You just bought a list. Maybe it's 10,000 aged mortgage records, a batch of final-expense leads, or a stack of IUL inquiries you picked up cheap. The temptation is to load it into the dialer this afternoon and start working it. Don't — not yet.
A purchased list, the moment it lands in your hands, is two problems wearing one disguise. It's an efficiency problem: some of those numbers are dead, disconnected, or wrong, and every one you dial burns a minute you'll never get back. And it's a legal problem: somewhere in that file are numbers on the Do-Not-Call registry, numbers belonging to people who sue telemarketers for a living, and numbers that have been reassigned to a stranger who never asked to hear from you. Dial those blind and you're not prospecting — you're buying lawsuits at retail.
The fix is data hygiene. Cleaning a list before you work it is the single highest-leverage hour you'll spend on a batch, and it's the thing that separates agents who buy leads and profit from agents who buy leads and panic the first time a demand letter shows up. In 30 years building lead systems, I've watched more good producers get hurt by skipping this step than by any sales mistake.
This is the full workflow — five layers, run in order — plus what each one costs, how often to re-run it, and a checklist you can copy straight into your process.
A note before we start: This is operational guidance, not legal advice, and the liability for every call you place sits with you, the caller. The rules below summarize federal and state telemarketing law as it stands in 2026, but they change and they vary by state. Confirm the specifics for your situation with a TCPA attorney. For authoritative reading, I point clients to henson-legal.com, mslawgroup.com, and dnc.com.
Why Clean Data Is Now Your Best Legal Protection
For a while, the industry braced for the FCC's "one-to-one consent" rule — a regulation that would have forced a separate, named consent for every single company that contacts a lead. It never happened. The rule was vacated by the 11th Circuit Court of Appeals in January 2025, one business day before it was set to take effect, and it never became law. The older multi-company consent standard remains permissible.
Here's why that matters for you: the relief is temporary, and it's narrow. The 1:1 rule going away did not make cold-calling purchased data safe. The underlying Telephone Consumer Protection Act is in full force, the federal and state Do-Not-Call rules still apply, and the real action has moved to the state level — Florida's FTSA, Texas's SB 140 (which now expressly covers texts), and active mini-TCPA statutes in Oklahoma, Washington, and Pennsylvania, several with private rights of action and per-call damages that stack fast.
So with no 1:1 rule to lean on, what actually protects you when you work a purchased list? Disciplined data hygiene. Scrubbing your file is the documented, defensible step that keeps you off the numbers most likely to generate a complaint or a claim. It's not bureaucratic overhead — in 2026 it is your compliance posture.
The Five-Layer Hygiene Workflow (Run It in This Order)
Order matters. You scrub in layers, cheapest-and-broadest filter first, so each pass works on a smaller, cleaner file. Here's the whole workflow at a glance:
Get the Aged Lead Playbook
Weekly scripts, strategies, and insider tips. Free.
| # | Layer | What it removes | Protects against |
|---|---|---|---|
| 1 | DNC scrub | Numbers on federal, state & internal Do-Not-Call lists | DNC violations, the most common complaint |
| 2 | Litigator scrub | Known TCPA serial plaintiffs & litigation-prone numbers | Targeted lawsuits from professional filers |
| 3 | Disconnected / invalid removal | Dead, fake, and unassigned numbers | Wasted dials + reassigned-number liability |
| 4 | Landline / wireless split | Mis-typed numbers; flags line type | Channel mistakes (texting a landline, etc.) |
| 5 | Internal DNC / opt-out | Anyone who already told *you* to stop | Re-contacting your own opt-outs — indefensible |
Run them top to bottom. Now the detail on each.
Layer 1 — Scrub the Do-Not-Call Lists (Federal + State + Internal)
This is the foundation, and it's three lists, not one. There's the federal registry (the big one), the state registries (a dozen-plus states maintain their own, with their own rules), and your internal list of people who've previously asked you to stop. You have to scrub against all three.
A few things that trip people up:
- You need a SAN (Subscription Account Number) to access the federal registry directly through the FTC, and registered area-code access carries a fee. Most agents don't scrub the government file themselves — they run the list through a scrubbing service that holds the access and returns a clean file.
- Re-scrub every 31 days. The federal rule treats your scrub as stale after 31 days. A list you cleaned six weeks ago is no longer clean — people register every day.
- An Established Business Relationship (EBR) can be an exception, but it's narrow and time-boxed (roughly 18 months from a purchase, 3 months from an inquiry) and it's on you to prove it. Don't assume a purchased lead gives you one.
Cost ranges from free (there are no-cost DNC scrub tools, though they're slower and lighter on state coverage) up to roughly a tenth of a cent per record for bulk commercial scrubbing — call it $60 to clean 100,000 records at the cheap end. Compared to one DNC complaint, it's the best money you'll spend. We compare the cheap and paid routes in DNC Scrubbing on a Budget, go deep on the mechanics in DNC Compliance for Aged Leads, and cover the state-by-state requirements in the State-by-State Lead Compliance Guide.
