What happens when the emails fail (like spam folder)? I remeber a thread here on HN on a number of projects where they dumped email link sending as a login method for various reasons and complications. Have you face any challenges as well? If not what's your secret sauce? A better email provider? Would love to know.

Email Provider is a big one - particularly following best practices like DKIM.

Use a large managed service like Postmark or Mailgun. Use AWS SES/roll your own at your own peril.

Worst case, the user doesn't get the email, and uses OAuth (majority of my target audience - agencies - use GSuite).