TCPA Investigator’s Toolkit

Gather the right facts fast for Telephone Consumer Protection Act (TCPA) matters. Nothing here is legal advice; it’s educational. When in doubt, talk to an attorney.

Quick Start: What to Collect Right Away

You Should Have:

• Dates/times of every call or text (screenshots if possible)
• Full phone numbers used (including any short codes) and caller ID names
• Voicemails and recordings (save the audio files)
• Any opt-in pages, emails, or texts they remember interacting with
• Call-blocking app logs (Hiya, Truecaller, RoboKiller) and device call logs
• Notes about live-agent vs. prerecorded/artificial voice

From your phone/device:

• Export call history screenshots
• Save SMS threads as PDFs or screenshots
• Preserve voicemail files (download .m4a/.mp3)
• If Android: enable developer “bug report” only if comfortable (can capture telecom logs)

Send a preservation letter (see template below) within 24 hours to relevant carriers/platforms.

How to Figure Out Who Is Calling

1. Confirm the Calling Number Type
   • 10-digit (10DLC), toll-free (800/888/877/866/855/844/833/822), or short code (5–6 digits)?
   • Note variations in caller ID display and any spoofing indicators.
2. Identify the Underlying Carrier or Messaging Provider
   • Use a carrier/LRN lookup (local routing number) to see the current carrier-of-record.
   • For texts, note whether it’s 10DLC (A2P via a provider), toll‑free SMS, or short code.
3. Trace Through the Likely Path
   • Many campaigns originate from telephony platforms (e.g., Bandwidth, Onvoy/Inteliquent, Twilio, Telnyx, Plivo, RingCentral) on behalf of a brand/lead generator/marketer.
   • Subpoena or request business records from the platform and the downstream customer (see “Subpoena Scope” below).
4. Corroborate With Open-Source Clues
   • Reverse-number sites (crowd reports), WHOIS/domain history for landing pages, LinkedIn/BBB listings, and corporate filings.

Reverse Phone & Caller Research (OSINT)

Tip: Cross‑check across several tools; look for consistent data points (same business name, address, or domain) rather than a single hit.

Crowd report & spam intel

• 800notes • WhoCallsMe • ShouldIAnswer • Robokiller lookup • Hiya/Truecaller community entries

People/business directories (use cautiously; verify)

• Whitepages • Spokeo • BeenVerified • Intelius • FastPeopleSearch • Radaris • AnyWho

Carrier/LRN & CNAM lookups

• LRN/OCN lookup tools (identify current carrier-of-record)
• CNAM dip tools (caller‑ID name where available)

Short code & toll‑free

• U.S. Short Code Directory (ownership/brand)
• Toll‑free SMS registries/lookup via messaging providers

Domain & web footprint

• ICANN WHOIS • SecurityTrails/OpenCorporates • BuiltWith (tech stack) • Wayback Machine (archived opt‑in pages)

Social & business

• LinkedIn (employee roles like “Outreach,” “Lead Gen,” “Dialer Ops”) • BBB profiles • Google Business Profiles • State AG actions/consent decrees

Company Research Tools

Corporate identity & affiliates

• State Secretary of State entity searches (all 50 states + DC)
• OpenCorporates (cross‑jurisdiction entity graph)
• Trademark database (USPTO) for brand ties

Regulatory & litigation footprint

• PACER / CourtListener (dockets involving the number/brand)
• FTC/FCC enforcement actions and press releases
• State AG consumer protection announcements

Marketing infrastructure

• DNS records (SPF/DKIM/DMARC), MX records (email provider)
• Tag scanners (identify analytics/lead capture scripts)
• Cookie consent & privacy policy archives (to compare historical disclosures)

Lead Generators: How to Spot Them & Get Proof

Common signals

• Generic comparison or sweepstakes sites; forms that route to many “partners”
• Fine‑print consent blocks naming multiple companies or saying “our marketing partners”
• Rapid follow‑up calls from different brands after a single form submission

Proof to request

• Full lead file (fields captured, timestamps, IP, user agent)
• Consent certificate (e.g., TrustedForm, Jornaya/LeadiD) with the snapshot URL
• Source URL and referrer URL (including UTM parameters)
• Ping‑post logs (if used): bid, buyer, and transaction IDs
• Vendor contracts & SOWs between advertiser and lead vendor/affiliate

What to examine

• Was the consent clear and conspicuous? Was prerecorded/artificial voice disclosed?
• Was the consent prior express (or prior express written for marketing/prerecorded)?
• Does the consent cover the actual caller/texter, or only “partners” (often insufficient)?
• Timestamp/IP should align with the consumer’s location and device type.

Phone Records: Where & How to Obtain

Always send a preservation letter first. Carrier/legal department details change; verify current instructions on each carrier’s official legal process page before serving.

