Maybe there should be some transparent way for mail servers to request public encrypted keys to an email address and any incoming mail gets decrypted by the private key. So if someone hijacks your domain any password reset emails should be gibberish unless they magically got the private key, in which case you have worse problems.

This is the only technique I think might work till someone social engineers people at Twitter.