User sends a request. They must include: email address website and a PIN User expects: The person responding to give that PIN back. No PIN = No trust. (PIN = any 6 digit number for example) Would that work as authentication? P.