Lead Generation Compliance in 2025 – What Every Insurance Agent Needs to Know

Most agents are playing a dangerous game with lead generation, and they don’t even know it.

Between robocalls, spam texts, and sketchy lead vendors, regulators are cracking down harder than ever. The FCC’s one-to-one consent rule didn’t go into effect last month, but that doesn’t mean agents are safe. In 2025, non-compliant marketing isn’t just risky—it could cost you everything. Fines are getting bigger, carriers are paying closer attention, and if you think “everyone else is doing it,” that won’t save you when a lawsuit shows up.

Here’s the problem: Most agents don’t actually know the rules. They assume the Do Not Call Registry (DNC) only applies to robocalls. They think TCPA (Telephone Consumer Protection Act) violations only happen if you use an auto-dialer. They blast out emails without considering CAN-SPAM, and then wonder why their deliverability sucks. And let’s be real—half the “leads” agencies buy aren’t even gathered legally.

So, let’s fix that.

In this article, we’re breaking down what you actually need to know about lead generation compliance in 2025, including:

• The TCPA and why “but I dialed manually” won’t always protect you.
• The DNC rules (yes, you can call certain people on the list—under specific conditions).
• The 90-Day Rule and how it impacts follow-ups.
• The CAN-SPAM Act and why your emails keep landing in spam folders.
• The biggest compliance mistakes agents make—and how to avoid them.

Plus, we’re answering the most common questions we get, like:

• Can you still call someone on the DNC list?
• How long does an opt-in last?
• Why aren’t my texts going through?

At the end, I’ve got a lead generation compliance cheat sheet for you—so you can stop guessing and start marketing the right way. Let’s get into it.

The Telephone Consumer Protection Act (TCPA) and What It Means for Agents

Most agents don’t actually understand the Telephone Consumer Protection Act (TCPA)—and that’s a problem. The fines aren’t pocket change. We’re talking up to $1,500 per violation. Multiply that by a list of a few hundred bad calls, and you’re looking at the kind of lawsuit that could wipe out an entire agency.

Here’s the bottom line: If you’re generating leads, you need to know the TCPA rules cold. Otherwise, you’re one complaint away from a serious financial hit.

What Is the TCPA, and Why Should You Care?

The TCPA was passed in 1991 to stop spam calls, robocalls, and telemarketers from harassing people. It regulates how businesses (including insurance agents) can contact consumers, especially using automated dialing systems, prerecorded messages, and text messaging.

But here’s the kicker—even if you dial numbers manually, you can still violate the TCPA.

If you’re calling a cell phone without prior express written consent, and the recipient says they never agreed to be contacted, you’re at risk. Even if you typed in the number by hand. TCPA violations don’t just apply to robocalls.

How the TCPA Affects Lead Generation

If you’re buying leads, generating leads online, or cold calling, here’s what you need to know:

• You need consent to call cell phones. If a lead filled out a form on your website and checked a box saying they agree to be contacted, you’re good. If not? You’re rolling the dice.
• Purchased leads aren’t automatically TCPA-compliant. Just because a lead vendor says the lead opted in doesn’t mean it’s true. Always ask how the lead was generated and whether they have proof of consent.
• Texts are covered under TCPA, too. A lead opting in for a call doesn’t mean they agreed to receive texts. You need separate consent for that.
• Business numbers don’t have the same protection. The TCPA mainly protects consumer cell phones. Business numbers are fair game, but you still need to comply with other laws (like DNC rules).

The Biggest TCPA Myths That Could Get You in Trouble

Let’s clear up some of the most common misconceptions about TCPA compliance.

❌ “If I dial the number manually, I’m safe.”
Nope. If you’re calling a cell phone without checking the do not call registry, it doesn’t matter if you used an auto-dialer or your own two hands.

❌ “I bought the lead, so it must be compliant.”
Lead vendors don’t care about your legal risk. If they didn’t get proper consent, you’re the one on the hook.

❌ “If someone gives me their number, I can call them forever.”
Not even close. TCPA consent expires—it’s not a lifelong free pass to call someone.

