You can set up a special POP3 box for incoming emails, and have a script check that POP3 box on a regular basis using cron.
That’s not the solution I would recommend.
If you want to validate email@example.com, send a message to firstname.lastname@example.org containing the link
How do you get SOMETHING?
$addr = ‘email@example.com’;
$salt = ‘4q’;
$something = crypt($addr, $salt);
When you user clicks on the link, you simply run the crypt function on the addr in the URL and see if it matches the val in the URL. If it does, you’re in like Flynn.
This is not a very secure system. Someone can ask to validate several email addresses, and figure out what you are doing. That makes it possible to validate addresses that they don’t own.
Toss in a function that mangles the $addr, and a function that generates new $salt values every day (you would want to test against the last 21 days of $salt values, and warn people that the validation email expires in two weeks) and it starts being fairly safe to use.