Google now requires new Gmail accounts to send an outbound SMS from your phone via QR code, blocking virtual number services like SMSpool.
Key Takeaways
Registration flow shifted from receiving an SMS to sending one outbound, making virtual/VoIP numbers ineffective.
Services like SMSpool are explicitly blocked by this change; privacy-focused users lose their primary workaround.
Buying pre-made Google accounts secondhand is the most cited alternative, but carries unknown account history risks.
Google frames the change as anti-phishing/anti-spam, and the original poster acknowledges it raises the barrier even if not impossible to circumvent.
Hacker News Comment Review
Commenters note the friction affects legitimate small-business and privacy-conscious users more than determined bad actors, since bulk Google accounts are already sold on gray-market platforms.
One commenter used the signup friction as a live argument to steer a small business client away from Google Workspace entirely, citing downstream lockout risk.
The phishing-via-Google-infrastructure angle surfaced as a separate concern: Google tolerates phishing emails hosted on storage.googleapis.com, undermining the security justification.
Notable Comments
@dvh: Points out Gmail phishing emails actively use Google’s own storage CDN, questioning the security rationale behind tightening registration.
