Is your account with the DNS registrar who controls your MX record 2FA-secured?

>[...] via encrypted SMTP

In addition to establishing a secure socket, does the mule validate the mail server's TLS certificate name?

Yeah but (a) by not supporting U2F they suck (b) I don't want them to use 2FA as a magic excuse to get my phone number

Oh I've done that too before. If they only give me one RSA token and no backup, then that's what i do.

> set up a webcam and put their RSA token under it.

That's only stupid if anyone other than you has access to your webcam.

I've done exactly this. Well, my SO did it at my direction since I was in another country and had forgotten to take the token with me.

It's hit or miss and that is why I am basing this on an honest-to-god mobile number on a SIM card. I don't want to deal with the finnicky number validation that is done ...

It's very easy to forget to send the sms, which will then make you loose your number. The carrier will take the number back and assign it to another person.

- If you use different services with the same SIM, using a phone number to identify you across platforms is my primary concern.

- Yet, confirmer SIMs can't really be throwaways. I'm 'stuck' with a prepaid the same way people are stuck in to gmail — they have 400 accounts with the e-mail address.

I've had it before, where I got locked out of accounts, with no way to delete the account, or even do a data takeout. The only way forward has been the same SIM.

The only way forwards would be to 'start a SIM farm': buy those SIM slot AliExpress boards, and sell(/use) a forwarder service.

(here is business plan, on how risky, and expensive to the customer it'd be)

The 'challange' is keeping track of multiple people, to avoid same-site conflicts. Users would hopefully be encouraged to tell where they are using the phone, as to not get an used one themselves.

For Estonia, the minimum of keeping alive a prepaid is topping up 3€ every 6 months, per SIM (whereas new is 1€).

Of course, IoT numbers are available, but they aren't likely a valid option, as they definitely aren't meant for burners, and even a single misuse/complaint would likely shut everything down. More on this later.

Assuming there would be (monthly) paying customers, prepaids could do. It'd be a bit pricey, I'd start at ~10€/mo/user, assuming small users (few sites) would use the same sites, and larger ones needing many, many numbers. Billing per new site isn't likely very cheap either.

That aside, hardware is the most concerning, AliExpress pricing is 12-22€/slot depending on how bulk you go. Hundreds or even few thousands of euros in upfront needed. (Side note, on a >100 users scale, old phones etc aren't feasible; otherwise go with android dual SIMmers (using feature phone nokias for the price of nothing and stuff would be cool, but custom fw, and soldering each one isn't worth the time), and WiFi (on the scale WiFi stops working, you'll have bigger problems to deal with, and it'd be extra hardware cost as ell) (Side note 2: 'sim banks' exist, what allow to connect many SIMs to one modem, it'd bring the hardware cost to ~2€/sim, unsure if they can be online at once (though 'click here and wait 5-10s before clicking send SMS' could work for the user); even if they can be online, you still run in to the interference and 'why is there 1000 phones in this house' problem)

I'd say after a few hundred, it probably makes sense to start building them yourself.

For a good user experience, you have to keep them always online as well. Building a SIM-switcher would be likely as expensive, as well. The real concern is interference and infrastructure — having hundreds or thousands of devices in the same spot will not work well in physics, nor the service provider coming knocking.

Now, even small scale, it'd make sense to be your own service provider. This way you could get SIMs, and can connect directly to the network. You could emulate devices a this point, not needing any SIM cards either.

Problem is, all of your network activity is for SMS confirmations. That is going to get many strange looks.

The bonus of being in a small country is, that the other way, you can be friends with the person, who happens to be a head or person actually doing things, at a telecommunications provider.

Though, on a large enough scale, you're going to have actual overhead to their network. That's when you'll need to start paying for the service. Pricing for businesses isn't cheap.

**

Well, that was a wall of text. Insanities.

So — assuming you aren't a large-enough service provider already, normal long-term vEriFiCatIoN is deadly, assuming you need captchas on many accounts.