Most international teams configuring an SMS program for Mexico expect to register a sender name, just as they did in the UK, Australia, Nigeria, or Kenya. They go through the process, choose a branded sender ID, and get their first message out. The message arrives. The recipient sees a short code, not the brand name. In Mexico, this is not a deliverability problem. It is how the system works for everyone.
Sending business SMS in Mexico requires compliance with the Federal Telecommunications Institute (IFT) under the Federal Telecommunications and Broadcasting Law, regular verification of contact lists against REPEP (the public registry for avoiding advertising) before campaigns are sent, and explicit prior consent from recipients before any marketing or non-essential message is sent. Across the major Mexican mobile networks used for A2P messaging, alphanumeric sender IDs are generally replaced by carrier-approved short codes. No branded sender name appears on the recipient's phone for standard A2P SMS traffic.
This sender ID situation is the most operationally significant thing about Mexico's SMS environment and the one that most multi-market programs do not account for in their communications design. For fan notifications, staff dispatches, or operational alerts where the recipient's ability to recognize and trust the sender matters, it changes how programs need to be designed.
Three operators dominate Mexico's mobile market. Telcel, owned by América Móvil, holds approximately 58.7% of subscriber share and commands roughly 68.9% of mobile telephony revenue, making it the dominant route for any program requiring national reach. AT&T Mexico holds approximately 15.6% market share, and Movistar, operated by Telefónica, holds around 16.7%. Together these three cover effectively the entire addressable mobile audience.
Unlike markets where per-operator sender ID registration gives you different approval timelines per carrier, Mexico's requirement centers on short code provisioning. Alphanumeric sender IDs are technically configured in some programs, but across the major Mexican A2P networks the alphanumeric ID is generally replaced by a carrier-approved short code at delivery. The short code is what the recipient sees. Provisioning a recognized short code through an approved aggregator is how Mexican A2P programs establish their sender presence.
The consequences of this for program design are more significant than they first appear. In every other market covered in this series, a registered sender name in the sender field does part of the trust-building work before the recipient reads a single word. The recipient sees "HEALTHK" or "ACMEPOST" or "SAFECO" and already knows who is messaging them. In Mexico, they see a five or six-digit short code. The number that appears may be associated with the organization in the recipient's memory if they have received messages from that short code before, but it provides no immediate recognition for a new contact or an infrequent sender.
This creates practical consequences that programs should plan around. Recipients who do not recognize the short code may report the message as spam, which affects sender reputation with carriers. They may call customer support asking who sent the message. In a fraud-aware environment where SMS scams are a real consumer concern, an unidentified short code can trigger legitimate suspicion. And for programs where recipient trust is essential to the action being requested, such as a payment confirmation or a security alert, an unrecognized sender field actively works against the message's purpose.
Because the sender field in Mexico carries a short code rather than a brand name, every message must do the identification work that the sender field does in other markets. The message body is where your organization announces itself.
The operational standard is to open every message with a clear identifier: the organization's name, product name, or program name, followed by the content. A shipment notification that works in the UK as:
Delivery update: your order arrives Thursday between 2pm and 6pm.
needs to be structured differently in Mexico:
Acme Logistics: your order arrives Thursday between 2pm and 6pm.
This applies equally to operational messages and marketing messages. A welfare check from a field safety program, a shift reminder from a healthcare staffing platform, or a venue update from an event operations team should all open with a clear identifier that gives the recipient immediate context for why they are receiving the message from this short code.
Consistency matters as much as identification. If the same short code is used for transactional messages (payment confirmations, OTPs) and marketing messages (promotional offers), recipients quickly associate the short code with the organization. If the short code changes between campaigns, that associative memory is lost and every campaign starts from zero trust. Maintaining a consistent short code across all program communications is the mechanism through which brand recognition is built in the Mexican market. Provisioning a dedicated short code rather than sharing one with other organizations on a provider's platform is the infrastructure decision that makes consistency possible.
