It’s probably happened to you: you receive an SMS from “Correos” warning you about an urgent problem and asking you to click a link. Is it real or a scam attempt? Until now, it was hard to know, because anyone could use an alias as the sender. Starting in 2026, this will change: aliases must be registered in an official registry, and operators will block those that don’t comply. Some of these measures are already in place, as we explained in this article about the ban on commercial calls from mobile phones.
What is an alias, and what will happen starting in 2026?
An alias is the name that appears as the sender instead of a number (“Correos,” “YourShop,” “MyBank”). It helps you quickly identify the company or organization contacting you, but it has also become the perfect disguise for scammers.
The regulation introduces a verification system built on four pillars:
- Mandatory registration. Only aliases registered in a database managed by the CNMC may be used.
- Authorized routes. Each alias will be linked to authorized messaging providers; only messages sent through these routes will be delivered.
- Mandatory blocking from June 7, 2026
- Unregistered alias → blocked (not delivered)
- Registered alias sent through an unauthorized route → blocked (prevents third parties from “piggybacking” on a legitimate name)
- Extension to international traffic. SMS entering from abroad using Spanish numbering are already filtered; starting in June 2026, the filter will also apply to aliases: if a message comes in with a Spanish alias that is not registered or sent via an authorized channel, it will be rejected (unless it is legitimate roaming).
In other words: if your inbox shows “Correos,” it will truly be Correos, and the message will have traveled through an authorized channel.
Who does this change affect?
- Businesses and public administrations: If they use aliases as senders, they will have to register them and ensure they are sent through an authorized provider. Otherwise, their messages won’t be delivered.
- Users: They will gain greater security: smishing will lose ground because fake SMS with aliases won’t make it through the filter.
What steps should you follow if you use aliases to send your SMS?
The CNMC is currently designing the registry and has opened a public consultation (until September 30, 2025) to gather input from companies, operators, and other stakeholders in the sector.
What you can already do (2025)
- Review the aliases you use. Identify the alphanumeric aliases your organization uses to send messages.
- Talk to your messaging provider. Make sure they will be able to appear as an authorized provider for those aliases in the registry.
What you will need to do once the registry is operational (May 15, 2026).
- Register the aliases with the CNMC. Enter them into the registry, prove ownership of your brand or trade name, and link them to the provider you use.
- Keep everything up to date. Any change of provider or trade name must be reflected in the registry; otherwise, the alias will be blocked.
- Don’t leave it until the last minute. Once the filter comes into effect, an unregistered alias will mean a blocked SMS.
Conclusion
SMS remains a useful channel, but it has long been marked by distrust. Starting in 2026, it will be subject to a strict filter: if the alias isn’t registered, the message won’t be delivered. For companies, this means properly managing their aliases and accepting that non-compliance may lead to fines of up to 2 million euros. For users, it’s good news: at last, we’ll be able to read an SMS from “Correos” without wondering whether there’s someone trustworthy behind it.
Discover how Lawwwing can help you today.
