UK +44 (734) 008 7301
USA +1 (737) 395 8587
ChatGPT
Perplexity
Claude
Google AI
All Major Short Codes (2026) Sorted & Verified: Full SMS Short Code List
You received a text message from an unfamiliar 5-digit number.
This might be your bank. Might be a shipment update. It could be a scam.
Short codes are everywhere and most people have no idea who owns them or why they are there. This guide corrects that. We’ve put up a list of 60+ active SMS short codes per industry, along with all the info businesses need to know about short codes, how they work, how much they cost, and what the landscape will look like in 2026.
What Is an SMS Short Code?
A SMS short code is a 5 or 6 digit number that corporations, government agencies and platforms use to transmit large volumes of text messages. A short code is different from a normal 10-digit phone number. It is designed for bulk messaging — such as one-time passwords, bank fraud alerts, shipment notifications, promotional offers, etc.
In the United States, short codes are leased through the Common Short Code Administration (CSCA) and are permitted by major carriers such as AT&T, Verizon, and T-Mobile, with restrictions from CTIA guidelines. These are country specific, thus a short code will work in the US, but not the UK or Canada.
The important features of a short code:
- They are leased not owned and generally for a 3, 6 or 12 month period.
- They only work with one brand (carriers have deprecated shared short codes).
- They support high throughput – starting at 100 messages per second and growing into the thousands.
- They bypass the normal carrier filtering since they go through a vetting process before being activated.
- They also support SMS and MMS (MMS needs to be provided separately).
Types of SMS Short Codes: Vanity, Random, and What Happened to Shared
Today, there are two sorts of active short codes. A third form, shared short codes, has been discontinued.
Vanity short codes are selected by the brand for memorability or brand alignment. (CHASE spells 24273 on a telephone keypad.) The number 26435 spells ANGEL — utilized by Victoria’s Secret. Vanity codes lease for $1,000 a month and are used by large enterprises.
Random short codes — The register assigns short random codes. They have no brand meaning but act like vanity codes. Random short codes are leased at $500/month and are a cost-effective option for organizations who need the specialized short code functionality but don’t need a memorable number.
Shared short codes were widespread, when many businesses used one number and messages were directed by keyword. Carriers stopped shared short codes, where many firms could split one short code, in 2021. Why? Because there is zero accountability for spam and phishing abuse. There is no reliable way to detect rogue actors. All short codes in the US have to be allotted to one brand. There is still some legacy shared code lying around (more on that below).
Short Codes vs. 10DLC vs. Toll-Free: What Does What
Businesses don’t just send text messages with short codes. Here’s how the three possibilities break down:
| Feature | Short Code | 10DLC | Toll-Free |
|---|---|---|---|
| Number type | 5–6 digits | 10-digit local number | 10-digit 800/888/etc. |
| Throughput | 100–1,000+ msg/sec | 1–60 msg/sec | ~3 msg/sec (default) |
| Supports voice | No | Yes | Yes |
| Monthly cost | $500–$1,000 | Low ($10–$20/month) | Low–mid |
| Best for | Mass campaigns, OTPs, alerts at scale | SMBs, daily messaging, two-way | Customer support + SMS on one number |
| Approval time | 8–12 weeks | Days | Days–weeks |
Shortcodes are great for large-scale or repeating initiatives, but they demand significant advance time and cost. Toll-free lines are quicker to furnish and more budget friendly but still need verification. First comes the choice of the right route, but in 2026 permission is not delivery. Your opt-ins are ambiguous. Your campaign information is insufficient. Your traffic pattern raises red flags. Even compliance communications can be blocked.
For most small and mid-sized organizations, 10DLC is the best solution. It’s more cheaper than short codes, follows a familiar local number structure, and enables the types of messaging most businesses need, including reminders, notifications and customer answers.
Short codes remain the standard for enterprise-scale OTP distribution, national retail campaigns and banking warnings where millions of messages need to land within minutes.
The Complete SMS Short Code Directory (2026)
The short codes below are grouped by the sort of business or service that supports them. This list includes short codes with an average of 100+ searches/month in the US during the past year, verified against publicly available registration data and CTIA filings.
