I feel like this particular issue happens most often when one uses a catchall, as spammers like to try common usernames and this setup will allow all of them to be received.
In those cases, I found that it helps to use an obscure subdomain that doesn't have a website attached to it (e.g. mailus.example.com).
In those cases, I found that it helps to use an obscure subdomain that doesn't have a website attached to it (e.g. mailus.example.com).