Most of the spam is done by third party websites that “sell” services. It is against the terms of use, but most are compromised accounts.
Having an Auth does a lot to prevent an account from being stolen and used to advertise.
Blizz can’t reach most of those websites legally, given the countries they are in.
Requiring an Auth not only keeps an account secure, you need a valid contract cell phone registered in the same country as the account address to set it up. Changing a country on an account requires providing proof to CS.
So if someone in EU compromised a US account and then tried to set up a cell phone auth on it, that would not work.
It is not bullet proof, but it should cut down a lot on the spam we see in Group finder.
I am hopeful it works as intended.