It’s a start, but 2fa can’t stop spam.
If one can automate account creation including saving totp secrets, you suddenly have 2fa authenticated bots able to send spam.
Maybe you could get around that to some extent by leveraging sms verification during account creation, but how do you set that up to prevent burner numbers? Or smishing?
These are hard problems to address
Those hicks are the ones that won’t pay attention to if there’s a crosswalk.
They are the problem.
Fuck catering to them