TRAI makes ‘pre-tagging’ of links in content templates of commercial SMS mandatory
New Delhi: The Telecom Regulatory Authority of India (TRAI) on Tuesday directed all access providers to mandate pre-tagging of every variable element—such as URLs, app download links, and callback numbers—in SMS content templates used for commercial communication.
TRAI said the measure is aimed at curbing misuse of registered templates by fraudsters who often in-sert malicious links or numbers to deceive users, leading to financial fraud, data theft and other cyber-crimes. With pre-tagging, SMS templates must clearly mark all changing components so telecom oper-ators can identify, verify and block harmful or fake messages.
Variable components are those parts of an SMS that may differ for each recipient, while the rest of the message remains static. Under the new rule, senders must specify the purpose of each variable at the time of registering the template. For example, a variable tagged as #url# indicates that it contains a web link. Without such tagging, operators cannot determine whether the inserted links or numbers belong to approved and whitelisted sources.
TRAI noted that investigations into unsolicited commercial communication (UCC) have repeatedly shown how the absence of pre-tagging has been exploited for phishing and fraud, allowing unverified URLs, app links and callback numbers to be inserted into approved templates undetected.
The directive aims to strengthen the anti-spam and anti-fraud ecosystem by ensuring complete visibil-ity of variable fields and enabling strict content scrubbing. Principal Entities (PEs)—including banks, in-surers, financial institutions and other businesses—must now categorise and register all variable ele-ments upfront, making them traceable and accountable.
Access providers and PEs have been given 60 days to update all existing templates. After this period, any message sent through non-compliant templates will be rejected.
TRAI said the move reinforces safeguards under the Telecom Commercial Communications Customer Preference Regulations (TCCCPR), 2018, and is expected to significantly enhance public safety by vali-dating each variable field before transmission.
The directive follows rising digital fraud cases where users are trapped through malicious links or callback numbers that can lead to malware, data breaches, identity theft and unauthorised access to bank accounts.