How to Protect Your Agency from TCPA Violations

You don’t have to live in fear of compliance, but you do need to take it seriously. Here’s how to stay on the right side of the law:

✅ Get proof of consent. If a lead opts in, have documentation showing when and how they gave permission.
✅ Use compliant lead sources. If you’re buying leads, demand transparency on how they were collected. No proof? Don’t buy.
✅ Separate call and text opt-ins. Just because someone agreed to calls doesn’t mean they agreed to texts. Cover your bases.
✅ Honor opt-outs immediately. If someone says, “Stop calling me,” respect it. Don’t argue. Don’t try to get around it. Just stop.

The bottom line? If you’re doing lead generation, you need to be TCPA-compliant—no excuses. The fines are brutal, and the regulators aren’t messing around.

Up next, we’re breaking down the Do Not Call Registry (DNC) and the 90-Day Rule—because, yes, you can call certain people on the DNC list (under the right conditions). Let’s get into it.

The Do Not Call Registry (DNC) and the 90-Day Rule

Every agent knows about the Do Not Call Registry (DNC)—but almost no one understands how it actually works.

Most think it’s simple:
❌ “If someone’s on the DNC, I can’t call them.”
❌ “DNC only applies to robocalls.”
❌ “If they’re a lead, they’re fair game.”

Wrong. Wrong. And definitely wrong.

DNC rules aren’t just about cold calling random strangers. They apply to how you follow up with leads, prospects, and even past customers. If you don’t know the details, you could be handing your competitors an easy way to report you—or worse, putting yourself at risk for fines that could cripple your business.

How the DNC Works and Who It Applies To

The DNC Registry exists to stop unwanted sales calls. Consumers add their numbers to the list because they don’t want to be bothered. That means:

• You cannot call DNC-registered numbers for sales purposes unless you have a valid exception.
• It doesn’t matter if you dial manually or use an auto-dialer—DNC rules apply either way.
• The registry applies to personal phone numbers (both landlines and cell phones). Business numbers are not covered.

The 90-Day Rule: When You Can Call People on the DNC List

Here’s where most agents get it wrong: DNC does not mean you can never call someone.

If a consumer inquires about your services or has an existing relationship with you, the 90-Day Rule kicks in. That means:

✅ If someone fills out a quote form, you have 90 days to call them—even if they’re on the DNC list.
✅ If a prospect calls you first to ask about coverage, you can return their call.
✅ If they’re a current customer, you can contact them about their existing policy.

But once those 90 days are up? If they’re on the DNC, calling them is a violation unless they’ve given explicit written consent.

Can You Call Your Own Customers If They’re on the DNC?

Yes—but only under certain conditions.

You can contact current customers about service-related issues, renewals, and policy updates.
You cannot call them just to pitch new products unless they’ve given permission.

If a customer tells you, “Stop calling me,” guess what? You have to stop. Even if they’re an active policyholder.

The Biggest DNC Myths That Could Cost You

❌ “If a lead gives me their number, I can call them forever.”
Nope. Their opt-in has a time limit. If they inquired three years ago and never became a customer, that lead is cold—and DNC rules apply.

❌ “If I buy leads, I don’t have to worry about DNC.”
Wrong. If a lead provider sells you a DNC-listed number without proper consent, you’re still responsible. Never assume purchased leads are compliant.

❌ “DNC doesn’t apply to text messages.”
Yes, it does. If you can’t call someone, you definitely can’t text them.

How to Stay Compliant with DNC Rules

✅ Track lead inquiries. If a prospect opts in, log the date. You’ve got 90 days—don’t mess that up.
✅ Keep proof of consent. If someone gives written permission to be contacted, save it. A verbal “yeah, call me anytime” won’t hold up in court.
✅ Scrub your call lists. Before dialing, check if numbers are on the DNC Registry. There are tools for this—use them.
✅ Respect opt-outs immediately. If someone says stop calling, stop calling.

Bottom line? DNC compliance isn’t optional. It’s one of the easiest ways to get fined, sued, or banned from running ads.

Next up, we’re getting into email and text compliance—because if you think cold calling is risky, wait until you see what happens when your emails break CAN-SPAM rules.

Why Your Emails and Texts Aren’t Getting Delivered (And How to Fix It)

You can have the best lead generation strategy in the world, but if your emails and texts never reach your prospects, it’s all worthless.

Here’s the harsh truth: Most agents have no idea how email and text authentication works. They blast out emails, get zero responses, and assume email marketing is dead. Or they send texts, only to find out later that most never got delivered.

