I believe you are on track; add a parameter to the URL that you can test on page-load.
You could create a GUID and add a table to the database where you store the email address and the GUID; this will make guessing parameters almost impossible. You could also add a timestamp to the table in the database, which you can use to see if the link should still be valid.
Table cells: email, GUID, timestamp