1. Will this work without causing any security/general issues ?
Yes, that should work. The only security concerns you should worry about is someone discovering the eot.php script and then using it to send their own emails (e.g., using it to send lots of spam messages through your server).
The most basic way of preventing something like that would be to include in your URL a key (e.g. , &key=somethinglongandcryptic) and then checking if $_GET[‘key’] matches before sending the email. That way, if someone discovers the script, they will also need to know what your secret key is before they can use it to send emails.
2. How to avoid email landing in spam box.
There are lots of things that could cause messages to go to spam and I couldn’t possibly cover all of them here. I recommend researching on Google “how to pass spam filters with php mail”.
3. Am i missing something important here ?
It doesn’t look like it to me. I recommend testing the script by creating a test user and then setting their Automatic EOT time manually on their profile. You can set it to expire in one day and then wait for the email to see if it arrives. You could also add some logging routines to your eot.php script to save information about what’s happening to a local log.txt file so you can check that to see if anything came through.