> > How do we implement this without writing anything to the DB until the user > has clicked on the link in the email? >
Interesting. Maybe put the email address in the link, and also hash the email address using a private key and add that to the link as well. When the link is clicked, check that hashing the email address with your private key matches the hash from the link. I think that would confirm that your app (or at least someone with access to your private key) generated the link. You could then create an account for that email address. Anthony
