I think that nowadays most spam lists come from data breaches and address-collecting malware. It's cheaper than running a bot to scan the web for addresses. We get spam on addresses that were never published online.
I think so too. And I think the majority of data breaches that have lead to spam for me are from ages ago, from random services I signed up for as a teenager.
For a few years after that I did the "+" Gmail alias thing, to try to filter and catch companies. But I realised that's easy and obvious to strip, so it wasn't worth the effort (although I have caught PayPal leaking my email somehow).
Don't, there are many smaller email providers that will take that load off your shoulders for a small fee. I've been using purelymail and have had good experience with it, and heard good things about migadu and fastmail. The latter two are more well known and better staffed, but also expensive.
I've been using similar aliases for years (paypal@domain.tld, ebay@domain.tld, etc), but make sure you have a contingency plan for when you're no more. I've received lots of account info from previous owners of the domain by setting up a catchall mailbox. We will obviously not care, but when someone takes over your account, they might use it to do harm to others (spam or fraud or whatever else).
>Sounds good! I might go even further and just use a custom address for each service, i.e. paypal@example.com or something.
Which is exactly what I do. As soon as I see spam sent to any particular email address, I know who it is that leaked the address and I can block it without issue.
>But self-hosting email is an adventure I'm nervous to embark on.
Why are you nervous about it? I've been doing so for decades and haven't had many issues at all. There are a bunch of all-in-one solutions like mailinabox[0] (I roll my own, but as I said, I've been doing this for decades) and others which would likely make things simpler for you. Go for it! You won't be disappointed.
Anecdotally, sending mail to example.com from example@mydomain.com can cause a whole host of human-factors problems which can be eliminated with something like RaoulPtoExample@mydomain.com.
