Storing an email address in session data - file driver, unencrypted

I have a contact form on a users profile that any visitor can fill out to send an enquiry. They then have to confirm they're email address/enquiry before the message gets sent to the user who's profile it is.

There is a chance that a visitor might want to contact a few other users via their profile contact form. I don't want to create an account for the visitor as I don't want to store the data for a one off enquiry but don't want the visitor to have to confirm their email address each time they submit an enquiry.

I have thought of two options:

1. Store the email they confirm in a session variable so that if they send a second enquiry I simply check to see if they have already confirmed the email address.

2. Simply lookup in the db to see if that email already exists in the enquiries table where it would be stored for a short while.

With option 1, I am using the file session driver, encryption set to false. Is this an issue if I were to be storing an email address?

With option 2, I guess the only thing would be that once that email address has been confirmed any body could submit an enquiry with that email address which would automatically be confirmed. But the likelihood of that is minimal.

What would anybody suggest?

Thanks!

Ralph