Why does Gravatar require you to hash the email?

Question 1

It's to prevent exposing the email addresses to harvesting. If the raw email addresses were used in the avatar URL, it would be a simple task for spammers to harvest those email addresses for their nefarious purposes by scraping the HTML/DOM of any forum using Gravatar.

Question 2

There are two reasons.

Reason 1:

When you make a call to gravatar, the url looks like this:

https://www.gravatar.com/avatar/37dj383ks?params=blah

This means, on, say, a blog or internet forum, as a guest or signed-in user reading comments where gravatar images are used, the html source code would look like this:

<img src='https://www.gravatar.com/avatar/37dj383ks?params=blah'>

If they weren't hashed, your website's public HTML source code would look like:

<img src='https://www.gravatar.com/avatar/  bob_smith@example.com      ?params=blah'>
<img src='https://www.gravatar.com/avatar/  susan_suzanna@example.com  ?params=blah'>
<img src='https://www.gravatar.com/avatar/  jason123@example.com       ?params=blah'>
<img src='https://www.gravatar.com/avatar/  francisbakery@example.com  ?params=blah'>

Any website that'd be using gravatar, would automatically be leaking publically every single one of their own users' email addresses.

Reason 2:

The second reason is, any website that'd be using gravatar, would automatically be leaking to gravatar their users' email addresses.

If I sign up at a website, say, Stack Overflow, and I give Stack Overflow my email address, I don't want Stack Overflow to send my personal email address to other companies like Gravatar.

But if I have already given Gravatar my email address and set up a profile picture, then the hash of my email is a shared hash that both Gravatar and Stack Overflow know. Stack Overflow doesn't have to trust Gravatar. Gravatar doesn't have to trust Stack Overflow. But by simply providing the one-way hash of the email, neither has to actually hand out any of their users' sensitive information.