There is no "industry standard" for doing this. There are many innovative ways to do so. In short - if it works, it works.
The most common approach usually involves
- Generating a random code
- Storing that code in a database
- When a request is made to verify their email address, search the database for the code. If it exists, you can mark the user whom the code belongs to as verified
This is pretty simple to do. It seems to me like you are getting stuck at the "Generating a random code" part.
There are 2 basic approaches to do this.
1) Generate a random number
2) Salt the email address
Generate a random number
You can generate a random number that acts as a code. This can be done by the following:
Random rnd = new Random();
int n = 100000 + rnd.nextInt(900000);
Which generates a random 6 digit number. It can be tweaked to accommodate for higher numbers. The problem with this method is that if you are dealing with a large userbase, it is likely that randomly generated numbers will start running out. You will have to add verification methods to ensure that the generated code has not already be used.
Salt the email address
This is the most simple method to do. All you need to do is make sure that there can be no duplicate accounts with the same email.
For starters, you need the user's email address, and their register date (for salting). You can concatenate the two strings, then perform a cryptographic hash. If you don't know how to perform one, just go here.
The benefit of this is, there is infinite possible combinations for a code.
Example:
Let's assume that my email was notmyaddressbutstilldarngood@domain.nice and the System.currentTimeMillis() returned 1605486656, you would be hashing notmyaddressbutstilldarngood@domain.nice1605486656, which returns 95e3dde92f8bb07e43b77c085f1ff2f166e1b9426f9b2f7a685171f4cd66b39c. So your website link would be
www.abc.com/verify?id=95e3dde92f8bb07e43b77c085f1ff2f166e1b9426f9b2f7a685171f4cd66b39c
