I'd say there is no point in putting the email address in the link. If a person wanted to figure out this after they created a fake email, then already know the fake email and just add it to the link they will be spamming your server with to guess the random number. So just have the (large) random number (as random as you can get).
However, what you should do is put an expiration field for validation. You should only make that random number valid for maybe an hour or so. If they hit that link after the hour then it's no longer valid. This helps fight hackers since if they are guessing they need time and each fake account they register they get a new random number and only 1 hour of guessing time. If you can get a very long and good random number that should do a better job of fighting against hackers.
In your email have a support link for users to request another validation code and handle this manually so you can see any patterns happening. This should happen all that often.