This approach is easily subverted. A bad actor can easily submit an email address and complete the confirmation without having any access to the email account. That is because the confirming URL is totally predictable, once the method is known.

A more secure approach would generate a random value for the confirming URL in the email and check that the value submitted as part of the URL when a confirmation is attempted is the same value that was given in the email.