Twilio is a great service for developers who want to integrate SMS, MMS, and voice features to their websites and applications. One of the great things that twilio does is provide status updates on the messages you send. Letting you know if they are Queued, Sending, Sent, or Delivered. However these status updates come from a Proxy that is Cloud Hosted, and does not originate from any specific IP or block of IPs. When I submitted a ticket to Twilio asking for the IP blocks they use, they said there are no set of IPs used, and that they are constantly changing.
For me this is a problem. I run a very thick firewall, with over a dozen rouge countries blocked, plus any botnet, or hacker is instantly added to my firewall. For Datacenters that seem to harbor these low lifes, I have looked up their IP blocks and firewalled the entire datacenter. These precations have gone a long way to eliminate the amount of mail and form spam that would usually waste both mine and my client's time.
However After a little digging through my Access Logs I have been able to compile a list of IPs that Twilio has used to access my server. Hopefully these will help others who need at least something they can whitelist on their firewall for twilio. Seems they are using cloud hosting services by Amazon.com and Amazon AWS. Most of the requests come from the 220.127.116.11/8 Block, and a few from 18.104.22.168/8 block.
This is great as know I know which IPs to whitelist on my server, but its also bad because in my experience Amazon AWS tends to harbor spam bots and comment spammers. At one point I completely firewalled their known IP blocks.