An email client fetching images is useful, and shouldn't need to be turned off. If someone sends me an email with a graph embedded, it's a great feature that it will show up where it's supposed to. Using that feature for tracking is an abuse of it, plain and simple. There's no way that was an intended part of the design.
Any reasonable embedding of a graph should be as an attachment that your client receives at the same time as the rest of the email.
> There's no way that was an intended part of the design.
There is certainly a way. And regardless of whether it's intended, it you're dead-set on configuring your system so that it automatically contacts arbitrary 3rd party servers, then you shouldn't be too surprised when that happens. "Bad guys" are known to be opportunistic.
This exact mindset of "here's a feature, I'm sure nobody out there on the Internet would use it maliciously" is what brought us several decades of Microsoft software vulnerabilities.