Layer 2 — Scrub for TCPA Litigators and Serial Plaintiffs
This is the layer most agents have never heard of, and it's the one that turns a nuisance into a catastrophe. A small population of people files TCPA lawsuits as a business model. They seed their numbers into lead-gen funnels, wait for the call, and sue. A single one of them in your file can cost you far more than the entire batch was worth.
A litigator scrub runs your list against databases of known serial filers and litigation-associated numbers and flags them so you can suppress them before you dial. The vendors maintaining these lists (BlacklistAlliance, DNC.com's Contact Center Compliance, TCPALitigatorList, and others) update them continuously because the plaintiff population moves.
You don't need to know every vendor to act on this — you need to know the layer exists and to run it. It's inexpensive per record and it removes your single highest-dollar risk. We break down exactly how litigator scrubbing works, what it costs, and whether a solo agent needs it in TCPA Litigator Scrub Explained.
Layer 3 — Remove Disconnected and Invalid Numbers
Now the file is legally safer. Time to make it productive. Real-time and aged lists both rot — numbers get disconnected, people change carriers, and some records were never valid to begin with. A phone validation pass (sometimes called a "ping" or HLR lookup) checks each number against carrier records and tells you which are live, which are dead, and which are unassigned.
Two payoffs here. The obvious one: you stop wasting dials on dead numbers, which directly lifts your contacts-per-hour. The less obvious one is legal — a number that was disconnected and reassigned to a new person is a classic TCPA trap, because the new owner never had any relationship with you. Validation (and checking against the FCC's Reassigned Numbers Database) is how you catch those. Expect to pay somewhere in the range of half a cent to a few cents per lookup, depending on depth and volume. On a list you paid real money for, it pays for itself in saved dialer time alone. We walk through exactly how to run this pass in How to Remove Landlines and Disconnected Numbers Before You Dial.
Layer 4 — Split Landlines from Wireless (Line-Type Identification)
A line-type pass tells you whether each number is a wireless, landline, or VoIP line. It often comes bundled with validation. Why bother?
- Channel discipline. Different line types carry different rules and different reachability. You'll work a wireless number differently than a landline, and knowing which is which keeps you from making a channel mistake.
- Dialer efficiency. You can route and prioritize by line type instead of treating every record identically.
A word of caution that matters: knowing a number is a cell phone does not unlock texting it. Purchased, non-consent data should never be texted, regardless of line type — we'll come back to that. Line-type data is for working the list smarter, not for opening a new channel you don't have consent for. More on the texting line in the Text Message Lead Follow-Up Compliance Guide.
Layer 5 — Build and Honor Your Internal DNC / Opt-Out List
The last layer is the one entirely within your control, and the one that's indefensible to get wrong. Anyone who has ever told you to stop — on any list, on any campaign — goes on your internal Do-Not-Call list, and you suppress them from every future file forever. The rule of thumb: keep internal opt-outs for at least five years, and honor every request promptly.
Practically, this means before you work a new batch, you scrub it against your own accumulated opt-out list, not just the government's. Re-contacting someone who already opted out of your outreach is the kind of violation that has no excuse and reads terribly in front of a regulator. Build the habit now, while your opt-out list is small.
Free vs. Paid: What Each Layer Costs
You can do a surprising amount of this on a budget. Here's the honest picture:
| Layer | Free option? | Typical paid cost | Worth paying for? |
|---|---|---|---|
| DNC scrub | Yes (lighter, slower) | ~$0.0006–$0.001 / record bulk | Yes if you value state coverage + speed |
| Litigator scrub | No real free option | Low per-record | Yes — highest risk, low cost |
| Disconnected / invalid | Limited free checks | ~$0.005–$0.05 / lookup | Yes — pays for itself in saved dials |
| Landline / wireless | Often bundled with validation | Usually included above | Yes (bundled) |
| Internal DNC | Free — it's your own data | $0 | Always (it's just discipline) |
The pattern: the cheapest layers (DNC, internal) and the highest-risk layer (litigator) are where you should never cut corners. Validation is where you'll spend the most, and it returns the most in recovered dialing time.
How Often to Re-Run Each Layer
Hygiene isn't a one-time event. Data decays, and the law has clocks built in.
| Layer | Re-run cadence |
|---|---|
| DNC scrub | Every 31 days, and before working any list |
| Litigator scrub | Each time you load a new batch (lists update continuously) |
| Disconnected / invalid | Per batch; re-validate aged lists before re-working |
| Landline / wireless | Once per batch (line type rarely changes) |
| Internal DNC | Continuously — add opt-outs the day they happen |
The Hygiene Checklist (Copy This Into Your Process)
Before any purchased or aged list touches your dialer, run it through this:
- Internal opt-out scrub first — remove anyone who's already told you to stop.
- Federal DNC scrub — clean against the national registry (within the last 31 days).
- State DNC scrub — clean against every state where you'll dial, honoring each state's rules.
- Litigator scrub — suppress known serial TCPA plaintiffs.
