I got a bit different idea about verify email, instead of sending a mail to my client with unique message to verify against my server, I will not send him nothing but ask him to send a mail to me, then I check the sender and the unique message in the mail and verify that email.
Basically the user will click a button a new mail box will open with all the data already filled in, and what he will have to do is to press send.
My question is: First can this work? And second how safe is it in compare to the official way with all its disadvantages. I just want to know if I am not opening any new security risks.
So instead of the standard "please click on this link to confirm your account" you want to offer your user to send a mail upon creation of his account ?
I don't see where your solution is any better than the original one. You'll have to receive tons of mails that you then have to analyse if the information inside is correct. That means that the work to verify an account is only done somewhere else.
original one: you send a url via mail and if its opened you activate the user. The logic can be implemented for example with a simple servlet. You could encrypt the user's database entry in the url and all that's left for the servlet is a simple db lookup.
your one: you receive identification via mail and run your logic over the mail.
However one possible problem is that it's feasible to modify the address a mail was sent from. You could never be sure that there really is a mailaccount behind the mail that was sent to you. Another even more dangerous flaw is that malicious users could spam the mail account you're using. In the original solution any incoming mails can be discarded but you have to store and process them.