'It's normal usage' doesn't mean it's okay to a normal person or in any way reasonable. Hence all the privacy debate in recent years. Personally, I'm not okay with tracking pixels and would turn them off if I could.
Gmail will download images and serve them from Google servers to prevent this issue. Perhaps you can setup a similar plugin to automatically upload images to imgur or similar before the client displays them.
An email client fetching images is useful, and shouldn't need to be turned off. If someone sends me an email with a graph embedded, it's a great feature that it will show up where it's supposed to. Using that feature for tracking is an abuse of it, plain and simple. There's no way that was an intended part of the design.
Any reasonable embedding of a graph should be as an attachment that your client receives at the same time as the rest of the email.
> There's no way that was an intended part of the design.
There is certainly a way. And regardless of whether it's intended, it you're dead-set on configuring your system so that it automatically contacts arbitrary 3rd party servers, then you shouldn't be too surprised when that happens. "Bad guys" are known to be opportunistic.
This exact mindset of "here's a feature, I'm sure nobody out there on the Internet would use it maliciously" is what brought us several decades of Microsoft software vulnerabilities.