Another step I might suggest to enhance the user experience a bit is to send a second email with the encoded URL at the time the system determines he/she has not responded to the first... in case the first was accidentally deleted, missed, etc.
So if the user hasn't replied to the verification email in X days send a polite reminder that if they don't respond to this one their account will be moved to "require verification" or removed.
A simple popup reminder to check their email each time they start a new session until verification occurs may be effective also.
