> you can use emails as one-use affairs [..] what's the point? It only saves you from journalists, not from a motivated attacker
Can you explain this claim?
If you generate your single-use email addresses wisely, then you should know that the one you gave to - say - Marriott should only ever receive emails from Marriott.
If - say - Marriott gets hacked and that particular one of your many different email addresses leaks, then:
a) you'll find out that address is burned just as soon as anyone other than Marriott uses it (you immediately generate a new one, give it to Marriott, and stop accepting any mail at all on the old one)
and
b) if anyone other than Marriott uses it, you know immediately that that message can't be legit.
c) chances are that all your incoming phishing traffic will arrive at mismatched addresses. Makes it even harder to fall for it in that moment of mental blackout.
No-one would know that you+BankCo@example.com is an email address you can even be reached on, unless it leaks out from BankCo.
ADD: and of course, you aren't really going to stick +BankCo after your real name to generate an email to use with BankCo. You're going to give them something generated like you'd generate a password - "ol48eILm@example.com" or similar - so if anyone finds out that particular email address for you it doesn't tell them with whom you use it.
Can you explain this claim?
If you generate your single-use email addresses wisely, then you should know that the one you gave to - say - Marriott should only ever receive emails from Marriott.
If - say - Marriott gets hacked and that particular one of your many different email addresses leaks, then:
a) you'll find out that address is burned just as soon as anyone other than Marriott uses it (you immediately generate a new one, give it to Marriott, and stop accepting any mail at all on the old one)
and
b) if anyone other than Marriott uses it, you know immediately that that message can't be legit.