> The wording is very clear, you can NOT require login to change subscription settings.
You’re right that wording is clear, though you might have misunderstood or skipped over the scope of this CFR, which is “Non-solicited” messages (https://www.law.cornell.edu/cfr/text/16/316.1), and excludes transactional email (https://www.law.cornell.edu/cfr/text/16/316.3). Since the parent was explicitly talking about any email communication coming from accounts you’ve signed up for, it is important to note that the CFR you’re citing does not always apply.
You absolutely can legally require a password to change some subscription and communication settings relating directly to someone’s account, to require otherwise would be a glaring and massive security hole. It’s quite easy to spoof email addresses, and being able to unsubscribe someone else from transactional email subscriptions would be extremely dangerous.
