A2P Messaging Glossary: SMS, SMPP, OTP, HLR & More
Most glossaries on this topic are useless. They define SMPP as "Short Message Peer-to-Peer protocol" and move on, like that means anything to someone trying to figure out why their OTP conversion…
Most glossaries on this topic are useless. They define SMPP as "Short Message Peer-to-Peer protocol" and move on, like that means anything to someone trying to figure out why their OTP conversion just tanked from 92% to 68% overnight.
So this is the version I wish had existed when I started. Same terms you'll find elsewhere, but written from the side of the screen where things actually break. Some of these entries are long because the term deserves it. Some are short because, honestly, there isn't much to say. I'm not going to pad them out for the sake of looking thorough.
If you've never touched messaging infrastructure, you'll still follow it. If you have, hopefully, a few lines that make you nod. Here goes.
A2P SMS
Application-to-Person. A machine sends, a human receives.
Your bank's OTP, the Swiggy delivery alert, the airline boarding pass link, all A2P.
The thing carriers care about: A2P traffic pays a premium. It's supposed to ride licensed routes, with a registered sender ID, on a known commercial agreement. When senders try to dodge that, usually to save money, they end up on grey routes, and the deliverability falls off a cliff within weeks. Sometimes days.
P2P SMS
You text your sister. That's P2P. It matters here because carriers profile traffic against P2P baselines. If your "P2P traffic" is somehow 8,000 identical messages from the same SIM in one hour, the network figures it out fast.
A2P Messaging
The umbrella. Includes SMS, RCS, WhatsApp Business, Viber for Business, and the various email-to-SMS contraptions that still exist for some reason.
In practice, SMS is still where the critical traffic lives. Anything that has to arrive, login codes, fraud alerts, OTPs run on SMS because it's the only channel that works on every phone in every network everywhere. RCS is growing, but it's not replacing SMS for the stuff that matters. Not yet.
SMS Gateway
The middleman between your application and the carrier.
You hit an endpoint, the gateway figures out routing, encoding, sender ID rules per country, retries, DLR handling, and throttling, all of it. Or it doesn't, and you just don't find out until conversion drops.
The bad ones look exactly like the good ones on a marketing page. You can only tell the difference by sending real traffic for a few weeks and watching what happens to your delivery numbers across geographies.
SMS API
The REST or HTTPS layer that most developers actually use. JSON in, message ID out, webhook for status.
Fine for most cases. Falls apart at volume. Once you're sending OTPs at a scale where two seconds of queue delay means people abandoning signup, REST starts feeling like the wrong tool. That's when teams move to SMPP. Not because it's cooler, but because it's faster and the session stays open.
SMPP
The protocol. TCP-based, binary, persistent connection. Built for this exact job, which is rare in computing.
If you're sending serious volume, SMPP is what's running underneath whatever pretty dashboard your provider gave you. The downside is it's old, it's quirky, and the error codes are documented inconsistently across SMSCs. Every SMPP integration has at least one weird gotcha that took someone half a day to figure out and got written down in a Confluence page that nobody updated.
SMPP Bind
Authenticating an SMPP session. Three types: transmitter, receiver, transceiver. The names tell you what each one can do.
What the docs don't usually tell you: bind failures are the single most annoying recurring problem in messaging infrastructure. Wrong system_id, IP not whitelisted, too many parallel sessions, credentials rotated and not communicated, and NAT timeout dropping the TCP socket. The fix is almost always boring. The time spent finding it isn't.
SMSC
The Short Message Service Center. The carrier's own node that holds and forwards SMS.
When you send a message, and the recipient's phone is off, the SMSC is what keeps trying. When a DLR shows up four hours late, the SMSC is what finally gets through. Most of the "the network is slow today" complaints trace back to SMSC behavior queue depth, retry intervals, and prioritization rules.
MO — Mobile Originated
Message sent from the handset to your platform. The user replying STOP, or texting a keyword to opt in, or answering a survey.
MO routing is a separate problem from MT routing. Different agreements, different billing, sometimes different aggregators entirely. A lot of providers technically support MO but handle it badly, which is why two-way SMS campaigns often have weird gaps that nobody can explain.
MT — Mobile Terminated
Message going to a handset. This is what most people mean when they say "SMS."
Every interesting problem in A2P delivery happens here. Filtering, throttling, sender ID spoofing checks, and content scanning all on MT. If you're losing messages, MT is where you're losing them.
DLR — Delivery Receipt
The status callback. DELIVRD, EXPIRED, UNDELIVERD, REJECTD, UNKNOWN.
Here's a thing they don't put in the spec: not all DLRs come from the carrier. Some are synthesized by aggregators along the route. So DELIVRD doesn't always mean "the phone got it." Sometimes it means "we handed it off to someone who said they'd handle it." The way you catch this is by correlating delivered messages with actual user behavior. If your DLR says 97% delivered but only 71% of users completed the OTP step, your DLRs are lying. Probably grey-routed.
Sender ID
What shows up in the "from" field on the recipient's phone?
