[rbut]

I've used <site/company>@domain.com for many many years and never had someone do that.

Spammers simply obtain lists of emails through hacking or purchasing them and then spam them, they don't pick a particular address and modify it.

[zfa]

Spammers who just blast stuff out won't do it, I'm sure.

But as a counterpoint it literally happened to me to me years ago when I used to use name+<service>@exmaple.com. I got cold emails to 'name+paypal' despite never, ever having used that localpart. I've no doubt it was absolutely targetted and not a hit-and-hope spamblast but it was enough of a wake-up call for me to realise it couldn't really be relied on.

[Ringz]

I’ve been doing this for years and have never had any problems with it. It is more likely that generic emails will be generated if you have a domain that is also present as a public website on the internet.