- Validation pass — drop disconnected, invalid, and unassigned numbers.
- Reassigned-number check — flag numbers that may have changed hands.
- Line-type tag — label wireless vs. landline vs. VoIP for smart routing.
- Document it — save the date, the source, and the scrub results for every batch. If anyone ever asks, your records are your defense.
- Manual dial only — work the clean file by hand or click-to-dial; no autodialer, predictive dialer, prerecorded voice, or ringless voicemail on non-consent data.
- Re-scrub on the clock — anything older than 31 days gets cleaned again before the next session.
Where Hygiene Meets the Phone: Working the Clean File
A clean list earns you the right to do the part that actually makes money — and it's worth saying plainly how to work non-consent data without stepping on a rake.
These are people, not a list to grind, and they never consented to a relationship with you. So the compliant, effective sequence is: warm up with a value-first email that earns a little recognition; aim every first call at a conversation, not a pitch — the goal is a scheduled time to review their situation; and run a politely persistent, manual-dial call campaign on the clean numbers, honoring every opt-out the instant it happens. No texting that purchased data. No autodialer. Polite persistence beats brute force, and clean data is what makes the persistence pay.
That's the whole game: clean the file, then work it like the people on it are worth treating well. If you're still wondering where the legal line sits, Is It Legal to Call Leads You Bought? lays out what you can and can't do with purchased data. And for the legal backbone behind all of this, keep the TCPA Compliance Guide for Lead Buyers and the Lead Buyer's Regulatory Cheat Sheet within reach.
Frequently Asked Questions
Treat your scrub as good for 31 days. The federal rule considers a list stale after that, because consumers register every day. Practically, scrub before you work any batch and re-scrub anything that's been sitting for more than a month before you dial it again. Skipping the re-scrub on an aged list is one of the most common — and most avoidable — ways agents pick up DNC violations.
Yes. The federal registry is the big one, but a dozen-plus states maintain their own DNC lists with their own rules — different calling hours, different exemptions, sometimes their own registration requirements for telemarketers. If you're dialing into a state with its own list, scrubbing only the federal file leaves you exposed. Clean against the federal registry and every state where your numbers live.
Generally, yes — the liability for a call sits with the caller, not the vendor. Using a reputable scrubbing service is smart and it's part of a defensible process, but it doesn't transfer your legal responsibility. That's exactly why documenting your hygiene matters: keep the date, source, and results of every scrub so you can show you ran a reasonable, consistent process. Treat this as guidance and confirm your specific obligations with a TCPA attorney.
A litigator scrub checks your list against databases of known serial TCPA plaintiffs — people who file telemarketing lawsuits as a business and seed their numbers into lead funnels to trigger calls. It flags those numbers so you can suppress them before dialing. Do you need it? If you're working purchased or aged consumer data at any volume, yes. It's inexpensive per record and it removes your single highest-dollar risk: one professional filer in your file can cost you more than the entire batch was worth.
No — not without consent. Purchased, aged, or otherwise non-consent consumer data should not be texted, regardless of whether the number is a cell phone. Texting non-consent data is a TCPA danger zone, and several states (Texas's SB 140, for example) now expressly cover SMS. The compliant first touch on purchased data is a value-first email, followed by a manual-dial, politely persistent call campaign on a properly scrubbed file. Save texting for contacts who have actually opted in to receive it from you.
Run a phone-validation pass (sometimes called a ping or HLR lookup) that checks each number against carrier records. It tells you which numbers are live, which are dead or unassigned, and what line type each one is — wireless, landline, or VoIP. Drop the disconnected and invalid records, flag anything that may have been reassigned, and tag the survivors by line type so you can route them intelligently. Expect to pay roughly half a cent to a few cents per lookup; on a list you paid for, it pays for itself in recovered dialing time.
No. The FCC's 1:1 consent rule was vacated by the 11th Circuit Court of Appeals in January 2025 and never took effect. The older multi-company consent standard remains permissible. But don't read that as "anything goes" — the underlying TCPA, the federal and state DNC rules, and a growing patchwork of state mini-TCPA statutes are all in full force. With no 1:1 rule to rely on, disciplined data hygiene and manual-dial practices are what actually protect you.
Clean Data In, Better Numbers Out
Every layer in this checklist does double duty: it lowers your legal risk and it raises your contact rate. That's the whole reason hygiene is worth the hour — it's not a tax on working your leads, it's what makes working them profitable and safe at the same time.
Start the habit on your next batch. If you're shopping for clean inventory to begin with, you can browse and filter aged leads by type, age, and state over at AgedLeadStore — then run everything you buy through the five layers above before the first dial. And for the legal backbone behind the workflow, work through the compliance library in Resources: the TCPA Compliance Guide for Lead Buyers, DNC Compliance for Aged Leads, and the State-by-State Lead Compliance Guide. Clean the file, work it like the people on it matter, and let your dialer spend its time on numbers that can actually become customers.
Free Download
Aged Lead Quick-Start Kit
Scripts, a follow-up cadence, and vendor checklist to get started with aged leads today.