For email authentication, verification token should not be one time used..there should be validity but should not be single.. current issue is that token is used by safelinks in Outlook and it got expired and customer facing invalid token issue..this must be resolved