Banking & Financial Services
Banks send fraud alerts, 2FA one time passwords, transaction alerts and balance updates via specialized short numbers. These codes are heavily regulated — if Chase is texting you it will always be from 24273 or 242733, never a random 10 digit number.
| Short Code | Company | Primary Use |
|---|---|---|
| 24273 | JPMorgan Chase (spells CHASE) | Account alerts, transaction notifications, 2FA |
| 242733 | JPMorgan Chase | Extra Security at Sign-In codes, fraud alerts |
| 72166 | JPMorgan Chase | Fraud alerts, account security notifications |
| 24255 | Affirm | 2FA, purchase confirmations, payment reminders |
| 58083 | Affirm / Google / Venmo (legacy shared) | Verification codes, payment reminders |
| 73981 | Bank of America | SafePass 2FA, security alerts |
| 53849 | Bank of America | Fraud alerts, Zelle notifications, SafePass |
| 227898 | Capital One | Fraud alerts, account servicing, 2FA |
| 93557 | Wells Fargo (spells WELLS) | Text banking, 2FA, account alerts |
| 28581 | Cash App | Sign-in codes, payment notifications, security alerts |
| 72975 | PayPal | 2FA security codes, login alerts |
| 24463 | Chime | 2FA, transaction alerts, fraud warnings |
| 75243 | Plaid | 2FA/OTP for linking and verifying bank accounts |
| 99398 | Klarna / Twilio | 2FA, verification codes, purchase confirmation |
| 36726 | Fidelity Investments | 2FA/MFA login verification, security alerts |
| 56085 | Experian | 2FA/OTP, credit monitoring security alerts |
| 868722 | USAA (MY-USAA) | Fraud alerts, security codes, account notifications |
| 22622 | Netspend / PayPal Prepaid | Account balance and deposit alerts |
| 29946 | U.S. Bank | 2FA verification codes, account notifications |
| 43426 | GEICO | Roadside assistance, insurance notifications, 2FA |
| 23837 | Afterpay | Verification codes, account notifications, 2FA |
| 99354 | Progressive Insurance | App download links, Accident Response notifications |
| 86434 | Q2 Text Banking Alerts (multi-bank) | Banking 2FA, secure access codes |
Why do you sometimes receive financial texts from an unknown number? Sometimes banks will utilize secondary short codes for special functions – maybe fraud alerts from a separate short code than your normal account alerts. Text HELP back to the number to confirm. If the code doesn’t return a corporate name, treat it with suspicion.
Tech & Security Verification (2FA / OTP)
These codes are used nearly solely for two-factor authentication (2FA) and one-time passwords. If you get a code from one of these numbers that you didn’t ask for, it could mean someone is trying to get into your account — don’t give them the code.
| Short Code | Company | Primary Use |
|---|---|---|
| 22395 | Twilio / Authy / Shop Pay / Mailchimp | 2FA verification (legacy shared code) |
| 65821 | Okta | Identity verification, 2FA codes |
| 87892 | Microsoft | Verification codes |
| 69525 | Microsoft | MFA/2FA verification, account security |
| 26096 | Microsoft | MFA/2FA verification |
| 51789 | Microsoft | MFA/2FA verification |
| 22000 | 2FA codes, RCS Chat activation | |
| 78008 | Login.gov (U.S. Federal Government) | 2FA/OTP for US government website access |
| 88811 | Intuit (TurboTax, QuickBooks, Mint) | 2FA, security alerts, account verification |
| 25623 | ADP | Payroll/HR 2FA, workforce management notifications |
| 47458 | Yahoo / AOL | Account verification, 2FA |
| 50204 | WordPress.com (Automattic) | Blog comment notifications, account security |
A note on 22395: This is one of the most searched short numbers in the US because it seems to text from various companies. This is a relic of a shared code used by Twilio, a company that routes messages for various customers. Shared short codes are no longer given, although existing ones like 22395 are running under legacy agreements and will be phased out over time.
