Account verification workflows have always perplexed me. What I’m referring to are the common steps you usually have to go through to register a new account on a site:
I understand the logic behind this (spam prevention, guaranteed means of contact, etc), but the task is arduous and repetitive. It’s also problematic if you sign up for an account on a computer without easy access to your email account. Not everyone uses webmail. In the process of brainstorming solutions I started pondering whether it might be possible to use SMTP email as a mechanism for performing stateless web services. The fundamentals are the same as services over Http. The only difference is that, email servers do not expose hooks for acting on incoming messages. You’d have to use a specialized SMTP server in order to get this functionality.
Or would you?
Every halfway decent email client I’ve ever encountered has a rule system for preprocessing incoming mail.
So, in your client you could setup a rule to forward certain messages on to a third-party mail server with Xml message handling capabilities. If the email met the criteria of an web service request, it would be forwarded on to a third-party mail server for processing. Your personal email address now becomes an Api for any number of exposed services. Getting back to the start of this post, one of the Api calls could be a check to verify accuracy and authenticity of a user’s email address. I could see this easily tying in with centralized authentication providers such as Windows CardSpace or OpenID.* Taking things even further, I could imagine using something like Yahoo! Pipes to redirect incoming email Api calls to fourth-party web services translating responses back to plain text or html via XSLT.
Doing a bit of searching, I see I’m not the first
to come up with this idea. I even found a ready-to-use Python implementation of the whole process. However, no one has really embraced this approach. It could be I’m crafting up technology for technology’s sake here (admittedly not the first time). However, there is something appealing about the idea emailing a friend with a WSDL request and getting a list of services their email can provide me.
Of course, this does leave me with another unanswered question. How do you avoid the email address verification for the third-party provider? 
* Yes, I realize this is a naive brain-dump that doesn’t consider security or privacy.