diff --git a/lib/auth/managed_authenticator.rb b/lib/auth/managed_authenticator.rb
index 5530f5bc6ba..41f36a611fc 100644
--- a/lib/auth/managed_authenticator.rb
+++ b/lib/auth/managed_authenticator.rb
@@ -32,7 +32,7 @@ class Auth::ManagedAuthenticator < Auth::Authenticator
   def primary_email_verified?(auth_token)
     # Omniauth providers should only provide verified emails in the :info hash.
     # This method allows additional checks to be added
-    true
+    false
   end
 
   def can_revoke?
diff --git a/spec/lib/auth/managed_authenticator_spec.rb b/spec/lib/auth/managed_authenticator_spec.rb
index 02faefcd736..a91cae99331 100644
--- a/spec/lib/auth/managed_authenticator_spec.rb
+++ b/spec/lib/auth/managed_authenticator_spec.rb
@@ -6,6 +6,10 @@ RSpec.describe Auth::ManagedAuthenticator do
       def name
         "myauth"
       end
+
+      def primary_email_verified?(auth_token)
+        auth_token[:info][:email_verified]
+      end
     end.new
   }
 
@@ -16,7 +20,8 @@ RSpec.describe Auth::ManagedAuthenticator do
       info: {
         name: "Best Display Name",
         email: "awesome@example.com",
-        nickname: "IAmGroot"
+        nickname: "IAmGroot",
+        email_verified: true
       },
       credentials: {
         token: "supersecrettoken"
@@ -59,16 +64,21 @@ RSpec.describe Auth::ManagedAuthenticator do
 
     it 'only sets email valid for present strings' do
       # (Twitter sometimes sends empty email strings)
-      result = authenticator.after_authenticate(create_hash.merge(info: { email: "email@example.com" }))
+      result = authenticator.after_authenticate(create_hash.merge(info: { email: "email@example.com", email_verified: true }))
       expect(result.email_valid).to eq(true)
 
-      result = authenticator.after_authenticate(create_hash.merge(info: { email: "" }))
+      result = authenticator.after_authenticate(create_hash.merge(info: { email: "", email_verified: true }))
       expect(result.email_valid).to be_falsey
 
-      result = authenticator.after_authenticate(create_hash.merge(info: { email: nil }))
+      result = authenticator.after_authenticate(create_hash.merge(info: { email: nil, email_verified: true }))
       expect(result.email_valid).to be_falsey
     end
 
+    it 'does not set email valid if email_verified is false' do
+      result = authenticator.after_authenticate(create_hash.merge(info: { email: "email@example.com", email_verified: false }))
+      expect(result.email_valid).to eq(false)
+    end
+
     describe 'connecting to another user account' do
       fab!(:user1) { Fabricate(:user) }
       fab!(:user2) { Fabricate(:user) }