A one-step or one-click unsubscribe method has been a requirement of Federal law since May of 2008. The Code of Federal Regulations (CFR), part 316 of CAN-SPAM, says that a sender, or someone sending email on behalf of the primary sender, may not require a recipient to “take any other steps except sending a reply electronic mail message or visiting a single Internet Web page” in order to opt-out, unsubscribe and to have that unsubscribe honored.
Specifically, the law says (emphasis added for readability):
§ 316.5 Prohibition on charging a fee or imposing other requirements on recipients who wish to opt out.
Neither a sender nor any person acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient’s electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic mail message or visiting a single Internet Web page, in order to:
(a) Use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a sender; or
(b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4).
Put in plain English, this means that you may not make people on your mailing list jump through any hoops in order to opt-out of your mailings, and to unsubscribe from your mailing list, including hoops that require them to log in to an account! And yes, that means that all of those companies and other organizations that require you to log in to an account in order to unsubscribe are violating Federal law. Why? Because when someone clicks an unsubscribe link and it brings them to a login page at which they have to provide their credentials in order to get to the unsubscribe page, that is, at minimum, 2 pages (and often it involves many more than two pages to effect the unsubscribe), while Federal law mandates “visiting a single Internet Web page” only.
For the most part companies who are violating this requirement are likely not aware of the requirement, although of course larger companies (who presumably have in-house legal departments that should be on top of this) may know that they are violating the law and just not care.
Savvy companies and other senders who recognize the legal risk that they run by not complying with this one-step requirement, and yet who also want to encourage recipients to log into their accounts to set their email preferences, accomplish this by including a one-step unsubscribe link (as required by law), and a link to “update your preferences” (or some other wording).
For a direct link to this requirement of U.S. Federal law see https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-316. If you have questions about this please feel free to contact us at email@example.com.