I did something similar to an e-mail redirection system I wrote a couple of years ago. Basically when they signed up (via the web), a random ID string was assigned to them and stored along with their database record. An e-mail was then dispatched saying to reply to the message. I set the From/Reply-To address to an address that was procmailed and fed the e-mails into another script that examined it, looked for the ID string, and if it matched the user contained in the message, it would flag them as validated and send off a second welcome message. The "ID" string was actually a concatenation of their username and the random key they were assigned, so it was easy to break apart and compare in the database.

Others have mentioned sending them a URL with a key embedded might work just as well, and I'd have to agree, but IMO replying to an e-mail is a lot easier than cutting/pasting a URL, though since most people nowadays use HTML-aware GUI e-mail clients, that's not such a big deal anymore. I just like keeping everything in one application. If they're going to be validated by e-mail, let them do it all by e-mail (especially if it's as easy as a simple reply). Don't make them start up a web browser session just to complete the process. *shrug*. Personal taste.

Regardless, the system has been running for about 2 years and is entirely automated with a few hundred users (not big, but it's for a select group of members). It's nice being able to code something that's entirely maintenance-free, which is what an automated verification system like this provides!

Unfortunately I'm not aware of any Perl modules to help automate this task, aside from the standard SMTP or Sendmail abstraction modules. Regardless, it's not too complex, and if you go the procmail route, a simple procmail rule will get the contents of the e-mail message sent to the STDIN of your script. Easy to parse.