I used to require a "+..." on all emails. Any email that didn't have the "+..." was sent to Spam automagically. My family were whitelisted. I gave up, because too many websites (early on) refused to take the "+..." marker, so I ended up losing too much to Spam. It's easier to just let Google sort it out.
Not everyone's cup of tea, but quite nice if one can afford it: I have my personal domain and a catch-all inbox. So if I want to register at acme-co.xyz I will just use acmecoxyz@my-domain.tld
Maybe I should start using random words though? Wonder if someone will go bananas seeing their brand's name on my domain.
Yeah, I've had to explain that a couple times already, usually when dealing with customer support or in-person registrations.
And a "malicious" actor can get away with pretending to be another company by spoofing the username if they know your domain works like that. I don't think this has reached spammers' repertoire yet, but I wouldn't be surprised.
Eventually I'd like to have a way of generating random email addresses that accept mail on demand, and put everything else in quaraintine automatically.
Actually, I am surprised _any_ spammy website these days would even honor the part after the +, and not just directly send to the real mailbox name.