What is the SMS Sender ID Registry?

Scam texts aren’t just an annoyance — they erode customer trust, waste valuable time and cost consumers and businesses millions each year. Until now, fraudsters have been able to exploit a loophole in Ireland’s SMS system, sending messages that appear to come from trusted brands like banks, couriers or utilities. The message appears to come from the trusted source as it has the name (the “Sender ID”) of the organisation on the text message as opposed to just coming from a standard mobile number. That’s now changing.

The Commission for Communications Regulation (ComReg) and the telecommunications industry have introduced the SMS Sender ID Protection Registry, a new system that locks down branded sender IDs and prevents criminals from spoofing them. For the first time, organisations will be able to secure exclusive use of their own SMS sender ID name, making it far harder for bad actors to impersonate them.

SMS text remains hugely popular in Ireland. ComReg says that 2.3 billion text messages were sent in Ireland in 2024 and an estimated 615 million were from businesses. So, this is an important communication channel for many companies and anything that makes it more trustworthy is to be welcomed.

For companies and agencies that rely on bulk SMS to reach customers — whether for marketing, appointment notifications, booking confirmations, shipping updates or security codes — the scheme means some practical changes in how messages are sent. But more importantly, it represents a major step toward ensuring confidence in text messaging as a secure, reliable communication channel.

How the new ComReg Registry works

The new SMS Sender ID Protection Registry requires companies and agencies that want to use branded sender IDs to register them with ComReg, and Vodafone has been doing this with customers that use its Bulk SMS service for the past year.

Once registered, SMS aggregators and mobile operators must check against this registry before delivering messages. In the future, only verified senders will be able to use that specific alphanumeric ID. Fraudsters attempting to spoof a registered ID will have their messages blocked at network level.

Since July, you may have seen that messages from unregistered sender IDs have displayed the warning ‘Likely Scam’ and in the future, all networks will be required to block these entirely. Vodafone has already implemented this measure. For businesses, this means that any bulk SMS platform used for marketing purposes, sending notifications or authentication codes that uses a sender ID will need to ensure that ID is properly registered.

Why the scheme is necessary

SMS phishing, or “smishing,” has surged in Ireland in recent years. Banks, couriers, and telecom providers are frequent targets, with fraudsters sending texts that look authentic but link to fake websites. The introduction of sender ID controls removes the weak point that criminals could exploit.

By allowing businesses to secure exclusive use of their alphanumeric IDs, the registry will shut down one of the main avenues used to defraud the public.

“This isn’t just good for consumers. It’s also good for legitimate companies that rely on SMS because it will rebuild trust in SMS as a communications channel,” said Cillian Motherway, Cybersecurity Proposition Manager at Vodafone Ireland. “The scheme will also protect brand reputation, because even being impersonated in a scam can damage customer trust in a brand, even if the incident has nothing at all to do with the real brand.”

What the registry won’t stop

While this registry is a significant step forward, it’s not a silver bullet. Businesses need to be aware that bad faith actors will try to adapt and exploit other methods.

“Criminals can deploy thousands of real SIM cards in real phones to send high volumes of messages that look like “person-to-person” texts from individual numbers. Because these don’t use alphanumeric sender IDs, the registry won’t block them,” said Motherway.

“Sophisticated tools can also mimic the behaviour of individual phones, bypassing some spam filters and restrictions. These are harder to detect because they don’t rely on spoofed sender IDs. Scammers will likely also increasingly use other channels like WhatsApp and Telegram to deliver fraudulent messages and the Sender ID Registry does not extend to these platforms.”

Why this matters for companies

Even with the new registry, your customers may still be exposed to scams that impersonate your brand through different channels. If a customer is tricked by a fake SMS, WhatsApp message, or spoofed phone call that appears connected to your company, your brand could suffer reputational damage.

That’s why organisations should treat the registry as one piece of a broader mobile security strategy, not the sole solution. Protecting both employees and customers from mobile-based phishing is becoming critical. Solutions such as Lookout Mobile Endpoint Security from Vodafone Business, can help safeguard devices by detecting and blocking phishing links across SMS, email, WhatsApp and other messaging apps.

They can also identify malicious apps or unusual device behaviours that indicate security may have been compromised. They provide centralised visibility and control for IT and security teams and for companies with more than 25 employees, this type of protection is increasingly seen as essential, especially when sensitive data, financial information or customer trust is at stake.