Email Avatar API (get the profile picture of a user, given the email address)

[collimarco]

Introduction

A standard API that allows to get the user avatar (profile picture), given an email address.

Use Cases (Recommended)

• Display the user avatar in a email inbox
• Display the user avatar in the top navigation of a website
• Display the user avatar in a forum

Proposed Solution

1. Compute the sha256 hash of a user email (USER_EMAIL_SHA256)
2. Make an API request to the user email domain, using a well know endpoint: https://example.com/.well-known/email-avatars/{USER_EMAIL_SHA256} (if the user is user@example.com)
3. In the response, get the URL of an image that can represent that user

Alternate Approaches (Optional)

• Gravatar is a similar, but proprietary approach. This would be an open standard.
• BIMI (Brand Indicators for Message Identification) is just for the domain, not for specific users

Privacy & Security Considerations

The profile picture is public and anyone who knows the email can get the picture. This is not something surprising and the email provider can simply inform the user that the avatar is public (e.g. in the avatar upload form or in the Privacy policy).

Let’s Discuss (Optional)

I am open to any feedback on this idea.