Looking past at the issue, it seems many people don’t get the email because the email provider reject the 2FA Auth token email. Really Cloudflare cannot do anything here. It’s up to the receiver to decide what they want to do with email. They usually check the IP address to reject email due to that IP might be on a blocklist, which is again not a thing we can control. Due to nature of email, if some people may accidently mark something as spam, or the IP address of outgoing mail servers are being used to send spam(by other user of that same mail provider), then we’re risked losing email as well.
The only way to really avoid this is to use real MFA at first place(an app like Authy/Google Auth)
Also, another work-around is that you should use an email forwarding service that log email (even if it’s detect as spam), so even if the email cannot delivery due to it being reject as spam, they still has a log that they reject that email, and you can read email from that log. One such service is: https://hanami.run and I’m the founder.
But any email service that give you visibility on why and how it reject and email will help you solve this kind of problem in future.
But at this point, it’s late and I think just try to reach out to their support on twitter directly? I think Cloudflare support is usually good enough. They probably has a massive support request to deal with anyway.