rasputinsghost - 10:34 am on Sep 24, 2012 (gmt 0)

Assuming you have a registration page, you can send them an email with a link containing a unique id as a parameter - normally I use the record id from my users table.
This way you can be reasonably sure that the email address is valid.
You will also need a "downloaded" field in the users table that is defaulted to 0.
When the link in the email is clicked, it goes to a page that has a look if the id exists and what the value in "downloaded" is.
If it is "0" then update it to "1", drop a cookie that expires in 2 hours and redirect them to your application page. (the application page must only allow users in that have an unexpired cookie otherwise it must redirect to the "buy" page)
If "downloaded" is "1", redirect to the application page. If it is someone else then there will not be a cookie and he will be redirected to the "buy" page.
If he forwards the email to his buddy and his buddy clicks the link first, his buddy gets the usage and he gets the "buy" page - if he clicks first, his buddy gets the "buy" page.
Good luck - hope its profitable for you.