E-Commerce & Retail
Retailers use short codes to send promotional offers, flash sale notifications, order confirmations, shipment updates and loyalty program messaging. These are usually opt-in marketing programs – if you are receiving them without opting in, your number has probably been bought by a data broker or an opt-in with fine print.
| Short Code | Company | Primary Use |
|---|---|---|
| 61746 | Walmart | Order shipping notifications, delivery updates |
| 262966 | Amazon (spells AMAZON) | Shipment tracking, OTP delivery verification |
| 25392 | Amazon | Security 2FA, login alerts, OTP |
| 56457 | Kohl’s | SMS marketing, promotional coupons |
| 88607 | Domino’s Pizza | Order tracking, SMS ordering, delivery updates |
| 31524 | Pizza Hut | Deals and promotions |
| 34648 | Harbor Freight Tools | Promotional SMS, coupons |
| 53747 | Home Depot | SMS marketing (also heavily spoofed by scammers) |
| 64078 | O’Reilly Auto Parts | Loyalty program marketing alerts |
| 36682 | Fashion Nova | SMS marketing, promotional alerts |
| 22369 | Academy Sports + Outdoors | SMS marketing, promotional offers |
| 53744 | Kroger (Kroger Clicklist) | Grocery order updates, pickup/delivery notifications |
| 95730 | Cost Plus World Market | SMS marketing, promotional alerts |
| 26435 | Victoria’s Secret (spells ANGEL) | SMS marketing campaigns |
Important scam alert: Home Depot’s short code 53747 and FedEx’s short code 46339 are among the most commonly falsified short codes in the country. The scammers replicate their formatting to send phishing URLs. If any of these coded texts contain a link demanding for your personal information or payment, do not click.
Shipping & Delivery
| Short Code | Company | Primary Use |
|---|---|---|
| 28777 | USPS (spells 2USPS) | Package tracking, delivery notifications |
| 46339 | FedEx | Package shipment tracking (heavily spoofed) |
| 41063 | Uber | Account verification, ride updates, 2FA |
| 26266 | United Airlines | Flight status alerts, check-in reminders |
| 84285 | U-Haul | Automated SMS alerts, moving reservation updates |
| 47268 | OnStar | Vehicle diagnostics, EV charging alerts |
Social Media & Entertainment
| Short Code | Company | Primary Usage |
|---|---|---|
| 32665 | Meta / Facebook (spells FBOOK) | 2FA verification codes, password resets, notifications |
| 39041 | Meta (Facebook / Instagram) | 2FA, password reset codes |
| 32099 | Meta / Instagram | 2FA, password resets |
| 44398 | Hinge | SMS login verification, 2FA |
| 30368 | Tinder | SMS login verification, 2FA |
| 776836 | eBay | 2FA verification, account security OTPs |
Healthcare, Crisis & Non-Profit
| Short Code | Company / Organization | Primary Use |
|---|---|---|
| 898287 | CVS Pharmacy (TXT-CVS) | Prescription alerts, refill reminders |
| 85166 | Walmart Pharmacy | Prescription notifications, Rx pickup alerts |
| 21525 | Walgreens | Pharmacy Rx alerts, refill reminders |
| 56181 | Walgreens | Pharmacy alerts, identity verification, marketing |
| 64556 | DrFirst RxInform | Prescription fulfillment notifications |
| 53079 | U.S. Department of Veterans Affairs (VEText) | Appointment reminders, prescription tracking, VA health alerts |
| 91994 | Press Ganey | Patient satisfaction surveys, hospital follow-up |
| 89885 | Vagaro | Appointment reminders, booking notifications |
| 66458 | ParentSquare | School notifications, emergency alerts |
| 36794 | ParentSquare | School emergency alerts, parent/guardian notifications |
Wireless Carrier Short Codes
| Short Code | Carrier / Organization | Primary Use |
|---|---|---|
| 2300 | T-Mobile | MMS routing, message blocking error notifications |
| 7726 | CTIA (all carriers) | Forward spam texts to report to your carrier |
| 1511 | T-Mobile | Account notifications, system alerts |
| 6245 | Verizon / T-Mobile gateway | Email-to-SMS routing (spells MAIL) |
| 49674 | Spectrum (Charter Communications) | Service alerts, account notifications, 2FA |
| 87598 | Spectrum (Charter Communications) | Service alerts, appointment reminders |
| 266278 | Xfinity / Comcast (COMCAST4U) | Account management, service alerts, appointment reminders |
7726 is the global code for reporting spam. If you get a questionable text from any short code or phone number, forward it to 7726. It reports it to your carrier, starts an investigation, and helps protect other users. All the big US carriers support this – AT&T, Verizon, T-Mobile and others.
