You can encode a URL like so:
http://yourserver.com/unsubscribe/<encoded-email>/<signature>
Where <signature>
is something like hash_hmac('sha256', $email, $secret_key)
. Encoded-email
can just be a URL-encoding of the email, or it can be an actually encrypted (AES+CBC+Base64 or similar) version of the email. Using full encryption would seem to be of little use though - since the person receiving this has their own email address anyway.
This signature scheme has the advantage of not needing any database storage, while remaining secure against malicious attempts to unsubscribe someone.