Major wireless carriers (consumer accounts)

• AT&T – Call/SMS logs, subscriber info, CPNI with customer consent or legal process
• Verizon – Call/SMS logs, cell-site limited data; voicemail access records
• T‑Mobile (incl. Sprint legacy) – Call/SMS logs; be mindful of legacy account systems

Cable/MVNO & VoIP providers

• Xfinity Mobile (Comcast) • Spectrum Mobile • Google Voice
• Telephony platforms (often the true origin for campaigns): Bandwidth, Onvoy/Inteliquent, Twilio, Telnyx, Plivo, RingCentral, 8×8, Vonage

Ask for (as applicable)

• Call Detail Records (CDRs) with originating/terminating numbers, timestamps, duration, trunk/SIP identifiers, and STIR/SHAKEN attestation
• SMS/MMS logs with sender ID, MO/MT direction, campaign/10DLC info (if stored)
• Account/subscriber info (name, address, billing, activation dates, IP logs for provisioning)
• Application logs (API request IDs, webhook logs, message IDs) from platforms
• Audio (IVR/prerecorded files) if stored; DNC list status and scrubbing logs

Consumer self‑help

• Clients can download recent call and text history from their account portals or apps; screenshots are helpful if downloads aren’t available.

Things We Can Request: Checklist

From platforms (Twilio/Bandwidth/Telnyx/etc.) for the target caller ID(s):

• Subscriber/customer of record and reseller chain
• All subaccounts/projects using the number(s)
• CDRs and SMS/MMS logs (MO/MT) with timestamps and message IDs
• API logs (request IDs, IPs, auth tokens redacted) and webhook logs
• STIR/SHAKEN attestation headers and any analytics/traceback data
• Associated toll‑free/short code registrations or 10DLC campaign IDs
• Any recordings, voicemail drops, or soundboard usage

From lead vendors/advertisers:

• Complete lead file + consent certificate (TrustedForm/Jornaya)
• Landing page HTML/CSS/JS snapshot for the opt‑in page at the time of consent
• Ping‑post or affiliate tracking logs (UTMs, gclid, fbclid)
• Contracts, SOWs, IOs, and payment records tying parties together

 Checklist of Information to Gather

1. Call & Text Records

• Itemized phone records from their carrier showing all incoming and outgoing calls for the relevant time period.

• Screenshots of text messages (SMS/MMS) received from the caller, including date/time stamps.

• Voicemail recordings or transcripts.

• Caller ID screenshots showing the phone number displayed during calls.

• If available, phone carrier verification that the calls/texts were received.

---

2. Written Communications

• Any emails, letters, or online messages from the caller.

• Opt-out or “Stop” request confirmations (e.g., reply texts, emails).

• Website form submissions they may have completed that could relate to consent.

---

3. Call Details

• Approximate start and end dates of when the calls/texts began and stopped.

• Frequency (e.g., daily, weekly, multiple times per day).

• Whether calls used a prerecorded or artificial voice.

• Whether they noticed automated dialing (pause or click before a person comes on the line).

---

4. Consent Evidence

• Any written agreements or contracts where they may have given a phone number.

• Sign-up forms from websites, stores, or services.

• Screenshots of terms and conditions they agreed to.

• Proof they withdrew consent, if applicable.

---

5. Caller Identification

• The name of the company or individual making the calls.

• Phone numbers used (including variations or “spoofed” numbers).

• Record of what was said during calls (especially if they identified themselves or their company).

• Any call recordings made by the client.

---

6. Impact & Damages

• Notes about disruptions (missed work, disturbed sleep, emotional distress).

• Any costs incurred (e.g., overage charges, international rates).

• Written timeline of when calls occurred and their effect.

---

7. Prior Complaints

• Copies of complaints filed with the FTC, FCC, or state attorney general.

• Reference numbers for any prior reports.

---

8. Device & App Data

• Call logs from phone apps (Truecaller, Hiya, etc.).

• Spam classification evidence from apps or carrier.

• Exported CSV or PDF logs if available.

TCPA RESEARCH SOURCES & TOOLS

1. Official Legal Sources

These are the primary laws and rules governing TCPA claims.

• Telephone Consumer Protection Act (TCPA) – Full Text
  https://www.law.cornell.edu/uscode/text/47/227
  Official U.S. Code text of 47 U.S.C. § 227.

• FCC TCPA Rules & Regulations
  https://www.fcc.gov/general/telephone-consumer-protection-act-1991
  Federal Communications Commission summary and guidance.

• Code of Federal Regulations – TCPA Provisions
  https://www.ecfr.gov/current/title-47/part-64
  Regulations implementing the TCPA.

---

2. Government Complaint Portals

Where clients can file complaints that may help establish a record of violations.

• FCC Consumer Complaint Center
  https://consumercomplaints.fcc.gov
  File complaints about unwanted calls, robocalls, and texts.

• Federal Trade Commission (FTC) – Do Not Call List
  https://www.donotcall.gov
  Register numbers and file complaints for violations.

• State Attorney General Offices
  Each state’s AG website often has a complaint form for unwanted calls. Example:
  https://www.naag.org/find-my-ag

---

3. Educational & Case Law Resources

For understanding precedent and examples of successful claims.

• National Consumer Law Center – TCPA Materials
  https://www.nclc.org
  Publications and consumer guides (some free, some paid).

• Public Justice TCPA Cases
  https://www.publicjustice.net
  Advocacy group with TCPA-related litigation updates.