N11 Numbers (Essential 3-Digit Service Numbers)
These are not SMS short codes in the classic sense; they are 3-digit calling codes maintained by the FCC. But they do show up often in searches with short code directories, so here is the whole citation.
| Code | Service | What It Is |
|---|---|---|
| 211 | Community Services (United Way) | Local health, housing, food, and human services information |
| 311 | Non-emergency municipal services | Report potholes, graffiti, noise complaints, trash issues |
| 411 | Directory assistance | Phone number lookups (carrier-dependent) |
| 511 | Traffic and transportation info | Road conditions, travel advisories, transit info |
| 611 | Carrier customer support | Connects to your wireless carrier’s customer service |
| 711 | Telecommunications relay service | Connects hearing-impaired users to TRS interpreters |
| 811 | Call Before You Dig | Request underground utility line marking before excavation |
| 911 | Emergency services | Police, fire, ambulance |
| 988 | Suicide and Crisis Lifeline | Call or text for mental health crisis support |
The Real Way Businesses Get a Short Code in 2026
Here’s what the procedure looks like today if you’re a business considering a short code.
Step 1 — Select your short code type. You have options: vanity short code (you pick the number, $1,000/month) or a random short code (assigned by the registry, $500/month). Both are leased through CSCA for 3, 6 or 12 month leases.
Step 2 — Your campaign brief. You must document your use case, opt-in process, sample message content, opt-out flow (STOP keyword), and help answer (HELP keyword). Vague or incomplete briefs will be turned down.
Step 3 — Carrier assessment and approval. A carrier must authorize a business’s campaign before it may send traffic over a short code. All carriers usually control short codes in accordance with the CTIA’s Short Code Monitoring Handbook, as well as the Mobile Marketing Association, which requires all firms to obtain consent (opt-in) before contacting an individual.
Step 4 — Provisioning. The code gets activated once it is accepted by all the major carriers. Overall timeline: Most of the time it takes 8–12 weeks, sometimes more for more sophisticated use cases.
Step 5 — Continued compliance. Occasionally, your messaging program is subject to audits by the carrier. Review or suspension may occur due to content modifications, volume increases or high opt-out rates.
The honest cost picture: The monthly leasing payment is only the beginning. Add in provisioning fees, per-message carrier costs and the cost to construct or integrate an SMS platform. For many enterprises, short code messaging is no longer the best or most cost effective solution – and that’s where newer channels like A2P 10DLC and toll-free SMS shine. 10DLC is likely the less expensive option if your organization transmits fewer than 100k messages a month.
What’s New in Short Codes and Compliance (2026)
In the last two years, the standards governing SMS compliance have become a lot stricter and short code users are not exempt.
One-to-one consent update to TCPA: A significant event for US SMS marketers in 2026 was the Eleventh Circuit’s decision to vacate the FCC’s one-to-one consent rule, which had required consumers to provide consent to each individual business, rather than to the broad partner list of a lead generator. Recent developments included the US TCPA revisions with the Eleventh Circuit vacating the one-to-one consent regulation and the FCC’s update on consent revocation timescales. That does not mean SMS compliance has gotten easier, it indicates the specific mechanism for multi-brand consent is still in development. If you are unsure, collect your own explicit opt-ins.
Consent revocation is tighter. Updated rules from the FCC, as of April 2025, mandate businesses to respond more quickly to opt-out requests (STOP messages). When a subscriber texts STOP, you must stop messaging that number within a brief set frame, not at the end of a campaign cycle.
T-Mobile pricing adjustments effective January 2026: T-Mobile has announced new A2P SMS pass-through fee changes, effective January 19, 2026, impacting Short Code, 10DLC, and Toll-Free messages. These fees are passed through to end users by SMS platforms, therefore businesses employing short codes at scale may suffer per-message cost hikes based on their provider’s pricing structure.
