My solution is to have my own domain, and a little tool to create and delete email aliases. When a company asks for my email, I just give them a new unique alias. I receive spam on this alias, 1) I know who leaked, 2) I delete the alias, stopping the spam. It is transparent to my correspondents (I can reply from the alias), cuts the spam pretty much to zero, and is low maintenance. It also has a small security benefit: even if I were to share a password between websites (which I rarely do), the login (email, or login part of the email) would be different/non guessable.
I do something similar, except rather than creating aliases, I just have a catchall that sends everything to my inbox. Then, if one address starts receiving spam, I create a rule to move all emails sent to that address to spam.
As far as responding from aliases, I haven't figured out a way to do that in my mail client (Mail.app), though I am able to accomplish it in my provider's web interface.
I'm doing something similar with an Office 365 business essentials subscription (~$5/month)
my main email address only has the most important stuff while everything else I setup a shared mailbox for.
then every shared mailboxes forwards anything received to an office 365 group called Catchall which i have available on the main address and i just need to switch mailboxes if I want to reply from it (you should be able to do this through mail.app afaik).
this allows me tighter control on a case by case basis and I get all the benefits of Office365 business.
Gmail has this capability built in because you can just add +whatever to the end of the name and it's an alias to your email account, and you can block the yourname+whatever@gmail.com it as needed. Only problem is many sites mistakenly think + is an invalid char.
No overhead of creating addresses, you have an infinite address space for your account to play with freely.
You're still correct though, your solution is more secure (and also what I use). It's always possible the form you submit automatically strips the +whatever from your email silently. I believe facebook does this (at least when checking to see if the email you're using has already been registered).
The one downside I've found for this is that many email forms prohibit "+" in an address. They shouldn't as it's a perfectly valid character for an email address, but you know...devs.
I used to use the + system but ran into too many issues of it not being accepted and it seems some are smart enough to strip off the + and everything after.
I moved to wildcard forwarder on my own domain so that *@mydomain.com get forwarded to my main email account. This gives me all the tracking I want and I can ban addresses if needed.
That still gets me the zero overhead and practically infinite addresses with none of the downsides of gmail--and I can easily change my main email account as an added bonus.
I do the same thing. I also have multiple domains. I will create email-forwards to my main email addresses to use mostly for website logins and such. I don't think that level of paranoia is really necessary, but I do it anyway.
For my alias management, I wrote a script to add and delete aliases and reload the MTA. Makes it super easy to do. Long time ago I would have to go through the process of creating a fake hotmail/gmail/yahoo/etc email address if I wanted to do something similar. This way is much nicer.
I do the same thing with Gandi.net . Their email aliases solution let's you achieve the same result, while doing away with the hassle of running your own email stack.
This was my first idea, scaled up a bit. I wanted a unique email address per person - not just for when I sign up. This way if someone harvested my email address through someone else, I could just delete the alias and give that person a new alias.
Way too much maintenance. This solution is easier.
spamgourmet.com is not a bad solution similar to this.
The email aliases will forward a set number of emails, after which they go to /dev/null. You can white-list senders who you want to continue seeing emails from.
