It seems the article and most of the comments here are nonsense.

The focus on http versus https in allowing surveillance of fetching the tracking pixel are all but completely irrelevant.

In any case, the domain name of the tracking pixel locations will be resolved through DNS, which is almost always unencrypted. So anyone on the LAN will see the DNS query, revealing the banking URL, in plain text.

The big issue here, which I couldn't find one comment regarding, is that the email client is interpreting HTML.

Use plain text email! Problem solved. At least use a "Simple HTML" or similar mode when viewing email. Where the HTML is rendered, but no links are followed.