As part of our commitment to the security of our users, Twitter has enabled a number of email security protocols over the years. Since early 2013, Twitter has supported the security controls Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) with a reject policy to combat phishing and fraudulent email.
In 2014, we began using StartTLS, which encrypts both outbound and inbound emails in transit. Assuming your email provider supports TLS, it also ensures that emails you receive from Twitter have not been read by other parties on the way to your inbox.
We compiled this high-level overview of different providers’ email privacy practices as a way to provide greater transparency and insight to our users around how and when email security protocols are being used.