Thanks Ben, it's always good to know what others have done.
Just to clarify: the users start out in state authorized, your proc moves them from state authorized to state needs_email_verification and then OpenACS and their email verification move them back to state authorized?
