Passing email address in query string

Question

This question is more theoretical. Is it save to be passing email address in query string like:

www.something.com/[email protected]

I am using this in one project, but i would like to know what are the downsides. Cause some big services are avoiding this, for example Gravatar wants you to convert email address into MD5 hash and then pass it in query.

Thanks for explanation

Answer 1

The main one is privacy.

Take Gravatar for instance. The traditional usecase is rendering an avatar for each comment. If you were to put the real email address in the query string, then you would be publishing the email addresses of everyone who commented (perfect for harvesting by spam bots or for harassing people who make comments that you disagree with).