Catching and storing emails is what you're asking for, storing for say a period of time, allowing the anonymous (as far as JIRA is concerned) user to click on a link with a magic unlock link (and perhaps even a captcha, thereyby validing you are not a bot, anonymously, and allowing the anonymously submitted email to be processed.

AFAIK this is not currently possible, but is certainly a future feature for JEMH, added as https://studio.plugins.atlassian.com/browse/JEMH-485

If you want to avoid token email confirms, you could use email signing as discussed which can be detected ahead of the 'bounce validation', thereby avoiding the recurring bouncing by users, but the overhead in setting up en-masse user email signing could be a lot of effort.

But what if we want to verify email for a registered user. What i mean is that when we make our jira instance public, anybody can sign up in jira. But how to verify the emails of these newly registered users before allowing them to create issues?

Yes that could work, ideally you wouldnt progress the email through to an issue until it had been validated at all, giving opportunity to time out and reduce 'cruft' in JIRA. I'll make a note idea :)

One thing which we can do here is automatically send a mail with a verification code to the email provided by the anonymous user at the time of issue creation. Make some workflow changes to add a transition before "open" status of issue such that any issue created will not go directly into "open" status but remain in say, "verification pending" status. Then user will enter the verification code that was sent via mail in a custom field and then the issue status will be changed to "open" if code is matched, otherwise display an error message. what are your views on this approach guys?

Taking 'anonymous' to mean 'they dont have a JIRA account yet' rather than 'I dont want you to know who I am' :)

Validating email addresses isnt easy as they can easily be spoofed. You can do some things to validate the email address, for example whitelisting or blacklisting certain domains (well, JEMH can anyway). If you still want more, then perhaps your mail server can enforce some levels of trust (Sender Policy Framework). At that point, the way up to go with signed email, which isnt terribly commen (but JEMH is starting to work towards supporting).

SMS? How would the related text message be routed, a directory? from LDAP? and the answer would be? YES I sent that why did you ask?!, Ive not seen that approach before, usually, as others have mentioned a webform and captcha would be an appropriate solution, with the _system_ then sending on email, but its still.... spoofable....

I am looking for the implementing the same. Any update on this issue vishnu??

Hi Thanks for your response...

To be more precise.. I am asking for verification of Email ID and sms to avoid Junk /Spum queries.

Before generating the ticket anonymous user should get the emai/sms verification on his email/mobile. Is it possible in jIRA ?

If your intent is to avoid spam, there are capcha options to be set in the server settings

Um, that doesn't make sense. The point of anonymous access is that it doesn't require you to provide anything that would identify you. If you want some form of verification, then by definition, you are no longer anonymous. That's what user accoutns are for.