Unless you are offering only a single package, doing it via links in the mail will make for a rather choppy experience. At least, I can't see how a customer could order from distinct linkswithout going through the order process multiple times. It may function for a webmail user, but a dedicated e-mail client will likely cause the browser to just open separate pages/tabs/windows. (At least, that is what just happened as I tried an offer we got.)
I think a single encrypted customer ID and a hash of the offer sent in the e-mail should be enough assuming your company is not using homebrew algorithms... (you can throw more tokens in, but if the first one can't be broken, the rest doesn't really matter.)