Public records mean I can contact anyone however I want, right?

No. The data is fair to use, but the channel is regulated. CAN-SPAM governs email, the TCPA governs calls and texts, and Massachusetts adds its own telemarketing and do-not-call rules. The lead source does not change those obligations.

Which channel is safest for permit outreach?

Direct mail is the least regulated of the major channels — there is no federal equivalent to CAN-SPAM or the TCPA for physical mail, and mailing a permit address generally needs no prior consent.

Can I text or autodial homeowners from permit data?

Generally not without prior express consent. The TCPA treats automated texts and calls to mobile numbers strictly, and a permit filed with a town is not consent to be contacted.

TCPA, CAN-SPAM, and MA Permit Outreach: What's Legal

By the permits.llc team · Last reviewed April 7, 2026 · Optimal window: Any permit

TL;DR

A building permit is a public record — that does not mean the homeowner has consented to be contacted.
Three laws govern how you reach out: the Telephone Consumer Protection Act (TCPA), the CAN-SPAM Act, and Massachusetts telemarketing regulations.
Direct mail is the least regulated outreach channel for permit-based prospecting.
Know the rules before you send — the cost of a compliance mistake exceeds the value of any single job.

Building permit data is public. Any contractor, insurance broker, or home-service business can pull it, sort it, and build a list. That much is settled. What trips people up is the next step: assuming that because the record is public, the outreach is also unrestricted. It is not. The permit lives in a public database maintained by a municipality. The moment you pick up the phone, open an email tool, or fire off a text, you have left the world of public records and entered the world of federal and state consumer-protection law — specifically TCPA permit outreach Massachusetts practitioners need to understand before sending a single message.

This article covers the CAN-SPAM Act, the TCPA, and Massachusetts-specific telemarketing rules as they apply to service businesses using permit data. It is general information only, not legal advice. Rules in this space change, enforcement varies, and the facts of your specific situation matter. Consult qualified legal counsel before building or scaling any outreach program.

Does public permit data mean you can contact anyone however you want?

No — and the distinction is worth keeping clear. The data itself is fair to use. Municipalities publish permit records precisely so the public can access them, and there is nothing legally improper about downloading that data, organizing it, or identifying potential customers from it. The restriction is not on having the information. It is on how you use the channel you choose to reach those people.

Federal law does not care whether you found someone's address in a public database or a paid list. CAN-SPAM looks at how you structure a commercial email. The TCPA looks at what technology you used to place a call or send a text and whether the recipient consented. Massachusetts telemarketing law looks at when you called and whether the number was on a do-not-call list. The source of the lead is largely irrelevant to all three.

So what exactly is regulated?

Every outbound channel — email, phone calls, text messages — carries its own compliance framework. The data source does not change that. A homeowner who pulled a permit to add a deck did not, by doing so, agree to receive automated texts from every contractor in the area. The permit is a signal of need; it is not a consent form.

CAN-SPAM and permit-based email

The CAN-SPAM Act, enforced by the Federal Trade Commission (FTC), sets the national floor for commercial email. It applies to any email whose primary purpose is to advertise or promote a commercial product or service — which includes outreach to permit holders asking for roofing, plumbing, electrical, or remodeling work.

The core requirements are straightforward:

Accurate header information. The "From," "To," and routing information must identify who actually sent the message. Using a fictitious business name or routing mail through a domain you do not control is a violation.

Honest subject lines. The subject line cannot deceive the recipient about the content of the message. "Following up on your recent project" when you have never spoken before is the kind of framing the FTC scrutinizes.

Real physical address. Every commercial email must include a valid postal address — a P.O. box is acceptable, but it must be current and monitored.

Working unsubscribe mechanism. Every message must include a clear, conspicuous way to opt out. Once someone opts out, you must honor it within 10 business days. After that, you cannot send them commercial email again, and you cannot charge for the opt-out or require anything beyond a reply email or a single webpage visit to process it.

CAN-SPAM does not require prior consent for consumer email the way the TCPA requires consent for texts. That makes email more accessible than texting for permit-based outreach — but "more accessible" does not mean "unregulated." The full FTC compliance guide is at ftc.gov. Read it before you build your first template. For guidance on structuring the actual message, see how to write a cold email to permit leads.

TCPA and permit-based calls and texts

The Telephone Consumer Protection Act (TCPA), overseen by the Federal Communications Commission (FCC), is the law most service businesses underestimate — and the one with the most significant exposure. The TCPA governs unsolicited calls and texts, with especially strict rules around automated technology.

