So there are at least three ways I can set this up to control who comments. As Dan and others have noticed, in the new system e-mail addresses are never diplayed on the website, although they can be viewed by the authors.

1. The current arrangement. Requires user to verify the e-mail address every time she comments. Problem: a bit of a pain.
2. One-time verification. This would require the user to verify the address the first time she comments, then that address is stored as automaically approved for future comments. Problem: can be abused if I want to impersonate somone whose address I know.
3. User registration. This would force users to actually register on the site before being able to use the comment form. This has the added benefit of allowing folks to create and manage their own profiles, but I have ot figure out how to make those visible. I don't think it would prevent them from registering with a fake address, though. Problem: bigger pain in the ass, and I'm not sure exactly how it will work .

What do y'all think?