Avoid "resend verification email" confusion

Let's assume Alice has a Gratipay account https://gratipay.com/~alice and an [email protected] email 1. Mallory creates an a‎**1**‎ice@foo\.com email address, base64-encodes it, and sends Alice a link https://gratipay.com/~alice/emails/verify.html?email2=YTFpY2VAZm9vLmNvbQ~~&nonce=x 2. When Alice opens the link, she sees a notification "The verification code for [email protected] is bad. Resend verification email" 3. If she clicks the "Resend verification email" button, that fake a‎**1**‎ice@foo\.com email will be automatically associated with her account, and a valid verification link will be sent there. 4. Mallory opens her a‎**1**‎ice@foo\.com inbox, gets the verification link, and sends it to Alice. 5. After Alice opens it, the email will be successfully verified, so Mallory will receive all Alice's notifications. **The way to fix:** You shouldn't give Alice a chance to accidentally add any emails to her account, without knowing that: on step 3 a verification link should be sent only if the email is already associated with the Alice's account. If no, there should be just an error message with no "Resend verification email" button.