That's a great point. Apparently gmail and fastmail, which are what I use personally, don't do this, so it's not something I came up against in my testing. I'm definitely going to need to handle that.
Test with Outlook, they tend to be the most aggressive at hitting links. Gmail is based on some reputation secret sauce or possibly a random number generator. You'll also want to test sending to domains that use FireEye and similar security products.
In general: links will get followed, javascript will be executed, buttons will get clicked, and subsequent links will be spidered too.