[Scaless]

Yes, what they're doing is illegal. [1]

§ 316.5 Prohibition on charging a fee or imposing other requirements on recipients who wish to opt out.

Neither a sender nor any person acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient's electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic mail message or visiting a single Internet Web page, in order to:

(a) Use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a sender;

[1] https://www.law.cornell.edu/cfr/text/16/316.5

[MereInterest]

Interesting. That means that Twitter's implementation is one that is against the law, as it required me to log in before I could unsubscribe. It also only unsubscribed me from "that type of email", so lo and behold, more spam arrived a few days later.

[MatthewElvey]

The clause only applies to certain email. Applicable? "The term “commercial electronic mail message” means any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service". Probably not.

[quickthrower2]

The end run is to chuck “ads” in transactional emails. Including “important service announcements”. And make it obtuse to change your settings.

[reaperducer]

§ 316.5 Prohibition on charging a fee or imposing other requirements on recipients who wish to opt out.

Tell that to eBay. I cannot got them to leave me alone.

There is no unsubscribe link. Only “To change which emails you receive from eBay, go to Communication Preferences in My eBay.” But there is no such option in My eBay.

There is a “Communications Preferences” elsewhere, but there’s nothing in there to stop eBay spam. I have everything set to off, but they still keep coming.

[EgoIncarnate]

I think he's talking about signing into a preexisting account. It maybe be illegal to require you to sign up, but I don't think it's proven that requiring preexisting customers to sign in to a preexisting account to adjust their communication settings.

Personally I'm all for requiring an automation enabled unsubscribe header and double opt in (requiring a response from a subscription confirmation email to subscribe in the first place).

[Scaless]

The wording is very clear, you can NOT require login to change subscription settings. A password would classify as additional information outside of email address and preferences. Otherwise someone could sign up with your email and you would have no recourse to end the spam, or the company could just bulk create accounts for you without any way to log in (i.e. Facebook).

[dahart]

> The wording is very clear, you can NOT require login to change subscription settings.

You’re right that wording is clear, though you might have misunderstood or skipped over the scope of this CFR, which is “Non-solicited” messages (https://www.law.cornell.edu/cfr/text/16/316.1), and excludes transactional email (https://www.law.cornell.edu/cfr/text/16/316.3). Since the parent was explicitly talking about any email communication coming from accounts you’ve signed up for, it is important to note that the CFR you’re citing does not always apply.

You absolutely can legally require a password to change some subscription and communication settings relating directly to someone’s account, to require otherwise would be a glaring and massive security hole. It’s quite easy to spoof email addresses, and being able to unsubscribe someone else from transactional email subscriptions would be extremely dangerous.

[reaperducer]

you can NOT require login to change subscription settings

And yet it happens all the time. Even Apple does it. I expect Apple’s lawyers have a better understanding of the rules than most people.

[edoceo]

Or nobody is fighting them. Enforcement starts with a complaint to the "authorities"

[MatthewElvey]

Or in small claims court. There are still folks collecting around $500 per violation.

[sleepydog]

I recently opted out of one where they gave me a list of opt-out choices, with the default being "I still wish to receive this information". If I was on autopilot I would have submitted it. It seems to follow the letter of the law but feels pretty sleazy.

[dahart]

This does not apply to transactional email, which is email from services you’ve signed up for that relates directly to your account.