I think if you can describe functionally what you’d like to happen in detail, not worrying too much about the technical implementation details, that would be really useful, and there may well be a new Feature in here.
If the systems don’t have a lot of history of you sending email from a domain successfully, they don’t trust you. If you send a lot of unsolicited emails in one go, that could hit your reputation on the internet and you could be listed as a source of spam, which will be quite harmful to your legitimate operation as a bunch of email services could start to block your future emails.
OK, so maybe a sign of trust is use of a special URL, one containing a key in a parameter. This can be shared and is far from secure, but at least you will have some idea that this is probably a legitimate sign-up that should be let through without an approval. You give it an automated 30 day timeout after which approvals will kick back in (so you don’t lose additional legitimate if late sign-ups).
Sounds like a Plugin in the making then …
If that sounds ballpark what you want I’d post this in #marketplace for a freelancer to pick it up.
Having been in this business a little while I know that getting people to sign-up to your Discourse is not that easy. So this seems a lot of effort to go to as who is really going to abuse your forum, most people will simply not follow up? Even the legitimate ones. Those that really want to use your services will surely make the effort. How big is the risk that undesirables are going to sign up? Aren’t you going to have exactly the same outcome if you simply share the normal discourse URL and for 30 days allow all sign-ups without approval?
I don’t think making a plugin to distinguish between those who have this code and those who just navigate to your site without it is going to be worthwhile. It wouldn’t be 100% secure in any case.