Do people actually still use PGP, though?
This is the part that makes this much less serious. I would hope that anyone capable enough to use PGP to begin with would also know not to have their client pull in anything external. I'm gradually moving to Protonmail as my e-mail provider, and it defaults to not downloading any external images (a setting that I have, needless to say, left alone).