What you can do with email is move the problem to your most secure account or to an account that you know how to recover under essentially all circumstances.
As I mentioned before that it's just convenience. SMS based authentication is flawed and is also prone to SS7 Attacks but people just do it because it's simple. Nothing in the world is hack proof
This just moves your security issues to another account.. how many layers of recovery email address are you willing to go before hitting the end?