This isn’t just about compliance—it’s about making sure your messages actually land where they’re supposed to. And if you’re not setting up domain authentication the right way, your emails are already getting flagged as spam before they even hit an inbox.

What Is Domain Authentication, and Why Does It Matter?

Email providers (like Gmail, Yahoo, and Outlook) don’t trust emails that look suspicious. If your email domain isn’t properly authenticated, your emails look like spam—even if they’re completely legit.

When that happens, your emails:

• Get filtered into spam folders.
• Get blocked entirely (without you even knowing).
• Hurt your sender reputation, making future emails even less likely to be delivered.

The same thing happens with text messages. If your domain and phone numbers aren’t authenticated properly, your texts get blocked by carriers before they ever reach a prospect.

How to Authenticate Your Domain for Better Email Deliverability

There are three main authentication protocols you need to have in place:

1. SPF (Sender Policy Framework)

Think of SPF as your email’s security pass. It tells email providers which servers are allowed to send emails on your behalf.

If SPF isn’t set up, your emails look suspicious because anyone—including spammers—could be sending from your domain.

✅ Fix it: Go to your domain settings and add an SPF record that includes your email service provider (like Google Workspace, Microsoft 365, or Mailgun).

2. DKIM (DomainKeys Identified Mail)

DKIM is like an official signature for your emails. It proves the email actually came from you and wasn’t tampered with.

Without DKIM, email providers can’t verify that your emails are real, which increases the chances of them being marked as spam.

✅ Fix it: Your email provider will give you DKIM records to add to your domain settings. Set them up, and your emails will instantly look more trustworthy.

3. DMARC (Domain-based Message Authentication, Reporting & Conformance)

DMARC is the final layer. It tells email providers what to do with emails that fail SPF or DKIM checks. Without DMARC, spammers can still spoof your domain, making it look like their emails are coming from you.

✅ Fix it: Set up a DMARC policy to tell providers whether to reject or quarantine unauthenticated emails.

What Happens If You Skip Domain Authentication?

• Your lead generation emails will get flagged as spam, even if they’re legitimate.
• Your email open rates will tank.
• Your domain could get blacklisted, making it nearly impossible to send emails in the future.

In short: If your authentication isn’t set up, your emails are dead on arrival.

Why Your Text Messages Aren’t Being Delivered

Texts used to be the wild west—send whatever you wanted, and it would almost always go through. Not anymore.

Now, carriers have AI-powered spam filters that automatically block messages they think look suspicious. And if you’re not following authentication rules, your texts aren’t going anywhere.

How to Fix Text Message Deliverability

✅ Register for A2P 10DLC Compliance
Carriers now require businesses to register their phone numbers for A2P (Application-to-Person) 10DLC messaging. If you don’t, your messages will get flagged as spam.

✅ Use Verified Short Links
Carriers don’t trust random shortened links (like Bitly). If you’re including a link in a text, make sure it’s from your own domain.

✅ Follow TCPA and DNC Rules
If you’re texting people without consent, your messages will get blocked. Period. Make sure you have proper opt-ins before sending anything.

Bottom Line: If You Don’t Authenticate, You’re Wasting Your Time

You could be sending out hundreds of emails and texts every week, but if your domain and phone number aren’t authenticated, most of them aren’t even being delivered.

Get your SPF, DKIM, and DMARC records set up. Register your phone number for A2P 10DLC. Make sure you’re following lead generation compliance rules.

Because if you’re ignoring this stuff, it’s not just hurting your marketing—it’s killing your chances of actually getting new business.

Next up, we’re answering the biggest compliance questions agents ask all the time—like whether you can still call DNC-listed leads, how long opt-ins actually last, and why some agents get away with things that others don’t.

The Most Common Lead Generation Compliance Questions—Answered

At this point, you know the major compliance rules: TCPA, DNC, the 90-Day Rule, and email/text authentication. But let’s be real—most agents still have a ton of unanswered questions.

And since regulators don’t exactly make this easy to understand, I’m breaking down the most common compliance questions agents ask all the time.

1. Can I Still Call Someone If They’re on the DNC List?

Yes—but only under very specific conditions.

