SMS Registry

Under the Full SSIR Regime, all organisations wishing to send SMS messages to Singapore mobile numbers must register any alphanumeric Sender IDs that the organisations use. From 31 October 2022 to 30 January 2023, organisations can create an account and reserve their Sender IDs via the SSIR Portal. Reservation of Sender IDs will be on a first-come-first-served basis.

From 31 January 2023 onwards, when the Full SSIR Regime kicks in, all non-registered Sender IDs will be marked as “Likely-SCAM” as a default for a transition period of 6 months. Thereafter, messages with such non-registered Sender IDs will be blocked and not delivered to end-users.

You will need to create an account on the SSIR portal^#. SGNIC will process and verify your application, which will typically be completed within two working days*. Once your account has been approved, you will be able to log-in to the portal and reserve your preferred Sender IDs. The whitelisted^ Sender-IDs will thereafter be conveyed to the Participating Aggregators on a weekly basis. It may take up to nine working days to commence protection of the whitelisted SenderIDs upon approval.
 
*Provided that your submission is completed with ALL supporting documents such as CorpPass verification and the Participating Aggregators that your organisation works with.
 
^More time will be needed to register your preferred Sender IDs if they are not unique to your organisation’s brand/product, please provide supporting document such as website, screenshots, product brochures, collateral, etc.

All Organisations that send SMS with Sender IDs must first present a valid identification, i.e., the local unique entity number (“UEN”), as issued by relevant government agencies in Singapore. Organisations with the valid identification (i.e., the UEN) can then register with the SSIR, and protect the Sender IDs they wish to use when sending SMS to Singapore mobile users.
 
Foreign-based businesses can obtain a UEN by registering with the Accounting and Corporate Regulatory Authority (“ACRA”). A foreign business can either register as local subsidiary or register as a foreign branch office. Foreign-based businesses can then register for Sender IDs with SSIR via their local subsidiary or foreign branch office as long as the local subsidiary/ foreign branch office can present a valid UEN. Companies registered with ACRA will have to comply with the statutory and disclosure requirements of the Companies Act. 

A Letter of Authorisation (LOA) can be issued by the Singapore-registered subsidiary/foreign branch office to authorise other overseas branch offices, which need to send SMS with SSIR registered Sender IDs on the local subsidiary/foreign branch office’s behalf. This copy of the completed LOA needs to be submitted by the foreign-based business to the participating aggregator(s) engaged for the SMS delivery to Singapore mobile users. The LOA template for affiliates can be downloaded here.

Other non-business Organisations (e.g., charity organisation, societies, religious bodies) can also register with the relevant agencies that will issue UEN to these specific types of organisations. 

Please refer to the SSIR User Agreement

An invoice will be emailed to the registered user organisation’s designated billing contact.

Due to the large volume of user organisations who will be onboard the SSIR, SGNIC will not be able to register itself in your organisation’s finance/vendor/billing portal.

Participating Aggregators are SMS Aggregators licensed by the Infocommunications Media Development Authority (IMDA) to undertake the delivery of SMSes with Sender IDs registered with SGNIC.  They are listed here 

Only Participating Aggregators (PAs) can handle registered whitelist Sender IDs. A PA must be licensed by IMDA. More information on IMDA’s application procedures and license criteria can be found at Services-Based Operations (SBO) Licence - Infocomm Media Development Authority (imda.gov.sg). You can reach out to SGNIC at [email protected] if your Aggregator is not one of the PAs. SGNIC can work with you to onboard them. Alternatively, if your Aggregator is not keen to participate in the Registry, you may have to reroute your traffic through other PAs to ensure that the whitelist protection works correctly.

Each Sender ID cannot exceed 11 characters (including spaces, underscores or hyphens), cannot contain Chinese or Cyrillic characters, and should not be generic in nature. 

This is possible provided the below conditions are met:

1. Only 5-digit short codes starting with 7 can be registered;
2. The short code will need to be unique to the user organisation; and
3. The user organisation will need to submit supporting document(s) to the SSIR, showing that the short code was issued by a Mobile Network Operator in Singapore to the SMS aggregator that the user organisation is working with.

This is possible provided the below conditions are met:

1. Only numeric Sender IDs assigned by Mobile Network Operators in Singapore and sent by Participating Aggregators can be registered. SMS sent via SIM card with mobile number as Sender ID cannot be registered; 
2. Only LVNs from the 8 and 9 series can be registered, where you should register both the 10-digit LVN with “65” prefix e.g. 658xxxxxxx or 659xxxxxxx and the 8-digit LVN e.g. 8xxxxxx or 9xxxxxxx. The 2 versions of the LVN will be considered as one Sender ID for purposes of billing;
3. The LVN will need to be unique to the user organisation;
4. The user organisation will need to submit supporting document(s) to the SSIR, showing that the LVN was issued by a Mobile Network Operator in Singapore to the SMS aggregator that the user organisation is working with.

You can delete your submitted Sender ID via the portal and resubmit the correct Sender ID. Alternatively, you could reach out to SGNIC at [email protected].

