twilio.com email security: SPF, DKIM & DMARC
Is twilio.com spoofable? See twilio.com's SPF, DKIM, DMARC and MTA-STS records and find out if this domain is protected against email spoofing.
Last updated: June 3, 2026
SPF
OKv=spf1 include:twilio.com._nspf.vali.email include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~allDKIM
OKSelectors: k1, smtp, s1, s2, zendesk1, zendesk2DMARC
OKv=DMARC1; p=reject; rua=mailto:dmarc_agg@vali.email; ruf=mailto:dmarc@twilio.comMX
OKsmtp.google.comRecommendations
1Add MTA-STS to enforce TLS encryption for incoming emails
Without MTA-STS, an attacker performing a man-in-the-middle attack can downgrade the connection between mail servers to plaintext, intercepting emails in transit. MTA-STS tells sending servers to only deliver via TLS with a valid certificate, preventing downgrade attacks.
Run a live analysis
The results above are updated daily. For an instant check of twilio.com, run a live analysis.
Analyze twilio.com liveFrequently asked questions about twilio.com
Is twilio.com spoofable?
No. twilio.com is protected against email spoofing with a robust configuration. Email security score: 90/100 (grade A).
Does twilio.com have an SPF record?
Yes, twilio.com publishes an SPF record (~all qualifier).
What is twilio.com's DMARC record?
twilio.com publishes a DMARC record (_dmarc.twilio.com) with a p=reject policy.
Does twilio.com use DKIM?
Yes, DKIM signatures were detected for twilio.com.
Want to test another domain? Run a free email spoofing test.
Guides to understand these results
SPF Guide
Understand how SPF defines which servers are authorized to send emails for a domain.
DKIM Guide
Discover how DKIM cryptographically signs your emails to guarantee their authenticity.
DMARC Guide
Learn how DMARC orchestrates SPF and DKIM to protect your domain.
MTA-STS Guide
Learn how MTA-STS enforces TLS encryption to protect your emails in transit.
SPF vs DKIM vs DMARC
Compare the three protocols and understand how they work together.