He mentions these 3:

"- Every email address that exists out in the world is now wrong. - Every piece of marketing material is now incorrect. - All of the SEO is gone."

but it seems to miss even the biggest one, which is that you are effectively locked out of any online business accounts, your bank, your crm, anything that says "we noticed an unusual login, please enter the code we just sent to your email to verify the login."

Yep. Binding 2FA flows to email is risky business for a lot of reasons, but registrar incompetence might be the spookiest thing of all.

exactly, few years ago I was thinking to bind all on domain email, thinking when I own it, I can host anywhere and seemed best option. After thinking it through, had to stick to a gmail, again. Due to the possible catastrophy scenario!

Luckily in EU, they still hardly depend on presencs validation, therefore all these sorts of errors can be resolved in couple of hours.

The cascading effect is unimaginable since everything tied to that email.

It is similar like losing phone or sim or even being in a foreign country where you can't access your number but worse.

That’s such a good point I didn’t think about!

Also huge opportunity for scams etc if this ever was a targeted takeover type thing. Emails and other stuff go to the same domain, and an impostor could just keep answering correspondence like nothing had happened

And even worse, if I wanted to take over npmjs.com tomorrow and godaddy would kinda... just hand it over (?!?!?!) then i could probably become a crypto billionaire overnight

Really toxic security anti-pattern.

I’m locked out of my 20 year old wikipedia account because they instituted 2fa without asking and my email on file was no longer valid.