Verifying customers' identity

"Should we be verifying customers' identity via email when the email they are contacting us from is the same email they used to purchase a product from us?"

I assume you are asking if you need to verify the identity of the customer when he/she contacts you in order to excersice the data subject's rights. The answer is yes, you need to be sure that the indivual requesting to access, delete, modify personal data is the legitimate data subjects. 

Here you can find more information about data subjects rights:
Four main questions for obtaining and managing data subjects’ consent under GDPR: https://advisera.com/eugdpracademy/knowledgebase/four-main-questions-for-obtaining-and-managing-data-subjects-consent-under-gdpr/
Is consent needed? Six legal bases to process data according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/

If you want to understand how to implement GDPR compliance in your organization, you can consider enrolling in our free EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course/