In https://tracker.moodle.org/browse/MDL-36754, tokenpluginfile.php was added as a way to allow images embedded in email notifications to be seen by authorized users.  However, when those images are loaded by an email client, it triggers an update to the lastaccess for a user.  This can cause a situation where a user has not logged into Moodle (ever, or for a very long time) to end up with a recent lastaccess.  In the user filter, this will make it look like users have been active, while no activity will show up for them in the Moodle logs as they have not actually logged in.

Steps to replicate:

1. Create a new user with a valid email address
2. Enroll them to a course
3. Make sure they are subscribed to the announcement forum
4. Send an announcement to the user
5. Open the email notification
6. Check that the user has 0 for lastlogin, 0 for currentlogin, 0 for firstlogin, but a timestamp for lastaccess

Expected behavior:

1. lastaccess should not be updated when a user only interacts with an email.

(note that the versions affected probably includes 4.x as well, I just do not have a 4.x site up to confirm, yet)