CTIA HELP and STOP compliance is required. Each short code program must answer to HELP with a company name, program description, and opt-out instructions. All short code programs must honor STOP. These are not guidelines, they are obligations. Any code which does not respond to either keyword should be reported immediately.
Short Codes and the Future of RCS
Rich Communication Services (RCS) is the biggest fundamental change to commercial messaging in a generation, and it has immediate ramifications for short codes.
RCS is not a new kind of short code. You can’t send RCS via a long code, toll-free number, or short code. RCS is not a new sort of message that sits on top of your existing number infrastructure. It uses a completely different sender ID system, where businesses register RCS agents with confirmed brand identities instead of leasing numeric codes.
What this implies in practice: When RCS Business Messaging is live, your recipients will see your brand name, logo and verified checkmark instead of a 5-digit number. No number to look up, no short code directory to reference, no misunderstanding as to who is texting you.
RCS supports branded verified sender identities, encryption and a more engaging experience. As RCS corporate texting takes off, anticipate a similar verification and regulation structure to govern it.
Short codes aren’t going away overnight. Hundreds of millions of SMS messages are exchanged every day through short codes and the infrastructure that supports them is firmly ingrained in banking, healthcare and enterprise operations. However, new firms entering the market in 2026 will need to comply with the CTIA Messaging Principles and Best Practices and all US Mobile Network Operator criteria for RCS messaging — including unambiguous opt-in consent, transparent call-to-action language, and program-specific enrollment. We know the compliance framework. The channel is new.
The wise move for businesses right now: keep your existing short code or 10DLC infrastructure for backward compatibility, and start looking into RCS Business Messaging for forward-facing customer interactions.
Finding Out Who Owns an Unknown Short Code
You received a text message from an unidentified 5 or 6-digit number. This is what you should do.
Method 1 — Text HELP to the number. Under CTIA guidelines, all proper short code programs must reply with the company name, a description of the service, and opt-out instructions. It is the quickest and most reliable way of identification.
Method 2 — Check the number online. A search of the type “[short code] SMS” or “[short code] text message” will often turn up the owner in the first few results, through carrier databases, consumer forums or official corporate pages.
Method 3 — Verify standard STOP/HELP compliance. If a code doesn’t reply to HELP or STOP, it’s a big red flag. Forward it to 7726 and your carrier now.
How to spot a scam:
- Urgency language — “Your account will be suspended in 24 hours” is a manipulative strategy, not a legitimate bank notification.
- Unexpected links — if you receive a link in a text message from a number you don’t recognize, consider it possibly harmful until you have validated it.
- PINs or Verification Codes — No real organization will ever require you to provide an OTP or verification code to a caller or via a text.
- Wrong number format — If your bank usually sends SMS from a known short code, and you suddenly get an “account alert” from a 10-digit number, that’s a spoofing red flag.
- You get a code you did not request — This suggests someone else might be trying to access your account. Now change your password.
Why you might be texted from a short code you didn’t opt into:
- A company you do business with signed you up using fine-print consent language.
- The phone number you entered was used by a subscriber earlier.
- Your number was sold to a marketing list by a data broker.
- Worst case scenario, it’s spam or a fraud. Notify 7726.
Short Codes Around the Globe: US vs. Canada vs. UK
Short codes are peculiar to a country. The US registration has no interaction with overseas short code systems. A code that works for a US store will not get through to you in another country.
In the US, short codes are 5–6 digits, dedicated, through the CSCA, not shared (sharing codes were deprecated).
In Canada, under CWTA guidelines, codes are 4 to 6 digits in length and maintained in a separate registry. Often the same corporation will use an entirely different short code in Canada than it does in the US. Canada’s Anti-Spam Legislation (CASL) addresses opt-in criteria and is deemed more stringent than US TCPA standards in several ways. Canada has likewise implemented A2P long code registration requirements under CASL, effective 2024.
In the UK, short codes are 5 or 6 digits. Some ranges are set aside for certain reasons – codes beginning with 70 are used by charity, 72 by lotteries – so recipients get an immediate contextual clue as to who is texting them.
There is no global short code network. If you travel abroad, you will not get short code communications from services in your home country, and vice versa.