REPEP, the Registro Público Para Evitar Publicidad, is Mexico's national do-not-contact registry, managed by PROFECO (Federal Consumer Protection Agency) in coordination with the IFT. Mexican consumers can register their phone number to block commercial messages, and that registration is indefinite: once registered, the number remains on REPEP until the consumer actively removes it. Consumers can register at repep.profeco.gob.mx.
What makes REPEP operationally demanding compared to similar registries in other markets is the verification cadence. Organizations should ensure their marketing lists are regularly synchronized with REPEP before campaigns are sent, not just at the time of list acquisition or onboarding. A number that was not on REPEP when a contact opted in may be added to REPEP before the next campaign runs. Failure to honor REPEP registrations can result in PROFECO complaints and regulatory action.
For programs running at high frequency, weekly or biweekly campaigns across a large contact list, the REPEP check is an operational workflow step that must be automated rather than manually managed. It is not a one-time compliance gate. It is a recurring send-time requirement.
Violations of REPEP obligations can result in regulatory sanctions and financial penalties under the Federal Consumer Protection Law, administered by PROFECO and the IFT. Organizations should treat REPEP compliance as an operational workflow requirement rather than a one-time setup task.
Mexico's data protection framework for SMS programs rests on two pillars. The Federal Telecommunications and Broadcasting Law and IFT regulations govern the telecommunications channel and require explicit consent before sending marketing or non-essential messages. The Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP), Mexico's data protection law, governs how that personal data, including the phone number itself, is collected, stored, and used.
Explicit consent must be freely given, specific, and informed. The recipient must know who is sending messages, what type of content they will receive, and how to stop receiving it. A pre-ticked box or bundled consent inside general terms does not satisfy the standard. Organizations should maintain records showing what communications the recipient agreed to receive.
For B2C programs, the practical baseline is: explicit opt-in before the first message, working opt-out in every subsequent marketing message, and immediate processing of opt-out requests with a confirmation response. Operational and transactional messages arising from an existing customer relationship generally have a different legal basis than promotional marketing, although organizations should still document the relationship supporting those communications.
Promotional messaging is generally subject to permitted sending-hour restrictions and should not be sent between 9 PM and 9 AM local time. For programs running nationally across Mexico, local time is largely uniform: Mexico operates on Central Standard Time, with parts of the northwest on Mountain Time. A campaign scheduled at 8 PM in Mexico City is within the generally accepted window. A campaign scheduled at 10 PM is not.
Mexican compliance requirements specify that opt-out mechanisms must function in Spanish. ALTO (STOP in Spanish), AYUDA (HELP), and BAJA (unsubscribe) are the standard keywords and must be honored when received. Programs built around English-only opt-out keywords miss a meaningful share of the population that will send ALTO, BAJA, or equivalent Spanish terms and expect those to be recognized as opt-out requests.
A confirmation message should be sent acknowledging the opt-out immediately when a request is received. The opt-out must be processed before any subsequent marketing message is sent to that number.
Mexico does not require opt-out keywords to function in languages other than Spanish, but programs serving specific regional or community populations should consider whether language inclusivity in opt-out handling is appropriate for their audience.
For organizations coordinating field staff, venue operations, event crews, or logistics teams in Mexico, the compliance picture differs from consumer marketing in the same ways it does in the US and UK. Messages arising from an employment or contractor relationship, including dispatch notifications, schedule changes, safety alerts, and coordination messages, present a different compliance profile from promotional marketing campaigns.
The operational use case is particularly relevant for large-scale operations across Mexico. A program coordinating ticketing staff, venue vendors, and security teams across a stadium event in Mexico City or Guadalajara involves hundreds or thousands of individual message recipients where the relationship is professional, the messages are expected, and the content is operational. Logistics fleets coordinating cross-border freight between Mexico and the US, manufacturing plants in the maquiladora corridor managing shift changes and safety alerts, airlines managing ground crew and gate operations across AICM and other major airports, hotel and hospitality groups coordinating housekeeping and maintenance teams across resort properties: these are the programs where the employment and contractor relationship provides the legal basis for communication and where the REPEP and consumer marketing consent architecture does not apply in the same way.
