Most people online seem to suggest that email verification should be a mandatory step in the registration process, because if the user were to ever miss type their email address then they would be at risk of losing all their data when they logout or if another user were to login with the miss-typed email address.
But in practice, most websites like indie hackers, reddit, airbnb, twitch, never enforce email verification during the registration (or even purchasing) process. So how do companies like these handle situations where a user has miss-typed their email address? I'm pretty sure this has happened quite a few times on their platforms given their large user bases.
sources:
- https://ux.stackexchange.com/a/111023
- https://www.forbes.com/sites/ianmorris/2017/08/01/when-companies-dont-verify-email-addresses-this-is-what-happens/#a393d1d148ea
- https://www.theseventhsense.com/blog/email-verification-and-why-its-important
So, please verify the address. You can decouple it, ie allow someone to go through the flow they're in, but only lock in the transaction (commerce, comment, whatever) once they've verified the address. If they don't verify the address in N hours or days, cancel the transaction.