Feeling sorry for that person, too ... BUT I still do not see a reason to CHANGE the password.
The scenario looks to me like:
1 - The test email (no password here, just a 'Confirm email change, please' is sent to the new address AND,
2 - The user replies with an OK confirmation (only).
Now, the interpretation is 100% logic;
IF the OK comes back to Eric/JDEList,
THEN (we/Eric/anybody aknowledged that) the new email address is VALID.
ELSE, au contraire!
END IF
Thank you for your attention,
Adrian Chimirel
Programmer Analyst
LIVE: B732.1 SP12.2, Oracle 806
SANDBOX: XE SP13, 8i
RS/6000, Citrix, 200+ clients