Using GET for non-idempotent generally considered bad, but it seems that email is a place that non-idempotent GET is still used. I often see it on unsubscribe link.
Those are meant to load a page with a confirmation form that makes a POST request. The GET link can still expire over time, but must never be expired from a GET request: you never know when a link preview bot is going to follow links.
