We deliberately implemented the initial version of email verification in a fairly open way with a view to getting a discussion going about how further restrictions may work. If you could explain for us and others a little more about what you're trying to achieve and how you see the restrictions working, then we can get another request started for restricting what users can do pre email verification.