Two-way SMS is supported across Mexican networks, which makes reply-based acknowledgment workflows, opt-out capture, and interactive coordination fully functional. Unlike Rwanda and Uganda where standard A2P two-way SMS is unavailable, Mexico supports the full range of interactive workflow design.
BYOC architecture is particularly relevant for programs that operate across Mexico and other markets simultaneously. When a multi-market program adds Mexico, the workflow, contacts, consent history, delivery logs, and suppression records stay exactly where they are. Only the Mexican connectivity changes: an approved aggregator route is connected, the REPEP synchronization step is added to the existing suppression workflow, and the short code is provisioned. For an enterprise event or logistics operation running programs in Mexico, the US, and France from a single platform, that is what adding a new market should feel like, not rebuilding from scratch.
Mexico sits alongside Brazil in the Latin America cluster within this series. The two markets share some structural features, including explicit consent requirements, time window restrictions on promotional SMS, and the absence of a two-way A2P limitation. But they differ in important ways.
Brazil's sender ID provisioning takes approximately ten weeks and alphanumeric IDs are available on major carriers. Mexico's sender IDs are replaced by short codes regardless. Brazil spans three time zones that must be managed within the promotional window. Mexico's time zone situation is simpler. Brazil's WhatsApp penetration is among the world's highest and shapes channel strategy significantly. Mexico's WhatsApp penetration is substantial but the SMS and short code ecosystem remains the primary A2P channel for most business programs.
For the US SMS compliance post and the Canada SMS compliance post, the compliance architecture for North American programs serves as the natural entry point before expanding to Mexico. Organizations operating across all three markets should treat the REPEP verification step as a Mexico-specific addition to an existing suppression and consent workflow rather than a standalone compliance system.
Why does my brand name not appear when I send SMS in Mexico? Across the major Mexican A2P networks, alphanumeric sender IDs are generally replaced by a carrier-approved short code at the point of delivery. This is not limited to unregistered senders: it is how A2P delivery works in Mexico broadly. The short code is what recipients see. For brand recognition, the message body must clearly identify the sending organization, since the sender field will display a short code regardless.
What is REPEP and when do I need to check it? REPEP is Mexico's national registry for consumers who wish to block commercial messages, managed by PROFECO. Organizations should ensure their marketing lists are regularly synchronized with REPEP before campaigns are sent, not just at initial list acquisition. A number that is not on REPEP when consent is collected may be added before the next campaign. Honoring REPEP registrations is a legal obligation under the Federal Consumer Protection Law.
What are the permitted hours for marketing SMS in Mexico? Marketing and promotional SMS may not be sent between 9 PM and 9 AM local time. Operational and transactional messages arising from an existing relationship are generally not subject to the same time restriction, though best practice is to avoid messaging at antisocial hours regardless of message type.
What opt-out keywords must I support in Mexico? ALTO (STOP), BAJA (unsubscribe), and AYUDA (HELP) are the standard Spanish-language opt-out and help keywords. Programs built around English-only keywords do not satisfy the requirement for Spanish-speaking recipients. Opt-outs must be confirmed immediately and processed before any subsequent marketing message is sent.
Does Mexico's data protection law apply to organizations based outside Mexico? Organizations processing personal data relating to individuals in Mexico should assess their obligations under the LFPDPPP, regardless of where the organization is located. IFT regulations apply to messages delivered to Mexican recipients and organizations should ensure their consent collection, data storage, and opt-out handling practices align with Mexican requirements for any contact whose data is processed in connection with a Mexico SMS program.
This article provides general operational information and should not be considered legal advice. Organizations should consult qualified legal or data protection professionals regarding their specific compliance obligations under Mexican telecommunications and data protection law.
Talk to our team about building SMS program for Mexico and across your operating markets from one platform.