Sure, but from a security/authentication standpoint that won't be an issue.
Even if you have my John+ajf@example.com address it still won't help you with login in on other sites as the address used on another site is still unknown.
Yes, it is- however it could stop an automated attack where the bad agent isn’t targeting you specifically or is not a particularly knowledgeable agent. It also might help you find out where a leak or spam is coming from (eg if you get a reset password email from John+facebooksecretlogin@gmail.com, you know your Facebook email address is known to an attacker). So it’s better than nothing.
Obviously this only works if all emails to john@gmail.com and john+unrecognisedidentifier@gmail.com are rejected without notifying the recipient. This was how Yahoo's scheme worked (I never actually used it, not sure if it's still active). If gmail's doesn't, then I agree it's worthless.
then if you get any email to `j.o.h.n@gmail.com` you can filter it
Of course, they can start stripping dots in gmail addresses too, but then they'd have to be targeting gmail specifically or they'd break for most services where dots do matter.
Pretty easy reason why you shouldn't; under GDPR you don't have consent to use this email (though this reasoning is a bit shakier) and scrubbing the suffix runs afoul of spam laws in my country (if you're given an email for contact, you use THAT email, not anything else).
Isn't it elementary for a bad agent to scrub those? Your actual e-mail address (john@gmail.com) is too visible.