This is my proposal for email authentication:

We _already_ have this part in usermailer.php which mails a temporary password.
I would first allow users to store an email in the preferences. This is the
current path and so far only used for 1) temporary passwords and 2)
special:emailuser.

Now I would disallow(!) the user to receive email enotifs, unless that users has
cycled once through a "forgot my password" cycle, then, coming back and not
having changed that email address, this email address would have been
authenticated and I do not need any new code

That authenticated email address must now be flagged as "authenticated", what I
can manage with the new user_rights (see bugzilla:840
http://bugzilla.wikipedia.org/show_bug.cgi?id=840 ) if he changes the
email-address, it needs to be automatically flagged as "un-authenticated", this
seems to be clear.

So basically, you need to change the password to get authenticated, not that bad
I suppose

Everyone who does not invest a little effort, will not participate on the enotif
advantages, so there is a "small" obstacle, which everyone needs to overcome,
not too bad as far as wikimedia's servers are concerned.

Version: 1.4.x
Severity: enhancement