Brand name, number, short code, mask, whatever. This is one of the most regulated parts of SMS now. Most countries that matter, India, UAE, KSA, and increasingly the EU and US, require sender ID registration. Unregistered IDs get rewritten, dropped, or replaced with a generic header by carrier firewalls. If your brand suddenly shows up as "INFO" or "NOTIF" instead of your registered name, that's the firewall doing exactly what it's supposed to do.
Alpha Sender ID
A sender ID made of letters. "HDFCBK". "AMAZON". "FLPKRT". Up to 11 characters in most networks.
Good for recognition. Useless for replies, alpha IDs are one-way only in almost every market. Also, the most spoofed identifier in SMS is why firewalls scrutinize them harder than numeric sources.
Numeric Sender ID
A phone number as the sender. Long code or short code. Two-way capable, but with regulatory baggage. In the US, every business number sending A2P traffic now needs 10DLC registration, including throughput tiers based on a brand trust score that the carriers calculate. If you haven't registered, you're getting filtered. Full stop.
Short Code
A 4–6 digit number leased from the carrier for high-volume A2P.
Expensive, slow to provision (weeks, sometimes months), strict use-case approval. Worth it for banks and any high-trust use case where throughput and recognizability matter. Not worth it for a startup sending 50 OTPs a day. Use the right tool for the job.
Long Code
A regular phone number used for SMS.
Used to be the wild west, anyone could buy a long code and blast messages. That's mostly over now. In the US specifically, 10DLC ended the free ride. In most other markets, the regulatory pressure is catching up. Cheap and quick, but with diminishing flexibility.
Toll-Free Number
8XX numbers in North America. Originally voice, now also SMS.
Requires verification through the toll-free messaging registry. Skip the verification, and your throughput is single digits per second, or zero. Carriers don't mess around with unverified toll-free anymore.
OTP
One-Time Password. The most important A2P use case in existence, and I'll fight anyone who says otherwise.
Nobody thinks about their SMS provider until an OTP doesn't arrive in 10 seconds. Then they think about it a lot. Then they leave you for someone else.
OTP delivery is also where fraud lives. There's a whole category of attack artificially inflated traffic where someone hammers your signup form to trigger massive volumes of OTP sends, often to number ranges that look real but are controlled by the attacker's carrier partner. The fraudster takes a cut of the termination revenue. You pay for messages no human ever reads. Most companies don't notice until the invoice comes in.
2FA SMS
OTPs used specifically for authentication. Under regulatory pressure globally because SIM swap fraud is real and serious. But still the most widely deployed second factor on earth because every phone supports it. Push-based MFA is better when it works. SMS is what works when the user hasn't installed your app.
Bulk SMS
The marketing-flavored name for high-volume A2P. Same plumbing, different sales deck. "Bulk SMS provider" usually means a reseller stacked on top of an aggregator stacked on top of a carrier. The race-to-the-bottom pricing in this segment is what created the grey route economy in the first place.
Transactional SMS
User-triggered messages include order confirmations, password resets, and shipping updates.
In India and a few other markets, this is a formal classification with separate routing, different sender ID rules, and exemption from DND filters. Misclassifying promotional content as transactional is a common compliance violation, and operators are getting better at catching it through content analysis.
Promotional SMS
Marketing content. Offers, coupons, "we miss you" reminders. Strict opt-in rules, time-of-day windows, DND scrubbing, and content limits. Also, where most grey routing happens, because the unit economics are tight and there's always someone willing to undercut on price by sending through a sketchier route. You pay for it later in deliverability.
Flash SMS
A message that pops up on the screen without saving to the inbox. Class 0, in spec terms. Useful for genuinely urgent alerts. Misused for intrusive ads back in the day. Most networks now filter or block it. It's a feature that's mostly outlived its welcome but still shows up in certain operator alerts and emergency systems.
Silent SMS
A message that arrives without notifying the user. Used by network operators for diagnostics and by various security agencies for things you probably don't want to know about. If you're a normal business, this term isn't really for you. It's in the glossary because people ask about it.
Concatenated SMS
A long message split into parts. The recipient's phone reassembles it.
Each part is billed separately. So your "one message" is actually three on the invoice. Older devices sometimes reassemble badly. Sometimes one part arrives, the others don't, and the user sees half a sentence. Long content is more expensive and more fragile than people think.
Unicode SMS
UCS-2 encoding, for non-Latin scripts and emoji.
Drops your character limit from 160 to 70 per segment. Add one emoji to a campaign written for ASCII pricing and watch your cost double. This is one of the most common reasons a campaign comes in over budget: somebody added a smiley face to the template.
GSM 7-bit Encoding
The default SMS encoding. 160 characters in a segment.
The trap: curly quotes, em dashes, the wrong apostrophe — any of these can flip the message to Unicode. Some gateways warn you. Most don't. You find out when a campaign costs 2.3x what you estimated, and the bill arrives.
SMS Throughput (TPS)
Transactions per second. How fast can you push messages into a route?
The TPS number on your provider's rate card is not the same as the TPS you'll actually get under load. Real throughput depends on the carrier's policy, your sender's reputation, the route's headroom, and whether your account is sharing capacity with someone else who's sending right now. The number you care about is sustained TPS during a spike, not peak TPS in a demo. Get this wrong and your Black Friday OTPs back up into a queue that takes hours to drain.
Share this post