I've seen some very sophisticated setups out there. Some are to the point where they send you the email with some fancy code in it (not so fancy actually) with a unique ID number in it, and when you read the email it obviously goes back to their server to load the images, and they register that ID number and have just verified that your email address is indeed active and used. Floods of spam will then ensue.
So yeah, disabling HTML is probably a good idea anyways, as well as turning off the Preview Pane in Outlook if you use it. You don't want people sending you emails to be able to run scripts/html in it, that's just ridiculous. Normal people don't send fancy HTML emails, most companies don't either, and the ones that do have an option for a non-html email.