Autodialers and prerecorded messages. An autodialer — equipment or software that can dial numbers automatically or from a stored list without human initiation — triggers the TCPA's strictest requirements. Using an autodialer or a prerecorded voice message to contact a consumer on a mobile phone without prior express consent is a violation. This matters for permit outreach because most permit addresses are residential, and most people's primary contact number is a mobile number. Assuming a number is a landline is not a safe assumption.

Text messages. For TCPA purposes, a text message to a mobile number via an autodialer is treated like a call. Sending mass or automated texts to permit leads without consent carries real risk. Manual, one-at-a-time texts from a human are treated differently — but most outreach tools are not that. If your platform has a "bulk send" or "sequence" feature, get clarity on whether it qualifies as an autodialer before you use it. The FCC provides background on TCPA requirements at fcc.gov.

Manual calls. A live agent calling from a non-autodialer is subject to fewer TCPA restrictions than automated outreach — but it is still regulated. You must maintain an internal do-not-call list and honor requests to be added to it immediately. For calls to residential lines, check numbers against the National Do Not Call Registry, which is maintained by the FTC. Businesses are expected to scrub their call lists against the registry regularly to avoid contacting numbers on it.

Written consent. If you want to use an autodialer or send automated texts to consumers, you generally need prior express written consent. That consent must clearly authorize the type of contact you plan to make. Inferring consent from a permit application — which the homeowner filed with a city, not with you — does not meet that standard. For a walkthrough of compliant phone outreach, see permit cold-call script best practices.

Massachusetts-specific notes

Massachusetts has its own telemarketing rules that layer on top of federal law. The Massachusetts Office of Consumer Affairs and Business Regulation oversees consumer protection in the state, and businesses conducting telephone solicitations in Massachusetts must comply with both state and federal do-not-call requirements.

Massachusetts maintains a state do-not-call list. Calling a number on that list is a violation of state law, separate from any federal exposure. If you are doing phone outreach using MA permit data, you need to check both the National Do Not Call Registry and the Massachusetts list.

Calling hours. Massachusetts law restricts when telephone solicitors can call. Calls to residences should not be made outside of reasonable hours — generally taken to mean 8 a.m. to 8 p.m. local time on weekdays and adjusted hours on weekends and holidays. Follow the more restrictive of state and federal guidance.

Opt-out obligations. If a Massachusetts resident asks not to be called again, that request must be honored. Maintain a written internal do-not-call list and train anyone making calls on how to add numbers to it in real time. State enforcement can be separate from federal enforcement — an opt-out that falls through the cracks can result in liability under both frameworks simultaneously.

Insurance brokers and agents working permit leads in Massachusetts face additional licensing and marketing rules. The insurance broker permit playbook covers that context in more detail.

Practical guardrails

If you are not sure which channel to use, start with direct mail. Physical mail is the least regulated of the major outreach channels. There is no federal law equivalent to CAN-SPAM or the TCPA for paper letters, and direct mail to a permit address is generally permissible without prior consent. It is slower and costs more per piece — but the compliance surface is smaller.

For any channel, keep records. Document how you obtained each contact, what consent was collected and when, and how opt-outs were handled. If a complaint or enforcement inquiry ever arises, records are your defense.

A few specific practices to avoid:

Do not use an autodialer or prerecorded message to reach mobile numbers without written consent.
Do not send bulk automated texts to permit lists without confirming consent exists for each number.
Do not continue emailing or calling anyone who has opted out — even if the opt-out came in on a different channel.
Do not assume a residential address means the contact number is a landline.

None of these are obscure technicalities. They are the recurring patterns in enforcement actions and private litigation involving the TCPA and CAN-SPAM. Compliance is not complicated — but it does require building the habit before you scale.

How permits.llc fits in

permits.llc aggregates more than 167,000 Massachusetts building permit records across 92 cities and 11 counties, giving service businesses a structured view of active construction and renovation activity across the state. The platform surfaces the public record — who pulled a permit, for what type of work, and where — so businesses can identify relevant prospects without manual data collection.

What permits.llc does not do is manage your outreach or make compliance decisions on your behalf. The permit data is the starting point. How you contact the people behind those permits — which channel you choose, what technology you use, how you handle opt-outs — is entirely your responsibility as the sender.

The public record is available to you. Using it well means pairing good data with a compliance posture that matches the channel you are using. The businesses that build durable outreach programs from permit data are the ones that treat those two things as equally important from the start.

This article is general information, not legal advice. Consult a qualified attorney before building or scaling any outreach program.