Associating unauthenticated chat and messaging with an end user

Using an incognito window, I created a messaging conversation, and when prompted gave the email address of a known end user. I understand that it is an agent responsibility to be critical of who is chatting if they're not authenticated, but it doesn't line up that way on the backend. When they provide that email address, it gets added automatically, without verification to their interaction/ticket history by the system. 

It seems like this means that false records can be created and attributed to an end user without their knowledge. Is there a way of separating known interactions or ones that are verified in some way (ie via email) from ones that aren't?