Scenario:
User gives you an email address. Before they can sign up for services, they need to validate the email address - you email out a URL, they click on it, then they can subscribe to the services.
Questions:
What does the URL look like? I'm thinking a random guid would be OK.
Do you use that same random key for unsubscribe requests?
Are there any good open source implementations of double-opt in I should be looking at?