When I click on the link, information about which websites I had visited before, my IP, etc., will
be sent to the "evil" website. Using that data it's able to do malicious stuff on the server I visited last, since I had already logged on before.
The only compromising data is the referrer, or the URL to
which you had been to before. It cannot tell which "websites"
you had visited before, only the previous page. Yes, your IP
is known, but it is known anyway, to every site you visit,
and to everyone you email. Furthermore, most (if not all)
browsers only send the referring information if you click on a
a link, not if the browser is invoked by an external program.
So this is only an issue with web-based email readers.
In summary, there is nothing to worry about. Just don't
put information like passwords into URLs when writing scripts
(a bad idea for more than the reason mentioned here) and
everything will be fine. I really doubt that any major web
mail services do such a thing anyway. Such holes were patched
a long time ago.
As to how to avoid them while writing scripts (which almost
makes this a perl question, but not quite), just store
and/or use HIDDEN input tags.