That's a good step, but it has drawbacks (like some websites refusing them). I just got my own domain and enabled catch-all, so now I just put [website-name]@[mydomain.com], which is never refused.
Also, if they happen to sell to spammers, I'll know exactly who it was, whereas with that scheme they can simply remove the \+.* part.
If you use Google Apps for Domains, it's in the management panel. There's probably something similar for most hosting accounts. It's basically just a "forward all uncaught email for example.com to admin@example.com" rule in the postfix/exim/etc setup.
Sadly, most developers use some sort of ridiculous email validation that doesn't allow the plus sign.
Worse than that, I've encountered several sites and newsletters that allow the plus sign when you sign up, but their unsubscribe URL breaks (presumably due to some escaping/encoding mismatch), preventing you from unsubscribing.
I have seen sites like meetup.com that disallow the "+" sign for spam reason. Instead of having proper spam detection and filtering they just added arbitrary rules like that.
I actually learned about that one recently as well, but haven't had much luck actually using it to filter. I think my problem stems from not having an accurate record of what services I've used that technique with and which I haven't. :)
LinkedIn are terrible. I have tried half-a-dozen times to stop getting their stupid "Top Headlines in Computer Software" emails (which I never subscribed to), but I can't find the "don't send me any more emails" option anywhere in my preferences.
Sometimes this doesn't work, though, which is annoying.