAN to meet their own compliance obligations.

¹ FTC Press Release, FTC Announces First Case Highlighting Application of Do Not Call Provisions to Corporate Affiliates.

Why Using a Compliance Vendor Matters

Maintaining compliance with the National Do Not Call Registry involves more than simply downloading registry data. Organizations must ensure that their calling lists are regularly screened against the registry, that the registry data used for screening is current, and that appropriate records are maintained.

For organizations conducting large outbound calling campaigns, managing these processes internally can become complex. Calling lists may come from multiple sources, campaigns may change frequently, and the registry must be checked at least every 31 days under the Telemarketing Sales Rule.

Because of these operational challenges, many organizations work with compliance vendors that specialize in telemarketing compliance services.

These vendors can assist with a variety of compliance tasks, including:

  • Scrubbing calling lists against the National Do Not Call Registry
  • Maintaining documentation showing when lists were scrubbed
  • Identifying high-risk numbers, such as known litigators
  • Detecting reassigned or disconnected phone numbers

By centralizing these processes, compliance vendors can help organizations maintain a more consistent compliance workflow and reduce the operational burden associated with managing telemarketing compliance internally.

A Critical Warning: A Compliance Vendor Should Ask for Your SAN

When organizations work with a third-party provider to perform Do Not Call scrubbing, one important detail should not be overlooked.

A compliance vendor should request the organization’s Subscription Account Number (SAN) before performing registry screening.

The reason is straightforward. Registry access under the National Do Not Call Registry is tied to a SAN, which identifies the organization responsible for accessing registry data used to screen telemarketing call lists.

When a compliance vendor performs DNC scrubbing, that screening should be associated with the SAN of the organization conducting the telemarketing campaign. This helps ensure that registry access and compliance activity remain linked to the entity responsible for the calls.

In those situations, organizations may believe their lists were properly screened even though the compliance activity cannot be clearly associated with their SAN.

The Risk of a False Sense of Compliance

If registry screening is not tied to the caller’s SAN, organizations may face challenges demonstrating how their calling lists were screened for compliance.

For example, during a compliance review or investigation, regulators may ask:

  • when was the list screened against the registry
  • which registry data was used
  • which entity accessed the registry data
  • whether the screening occurred within the required 31-day window

Without documentation tying the screening activity to the organization’s SAN, it may be more difficult to demonstrate that registry screening occurred in accordance with the Telemarketing Sales Rule.

For this reason, many organizations choose to work with compliance providers, like DNC.com, that perform DNC scrubbing under the organization’s SAN and maintain records documenting when lists were screened.

Conclusion

Telemarketing compliance is built on accountability. The structure of the National Do Not Call Registry is designed to ensure that registry access, list screening, and telemarketing activity are tied to the organizations responsible for placing calls.

Enforcement actions involving lead lists, large-scale calling campaigns, and improper registry access demonstrate that regulators expect organizations to maintain clear oversight of their compliance processes.

For companies that rely on purchased leads, third-party telemarketers, or external service providers, understanding how registry access is tied to a Subscription Account Number (SAN) is an important part of maintaining that oversight.

Organizations that assume a vendor has handled compliance on their behalf may unknowingly create gaps in their documentation or screening processes. Ensuring that registry screening is performed under the organization’s SAN and that appropriate records are maintained can help reduce those risks.

For this reason, many organizations choose to work with reputable compliance providers that perform DNC screening under the customer’s SAN and maintain documentation showing when and how lists were screened.

At DNC.com, the compliance solutions are designed to ensure that registry screening is performed under your SAN and that screening activity is documented with clear timestamps and reporting. This approach helps organizations maintain a defensible compliance process while reducing the operational burden of managing DNC screening internally.

In an environment where telemarketing compliance continues to evolve and enforcement actions remain active, organizations that ensure their screening processes are tied to their SAN and properly documented place themselves in a far stronger position to demonstrate compliance.

FAQs

Do you need a SAN to access the National Do Not Call Registry?

Yes. Organizations must obtain a Subscription Account Number (SAN) before they can download registry data used to screen telemarketing calling lists.

 How often must telemarketers check the Do Not Call Registry?

Under the Telemarketing Sales Rule, telemarketers must ensure that their calling lists are screened against registry data that is no more than 31 days old.

Can a lead vendor scrub a list for another company?

A vendor may screen a list, but the organization placing the calls is still responsible for ensuring its calling lists are compliant and tied to its own SAN.

What is unattributed DNC scrubbing?

Unattributed DNC scrubbing occurs when a list is screened under one entity’s SAN but later used by another organization to place telemarketing calls.

Does a SAN apply to state Do Not Call registries?

In most cases, no. State Do Not Call registries are administered independently by state governments and generally operate outside of the National Do Not Call Registry system.

While organizations may need to comply with state-specific telemarketing rules or registry requirements, access to those systems typically does not rely on a SAN. There are a few states that use the National DNC Registry as their state list, rather than maintaining a separate one. The FTC notes that approximately thirteen states still administer their own independent registries, meaning the remaining states rely on or defer to the federal list. Because this landscape can shift as states update their laws, businesses should verify current state-specific requirements directly with the relevant state agency.

Does a SAN apply to the Reassigned Numbers Database?

No. The Subscription Account Number (SAN) is used specifically to access the National Do Not Call Registry administered by the Federal Trade Commission.

The Reassigned Numbers Database, which is administered by the Federal Communications Commission, uses a separate registration system and query-based access model. Organizations must register with the FCC to use the database, but this access is not tied to a SAN.

Do compliance vendors need your SAN?

A reputable compliance vendor must perform scrubbing under the customer’s SAN to ensure the screening is properly tied to the organization placing the calls.

Who is exempt from the Do Not Call Registry?

Certain organizations, such as charities, political organizations, and surveyors that do not involve sales, may be exempt from registry restrictions, but may still need to register for access.

How much does a SAN cost?

The first five area codes are free, while additional area codes require an annual subscription fee. The first five area codes are free. For fiscal year 2026, additional area codes are available for $82 per area code annually, with a maximum cap of $22,626 for access to all area codes in the registry. These fees are adjusted annually based on changes to the Consumer Price Index.