What is a minimal email verification element count?

[greenace92]

This is not a programming question.

Rather, security.

When I take in the user's information, email, username, account, I also take in their IP address and current time which outputs a 10 digit integer. So my thought was to send them the email with a link with a new .php file and this file collects their IP address again, as well as the current time, I would specify an "elapsed-time" constraint to be checked... but I'm thinking this is not good enough... I may be clearly missing something.

I thought further that I could use a question like the one I answered when I registered for this forum but I think that question may be randomly generated eg. not always the same one. So I'm not sure how I can validate a person being real...

Any thoughts?

[greenace92]

How about if I asked "What are the last three characters of your email account before the @ symbol" ?

I think that a "hacker" could try and attempt random possibilities eg, a,ab,abc,abcd, and then eventually match those somewhat "random" strings especially since the email account was stored.

I stored the email in case of a password reset

[greenace92]

I'm actually going to use a smtp-email-validation from google which I'm still not sure if that is enough

[Arjay]

I'm actually going to use a smtp-email-validation from google which I'm still not sure if that is enough

Please define, "still not sure if that is enough". What are you hoping to accomplish? If the email address is a valid address? If so, what problems do you see using google's smtp-email-validation?