It's not the worst way, but it's far from being the best way.
Sometimes you don't want the user to stop what they are doing, wait for an email to arrive, hope it doesn't land in spam, read it, click then link, and then continue. This is usually the case if you want them to buy something.
Secondly, what happens when they don't get the email? We had lots of problems where people where signing up from the following domains: gmail.cm, gmail.co, gmail.con, tmail.com, gmail.oom, gamil.com, hotamail.com, homtail.com, etc.
You want to firstly do some simple checks to see if it looks roughly like an email address. I like to see if it matches \S+@\S+\.\S+ (and ignore the few people with a top-level domain). Then you want to validate the actual domain to see if it's a misspelling of a popular address.
Sometimes you don't want the user to stop what they are doing, wait for an email to arrive, hope it doesn't land in spam, read it, click then link, and then continue. This is usually the case if you want them to buy something.
Secondly, what happens when they don't get the email? We had lots of problems where people where signing up from the following domains: gmail.cm, gmail.co, gmail.con, tmail.com, gmail.oom, gamil.com, hotamail.com, homtail.com, etc.
You want to firstly do some simple checks to see if it looks roughly like an email address. I like to see if it matches \S+@\S+\.\S+ (and ignore the few people with a top-level domain). Then you want to validate the actual domain to see if it's a misspelling of a popular address.