Any whitelisting protection by the Registry will be applied to Singapore mobile numbers only. Organisations can choose to deliver such SMS messages carrying registered Sender IDs to foreign mobile numbers. However, foreign recipients may still receive SMS which spoof your Sender ID, if the messages pass through non-participating aggregators.

You should engage your SMS aggregator to investigate the issue. You may wish to keep the Registry [email protected] in the loop when you check with your aggregator.

You are also advised to take note of the following steps when sending SMS to avoid the SMS being converted into the “Likely-SCAM” thread: 
 
1. Make sure whitelisting has been effected - While users may have submitted an application to register a Sender ID, they will be able to send SMS using the Sender ID only after the whitelisting is effected by your aggregators participating in the SSIR (see point 4 below). Doing so before the effective date will result in the SMS being converted to “Likely-SCAM”. For example, if a user sends an SMS with a Sender ID where the status of that ID is still pending, the Sender ID will be converted to "Likely-SCAM". Users can obtain information on whether their application is successful and when the whitelisting will be effective by from their SGNIC account (see screenshot below where the latest status shows “Live” and effective date under the “Effective By” column).  It takes some time for applications to be processed as your identity needs to be verified in order to maintain the security and integrity of the registry. 
 

2. Sender IDs are case sensitive - Users should check their Sender IDs and ensure the Sender ID matches that of its whitelisted Sender ID before sending the SMS. To illustrate, “PineApple” and “PineAPPLE” are considered two different IDs. Using a Sender ID with a different upper/lower case format from that of the whitelisted Sender ID will result in the SMS being blocked or converted to “Likely-SCAM”. If users prefer to send using different Sender ID format i.e. upper/lower case, please register them with the SSIR.
 
3. Make sure all Sender IDs used have been whitelisted – Some users may use different Sender IDs for different types of SMS communications with their clients. Please ensure the Sender IDs used are whitelisted with the SSIR. If users are relying on service providers to send SMS and the SMS is sent using the Sender ID of the service providers, users should also check if their service providers have registered the Sender ID with the SSIR.  
 
4. Use only aggregators that are participating in the SSIR – We are aware of instances where users attempted to send their SMS with a whitelisted Sender ID through a SMS aggregator that is not participating in the SSIR. Please note that only aggregators that are participating in the SSIR (“Participating Aggregators”) are allowed to handle whitelisted Sender IDs. Whitelisted Sender IDs sent through non-participating aggregators will be blocked. Please refer to https://sgnic.sg/smsregistry/list-of-participating-aggregators for the list of Participating Aggregators. 
 
5. Participating Aggregators may require additional information from users  – While users may have successfully whitelisted their Sender IDs, they should also ensure that they have completed the registration with their Participating Aggregators. We understand that some of the users failed to provide documents requested by the Participating Aggregators for their due diligence checks and hence their account registration with these Participating Aggregators was not completed. This resulted in the Participating Aggregators disallowing the user from sending SMS at all or converting the SMS sent by these organisations to “Likely-SCAM”. 
 
6. Send a test SMS first – It is good practice for users to test-sending an SMS to ensure that the SMS will be delivered properly, before sending the SMS to the rest of their users. 

An organisation may authorise a representative to send SMS with the organisation’s registered Sender ID on its behalf. For example, a marketing firm is appointed by an organisation to run a marketing campaign for the organisation. To authorise the representative to send such SMS with the registered Sender ID on the organisation’s behalf, a  Letter of Authorisation (LOA) provided by the organisation who registered that Sender ID is required. The representative will need to provide the LOA to the participating aggregator engaged for the sending of the SMS. 

You can download the LOA template for representative here.

Security of the SMS account(s) and Sender ID(s) (SIDs) held with your Participating Aggregator(s) (“PAs”)

1. With the introduction of the Full SMS Sender ID Registry (SSIR) Regime on 31 January 2023, organisations using alpha/alphanumeric/numeric Sender IDs (SIDs) in their SMS messages to Singapore mobile users must first register the SIDs with SGNIC. Participating Aggregators(s) (“PAs”) will check to ensure that SMS bearing registered SIDs are sent from accounts of their registered owners or their authorised representative. However, scammers have been known to exploit vulnerabilities, such as picking on SMS accounts that have not been properly secured by their owners and take over these accounts to send unauthorised SMS. Organisations may suffer reputational damage, financial losses as well as operations disruption to their business from the compromised accounts.

2. To reinforce the security of your account(s) with the PA(s), please consider the following measures with your PA(s):

• update account credentials and Application Programming Interface (API) keys regularly;
• ensure API key is kept and protected on a secure Key Management System (KMS), managed by a trusted person from your organisation;
• remove any decommissioned or unused API keys;
• ensure 2 Factor Authentication (2FA) for admin account access is in place;
• check if your PAs support IP whitelisting, which may help to prevent unauthorized account access; and
• explore with your PAs to set a cap on the number of SMS or issue an alert if SMSes sent exceeded a certain volume per day.

3. It is strongly encouraged that you take proactive actions to enhance the security of your account(s) and SID(s) to safeguard yourself and your customers.

4. If you encounter any issues with your SMS delivery, please approach your PAs to ascertain the cause. You may also contact us at [email protected] if you require further assistance.