If you are actually going to use the address given, it makes sense to verify it to prevent abuse.
Not least because you risk having your ability to deliver e-mail severely jeopardised by abuse if you don't.
https://plus.google.com/+LinusTorvalds/posts/DPY7H4a9Ma5
> Somebody signed a Change.Org petition in my name, and using a really old email address of mine.
> So since I apparently had an "account", I reset the password, and made a petition of my own.
> Change.Org - please change your dickish ways. Ok?
It didn't require a script, either. When mailing lists and other automatic email sources let you add destination addresses without closing the confirmation loop by sending a test email, you can denial-of-service email addresses with just an SMTP client.
The really nasty part about this attack is that it's not just bandwidth amplification. Normal amplification attacks go away when the attacker decides to stop sending packets. With mailing subscriptions, the badly-configured mailing lists keep sending the attack on their own.
