I have run this for years with very little problems. And I can honestly say that have not found anyone writing to addresses I did not give them at their domain. Simple as this is, it is way to niche for companies to figure it out and exploit it. And if that really was a problem I'd just create a new subdomain.

If you are worried about privacy, get a domain just for this. Use domain privacy and dont host other things there.

Yes, some sites whitelist domains or dont allow subdomains. For those I'll use another account - or a firefox alias or something. But 9 out of 10 work fine.

I am not a fan of alias services since materializing names takes discipline. How many do you make? Maybe there is a limit of 50. When do you share them across services? My guess is many people just create 2 or 3 aliases they use for everything - which defeats the purpose. Sure, it masks your personal address, but once one gets compromised, you find it basically served as your personal address anyway.

I also dont really keep track of most of the names I use. Since most are one time things that I would never use again, like to sign a waiver or something. But I mostly stick to '{domain}@' for the names. So my nytimes account would just be nytimes@, which is predictable when I need to recover it. I used to use addy.io for this, but it was not as good since it had account limits and I had to manually manage every alias. Much easier for me to just create a mail filter to sinkhole an old name. Of course I have never really needed to do this anyway.