[jamesmotherway]

I came across this post while searching for something else.

This behavior is to mitigate the risk of abuse, plain and simple. Apple does not want ephemeral iCloud addresses sending out malicious content.

Yes, you can still theoretically do this with a regular iCloud email. However, it is rate-limited by the sign up process, which requires the threat actor to burn another email address or phone number (and a device ID, probably).

Use something like SimpleLogin instead. Even still, I find Hide My Email useful for Apple Pay, where I only receive transactional emails anyway.