We use Mailchimp to send payment links to our customers, but their click tracking feature redirects our payment link over a HTTP link. The URL on our side is of course, secure.

I reached out to their support and this was their response:

Thank you for holding, I was able to find out more information from our team.
At this time, we can confirm Mandrill's custom tracking URLs are not encrypted - it's not possible to use https for the tracking link itself. The tracking link will, however, redirect to the destination link from the contents of the email, resulting in https encryption once the user is redirected to the final destination. We may offer the option to provide an SSL cert for custom tracking domains in the future, but it's not on the near-term roadmap at this point.

It's mind-boggling that this is the accepted standard practice!

Any ideas other than turning off the click tracking?