Assign a unique id (GUID) to that email and store both fields in a database.
Build and Send the validation email (use sendmail api) and in the body put the url to click.
(This would pass the unique id as a parameter to a validation servlet)
Here's the fun part, once they click on the URL, you would need to know the email address of the clicker!
You can ask them to verify and the servlet then matches the passed GUID to the db entry.
Much work needed... but map out the flow first, using simply sequence diagrams or use cases.
Joined: Sep 21, 2011
What William said
An additional concern: The URL should only be valid for a limited time - maybe a few hours, but no more than a day. So the GUID would need to have a timestamp associated with it that indicates its expiration.