There's no safe way. As soon as you start sending tokens that grant complete control over the account in normal/regular emails, you've reduced the account's security.
A good way I can think of is to include a user's secret (hashed password or whatever), HMACed with the number of the week. This way, the token expires at the end of the week. There would be a problem with links sent late Sunday, but I guess you could always try verifying with the previous week's number as well.
Of course, I'm not sure if this is faster than storing random tokens in the database and expiring them, but it sounds like it should be.
PGP-encrypted emails? It becomes a question of security vs convenience eventually with security considerations (Someone mentioned dating sites are more engagement > security).
There is no 'safest' way with encryption. It's a matter of time before it's breached.
For example, Canonical's Launchpad requires you to sign "code of conduct" with your GPG key before doing certain actions. And, if I remember correctly, they do send GPG encrypted emails for key ownership verification.
I would also make each link only auto-login at most once per message (or maybe once per week across any message). You could also make the auto-login fail if any images from the message have previously been loaded from a different IP.
I would use the same implementation as a password reset token - generate a hash and store it with a time-to-live - but I would probably be less lenient with the TTL (although as has been discussed, not for any real good reason).
First thought would be to encrypt a query param with necessary info and add a few day expiration on the link.
Any good articles on doing this as intelligently as possible?