You can call a DNC-listed lead if:
✅ They filled out a quote request or contacted you in the last 90 days.
✅ They gave explicit written consent to be contacted.
✅ They’re an existing customer, and the call relates to their policy.

You cannot call a DNC-listed lead if:
❌ They inquired more than 90 days ago and never became a customer.
❌ You bought the lead from a vendor that didn’t get proper consent.
❌ They told you to stop calling—even if they’re a current customer.

Mess this up, and you’re looking at fines up to $43,792 per violation. Yes, per call.

2. How Long Does an Opt-In Last?

It depends on how the lead opted in.

• If someone filled out a quote request – You have 90 days to call them, even if they’re on the DNC list.
• If they gave explicit written consent (checked a box agreeing to be contacted) – That consent lasts until they revoke it.
• If they’re a customer – You can call them about their policy indefinitely—but the second they say “stop calling,” you have to listen.

Moral of the story? Track your leads and their opt-ins. If you’re calling people from an old spreadsheet with no proof of consent, you’re asking for trouble.

3. Do These Rules Only Apply If I’m Using an Auto-Dialer?

Nope. That’s one of the biggest misconceptions about lead generation compliance.

TCPA and DNC rules apply no matter how you dial the number.

Auto-dialer or manual dial—it doesn’t matter. If you’re calling a DNC-listed number without permission, you’re breaking the law. The difference? Auto-dialers just make it easier for regulators to catch you.

4. Does the DNC Apply to My Existing Customers?

Yes and no.

✅ You can call current customers about their existing policy, renewals, or service issues.
❌ You cannot call them just to sell new policies unless they’ve given explicit permission.
❌ If a customer tells you to stop calling, you have to stop—DNC rules apply at that point.

If you want to sell new policies to existing customers via phone, get written opt-in consent. That way, you’re protected.

5. Why Aren’t My Text Messages Being Delivered?

If your texts aren’t going through, there’s a reason. Carriers don’t just block texts at random—there are specific triggers that make them flag your messages as spam.

The biggest reasons texts fail?
🚨 You’re not registered for A2P 10DLC – Carriers require businesses to verify their numbers for mass texting. If you haven’t done this, your messages are getting blocked.
🚨 Your messages look spammy – Too many links, ALL CAPS, weird formatting, or aggressive sales pitches trigger spam filters.
🚨 You’re texting people who didn’t opt in – If a lead never agreed to receive texts, carriers can block your messages automatically.
🚨 Your domain isn’t authenticated – If you’re linking to your website in a text and your domain isn’t verified, your texts might never be delivered.

Fix these issues, and your texts will actually start reaching prospects instead of disappearing into the void.

Compliance Isn’t Optional—But It’s Not Hard Either

Most agents screw up lead generation compliance because they don’t know the rules. And ignorance is expensive.

• DNC rules aren’t as restrictive as you think—you can call leads who opted in within the last 90 days.
• Written consent is your best friend—it protects you from fines and lawsuits.
• Domain and number authentication matter—without them, your emails and texts won’t even get delivered.
• Opt-in tracking isn’t a “nice-to-have”—it’s the difference between compliant marketing and a six-figure fine.

Compliance isn’t just about avoiding lawsuits—it’s about making sure your lead generation actually works. Because if your calls, emails, and texts aren’t getting through, your marketing is already failing.

Next, we’re wrapping this up with a lead generation compliance cheat sheet you can use to keep yourself protected. Let’s get to it.

Get Compliant, Stay Visible, and Generate More Leads

Here’s the reality—lead generation is only valuable if your calls, emails, and texts actually reach people and follow the rules. Too many agents either ignore compliance completely (and risk massive fines) or get so paranoid they stop marketing altogether. Both are losing strategies.

The agents winning in 2025 are the ones who:
✅ Understand TCPA, DNC, and email/text compliance so they don’t waste time on bad leads.
✅ Set up domain authentication so their emails actually land in inboxes.
✅ Keep their lead generation pipeline full without relying on risky tactics.

If you want a compliant, effective marketing strategy that doesn’t require constant guessing, you need a plan. That’s why we put together Create a Year’s Worth of Content in 30 Days!—so you can finally have content that attracts leads without violating every compliance rule in the book.

Because let’s be real—stressing over marketing and compliance is a waste of your time. Get your content dialed in, stay compliant, and let your agency grow the right way.