[eluser]takasia[/eluser]
Not fool-proof but light and working :-P
I use the timestamp hashed and stored in the DB as a unique key, with a flag checking if it was used or not, if the flag says "used" - the key will couse error.
Not deleting the key every time it was used is usefull if you want to check if it's unique but takes place.
If you need really a lots of URLs with timeout, adn don't want to put all those data to the database, and you are worried that some smart users might do like Atharva says, you can always try to hide the unix timestamp adding some numbers or letters, so it wouldn't look like a timestamp to an avarage person.
You can also add the now() timestamp of the time that URL was sent to the user combined with the timeout timestamp.
Anyway, unix timestamp doesn't look like a timestamp to an avarage user so I'm not sure if there is so much to worry about.
If you need REALLY secure way to do this, you might try one-time-password.