Did you take this any further @edent? With Wordpress (& hence gravatar?) feuding with its own ecosystem it seems prudent to revisit!

I’m a little cautious about using plain text to lookup the email, as it exposes all your email addresses by inspection of a static site’s code (or if a site that uses this mechanism doesn’t proxy, so exposes your otherwise private signup email).

Using a hash of the email instead of the email’s local-part to resolve this (à la gravatar) still allows a fairly easy approach to uncovering email addresses (seek hash collisions), but I guess a person could just not use this method if an email address needs to be harder than that to sniff out.