If a user signs up with an email address or subsequently changes a recorded email address, they need to prove they are in control of the email. The same workflow may also be needed for some other forms of confirmation in the future.
There might be existing Python libraries out there (needs to be researched). Failing that, we need to create an endpoint which sends out a validation email over our default MXes and maintains a random token for up to 1-2 hours. If the user clicks the link on the sent out mail, they’ll post the token towards the endpoint, which marks the request as verified (resulting in either the completion of the email address change or completion of account signup).