IP Logging
Log the IP with every opt-in for attribution and fraud detection, treat it as corroborating personal data, and pair it with stronger session evidence.
An IP address in a consent record serves three evidentiary jobs. Attribution: corroborating that the submission came from where the consumer plausibly was (their city, their ISP) rather than a lead vendor's server. Fraud detection: hundreds of "opt-ins" from one address or a datacenter range expose fabricated lists before carriers or plaintiffs do. Timeline integrity: pairing IP with timestamp and user agent builds the contemporaneous picture courts find credible.
Limits: IPs identify connections, not people; mobile carriers NAT thousands of users behind shared addresses; VPNs exist. IP is corroboration, not proof — which is why it belongs alongside session evidence, not instead of it.
Privacy handling: IPs are personal data under GDPR and several state laws. Disclose collection in the privacy policy, retain for the compliance purpose, and restrict access.
Frequently asked questions
Related glossary terms
A consent record is the stored evidence package for a single opt-in event: the consumer's identifier, the exact disclosure shown, the affirmative act, attribution data, and integrity protection that proves the record was not altered.
An audit trail is the chronological, tamper-evident record of consent events — capture, modifications, revocations — that lets a sender reconstruct and prove the consent state of any number at any point in time.
Consent proof is the evidentiary record that a recipient explicitly opted in to SMS — typically a timestamped, IP-logged, hash-locked record of what the user saw and when they consented.