[Scaless]

The wording is very clear, you can NOT require login to change subscription settings. A password would classify as additional information outside of email address and preferences. Otherwise someone could sign up with your email and you would have no recourse to end the spam, or the company could just bulk create accounts for you without any way to log in (i.e. Facebook).

[dahart]

> The wording is very clear, you can NOT require login to change subscription settings.

You’re right that wording is clear, though you might have misunderstood or skipped over the scope of this CFR, which is “Non-solicited” messages (https://www.law.cornell.edu/cfr/text/16/316.1), and excludes transactional email (https://www.law.cornell.edu/cfr/text/16/316.3). Since the parent was explicitly talking about any email communication coming from accounts you’ve signed up for, it is important to note that the CFR you’re citing does not always apply.

You absolutely can legally require a password to change some subscription and communication settings relating directly to someone’s account, to require otherwise would be a glaring and massive security hole. It’s quite easy to spoof email addresses, and being able to unsubscribe someone else from transactional email subscriptions would be extremely dangerous.

[reaperducer]

you can NOT require login to change subscription settings

And yet it happens all the time. Even Apple does it. I expect Apple’s lawyers have a better understanding of the rules than most people.

[edoceo]

Or nobody is fighting them. Enforcement starts with a complaint to the "authorities"

[MatthewElvey]

Or in small claims court. There are still folks collecting around $500 per violation.