diff --git a/lib/auth/discord_authenticator.rb b/lib/auth/discord_authenticator.rb
index 429ef0bb46f..2629e6d3690 100644
--- a/lib/auth/discord_authenticator.rb
+++ b/lib/auth/discord_authenticator.rb
@@ -70,4 +70,9 @@ class Auth::DiscordAuthenticator < Auth::ManagedAuthenticator
 
     super
   end
+
+  # the `info` block above only picks the email from Discord API if it's verified
+  def primary_email_verified?(auth_token)
+    true
+  end
 end
diff --git a/lib/auth/facebook_authenticator.rb b/lib/auth/facebook_authenticator.rb
index a92aefb97f0..48a57cd9aec 100644
--- a/lib/auth/facebook_authenticator.rb
+++ b/lib/auth/facebook_authenticator.rb
@@ -25,4 +25,10 @@ class Auth::FacebookAuthenticator < Auth::ManagedAuthenticator
            scope: "email"
   end
 
+  # facebook doesn't return unverified email addresses so it's safe to assume
+  # whatever email we get from them is verified
+  # https://developers.facebook.com/docs/graph-api/reference/user/
+  def primary_email_verified?(auth_token)
+    true
+  end
 end
diff --git a/lib/auth/github_authenticator.rb b/lib/auth/github_authenticator.rb
index 7a64e089fe2..865cb21e0c2 100644
--- a/lib/auth/github_authenticator.rb
+++ b/lib/auth/github_authenticator.rb
@@ -57,4 +57,10 @@ class Auth::GithubAuthenticator < Auth::ManagedAuthenticator
            },
            scope: "user:email"
   end
+
+  # the omniauth-github gem only picks up the primary email if it's verified:
+  # https://github.com/omniauth/omniauth-github/blob/0ac46b59ccdabd4cbe5be4a665df269355081915/lib/omniauth/strategies/github.rb#L58-L61
+  def primary_email_verified?(auth_token)
+    true
+  end
 end
diff --git a/lib/auth/twitter_authenticator.rb b/lib/auth/twitter_authenticator.rb
index cf61591bcd8..35f990bb667 100644
--- a/lib/auth/twitter_authenticator.rb
+++ b/lib/auth/twitter_authenticator.rb
@@ -23,4 +23,10 @@ class Auth::TwitterAuthenticator < Auth::ManagedAuthenticator
               strategy.options[:consumer_secret] = SiteSetting.twitter_consumer_secret
            }
   end
+
+  # twitter doesn't return unverfied email addresses in the API
+  # https://developer.twitter.com/en/docs/twitter-api/v1/accounts-and-users/manage-account-settings/api-reference/get-account-verify_credentials
+  def primary_email_verified?(auth_token)
+    true
+  end
 end