One way to achieve that could be to keep a list of allowed emails in a table and when a user wants to post something he enters his email (only) on a page, then click a button that triggers an action.
This action could be done with an external automation tool or if you wait for Baserow 2.0 you’ll be able to use the internal automation tool.
The action first generates an UUID and adds it to the row of the corresponding email. Then it sends an email to the user only if the address is found in the table. The content of the email is a link to a page with the UUID as path param. When the page opens the user can upload his files and with the UUID you know which user has actually uploaded the file.
The UUID could have a TTL of 10 min to avoid reusing the same UUID later and secure it. It could also be one time use if you delete the UUID as soon as it’s used.
Does it makes sense?