Comment 1 for bug 637968

PersonEditEmailsView.action_remove_validated() is the method deleting the email address. I thought it was already marking the address as OLD. The view is already hiding addresses form display because it selects by status.

How do we know what email addresses are being used to authenticate? I believe account reactivate is broken because when the user logs into Lp via SSO, We do not know what email to make preferred.

We could mark the address as OLD. On authentication (with the passed email address), we could check if the email address in UNVALIDATED/OLD and acknowledge to the user that he logged in with an unexpected address. If there is no preferred address, we could use the one passed by SSO. If the address is OLD and belongs to another account, I think we have two options: a) stop and ask the user to contact an admin, or b) transfer the email address to the other account quietly