Currently there is no process and any new email address is accepted.
I think we could do it like this instead:
- User edits profile and submits form
- If email is different then:
- Do NOT update the real profile email yet.
- Save that new email in a user preference together with a random key.
- Send an email to the NEW address with instructions and a link containing the secret key.
- User finds the email, clicks the link, and a script:
- verifies the secret key,
- changes the profile email to the new one and
- deletes the user preference