> If the idea is to stop some sort of massed emailing or posting or whatnot, using TOTP as a requirement to take those actions would slow that down to once every 30 seconds-
No, it wouldn't.
If the service required a TOTP code every time an account wanted to make a post (which would be absurd), that would prevent each account from posting more than once every 30 seconds. But, even if that were desirable, it could be accomplished much more easily with a server-side rate limit.
A spammer has access to many accounts, and would easily be able to generate a TOTP code for each one of them every 30 seconds. TOTP is not a rate-limiting feature, and provides absolutely no benefits here.
No, it wouldn't.
If the service required a TOTP code every time an account wanted to make a post (which would be absurd), that would prevent each account from posting more than once every 30 seconds. But, even if that were desirable, it could be accomplished much more easily with a server-side rate limit.
A spammer has access to many accounts, and would easily be able to generate a TOTP code for each one of them every 30 seconds. TOTP is not a rate-limiting feature, and provides absolutely no benefits here.