• Justia TCPA Case Law Database
  https://law.justia.com/cases/federal/appellate-courts/F3/
  Search for “TCPA” in recent federal appellate decisions.

• Law360 TCPA Section (subscription)
  https://www.law360.com/consumerprotection
  News and case summaries involving TCPA.

---

4. Practical Tools & Call Tracking

Helpful for collecting evidence and identifying callers.

• Truecaller – https://www.truecaller.com
  Identifies and blocks spam callers; logs activity.

• Hiya – https://www.hiya.com
  Call screening and robocall blocking app.

• Nomorobo – https://www.nomorobo.com
  Stops robocalls and keeps logs of blocked calls.

• TrapCall – https://www.trapcall.com
  Unmasks blocked and spoofed numbers.

 

TCPA ACTION KIT

Part 1 — Quick Reference & Checklists

Evidence to Collect Immediately

• Call/Text Details

  • Date, time, and duration for each unwanted call/text

  • Full phone number (including country code) and caller ID name

  • Screenshots of call logs and text threads

• Audio/Visual Proof

  • Voicemail recordings (download as .mp3/.m4a)

  • Screenshots of prerecorded messages or texts

• Consent/Opt-In Evidence

  • Any web forms, emails, or documents where your number may have been provided

  • Copies of privacy policies or terms from sites visited

• Device Logs

  • Export call history (carrier portal, phone settings, or call-blocking app)

  • Call-blocker logs (Hiya, RoboKiller, Truecaller)

• Miscellaneous

  • Notes about the caller’s statements, offers, or company claims

  • Any changes in caller ID over multiple calls

---

Verification Checklist

Before moving to the investigative phase:

• ✅ Evidence stored in two locations (local + cloud/USB)

• ✅ Dates/times clear and visible in screenshots

• ✅ Numbers and caller IDs captured exactly as shown

• ✅ Any potential consent records found and saved

---

Part 2 — Step-by-Step Guide

Step 1 — Identify Caller Type

• Is it 10-digit (10DLC), toll-free, or short code?

• Do calls/texts come from multiple numbers?

• Any patterns (same time each day, similar voice/message)?

---

Step 2 — Research the Number

• Free Reverse Lookup: 800notes, WhoCallsMe, ShouldIAnswer

• Carrier/LRN Lookup: Identify underlying carrier-of-record

• Short Code Directory: If message is from 5–6 digit number

• Domain Search: If caller references a website, check WHOIS, archive.org, SecurityTrails

---

Step 3 — Gather Technical Data

• From carrier: Call Detail Records (CDRs), SMS/MMS logs

• From telecom platforms (e.g., Twilio, Bandwidth): API logs, SIP headers, STIR/SHAKEN attestations

• From lead vendors: Full lead file, consent certificates (TrustedForm, Jornaya), ping-post logs

---

Step 4 — Preservation Actions

Send a Preservation Letter within 24 hours to:

• Wireless carrier(s)

• Telephony platforms

• Lead generators / advertisers

---

Step 5 — Demand or Litigation Prep

• Once the caller is identified, prepare a Demand Letter citing TCPA violations.

• Include copies of your evidence and your settlement demand.

• Keep all correspondence professional and concise.

Part 3 — Letter Templates

A. Preservation Letter

Preservation Letter (Template)

Subject: Preservation Notice – TCPA Matter re: [Phone Number(s)]

To: [Carrier/Platform/Lead Vendor] Legal/Compliance

Please preserve all records relating to calls/texts to/from [list numbers] from [start date] to [end date], including: subscriber/account info; CDRs; SMS/MMS logs; SIP headers; STIR/SHAKEN attestations; application/API logs; recordings; opt‑in/consent records; and any traceback materials. Preservation extends to backups and third‑party hosted data.

[I/My attorney] will follow with appropriate legal process.

B. Consumer Demand Letter

[Your Name]
[Your Address]
[City, State ZIP]
[Date]

[Caller Company Name or Responsible Party]
[Company Address]
[City, State ZIP]

Re: Unlawful Telephone Calls/Text Messages – Demand for Settlement

To Whom It May Concern:

I have received [number] unsolicited [calls/text messages] from your company on my telephone number [your phone number] beginning on or about [date]. These communications were made without my prior express consent, and in some instances used a prerecorded/artificial voice or an automatic telephone dialing system, in violation of the Telephone Consumer Protection Act, 47 U.S.C. § 227 et seq.

Details:
– Date(s) and Time(s): [List]
– Originating Number(s): [List]
– Content Summary: [Brief description]

Under the TCPA, each violation is subject to statutory damages of $500, which may be trebled to $1,500 for willful or knowing violations. I am willing to resolve this matter without litigation for the total amount of $[amount], in exchange for a written settlement agreement and payment within [X] days.

If I do not receive a satisfactory response by [date – 14 days from letter], I reserve all rights to pursue legal remedies.

Sincerely,
[Your Name]
[Your Signature]

Tips for Success

• Always document in real time — courts and companies give more weight to contemporaneous notes.

• Don’t delete voicemails or texts — keep them in original format if possible.

• Keep all letters professional — emotional language weakens credibility.

• Consider certified mail for important correspondence.