Email privacy

Our email communications to our users are an important link to hundreds of millions of recipients who use Twitter regularly. As part of our commitment to continuous improvement in privacy protection, Twitter has enabled a number of email security protocols over the years. Since early 2013, Twitter has supported the security controls Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) with a reject policy to combat phishing and fraudulent email.

In 2014, we began using StartTLS, which encrypts both outbound and inbound emails in transit. Assuming your email provider supports TLS, it also ensures that emails you receive from Twitter have not been read by other parties on the way to your inbox.

In partnership with Message Systems, we have compiled this high-level overview of different providers’ email privacy practices as a way to provide greater transparency and insight to our users around how and when email security protocols are being used.

Click on any of the provider’s names below to see which STARTTLS standards they employ.

??% of messages from Twitter to other providers are encrypted in transit

 
DomainSecurityVerified% Encrypted

Download the raw CSV data

Download Now

About the data

The data (updated every 24 hours) outlines the various email privacy practices of different providers from around the world.

Glossary

  • Domain
    • The name of the ISP.
  • Drill down data under Domain
    • Ciphers – The types of encryption used by that domain.
    • Protocols – The versions of TLS (if any) employed in the transmission of the message.
    • Algorithm bits – The strength of the encryption itself in bit form, e.g., 128-bit vs. 64-bit encryption.
    • Verification – The percentage of the traffic from a domain that is verified versus unverified.
    • Volume – A logarithmic measure of the relative volume of traffic for the domain.
  • Security
    • How does the ISP use TLS?
      • X – TLS is not used.
      • Empty circle – TLS is used, but there are some implementation risks.
      • Half circle – TLS is used, but Perfect Forward Secrecy is not enabled.
      • Full circle – TLS is used and Perfect Forward Secrecy is enabled.
  • Verified
    • Could the authenticity of the certificate used in securing the channel be validated?
      • Empty circle – Authenticity of the ISP’s certificate could not be validated.
      • Half circle – Some, but not all email traffic, could be verified.
      • Full circle – Authenticity of the certificates used for all email communication were validated.
  • % Encrypted
    • The percentage of overall email that was sent over an encrypted channel.