I don't know how to stop the bleeding once your email is out in the wild. Here are some approaches I've taken, and some you might be able to take.
Beginner:
Use Gmail; they have pretty good algorithms for detecting spam. Additionally, use a unique email with the + sign. For example, roadrunner53+mrmoneymustache.com@gmail.com is a valid email address. When you start getting spam sent there, you can easily filter it
and you know where it was compromised. The only drawback is that some stubborn companies go out of their way to prevent you from using this technique, and really clever spammers might adapt and drop the +... part of the email anyway.
Advanced:
Get your own custom domain and adapt the above strategy to a higher degree. There are a variety of options out there, but I picked this link off the top of my search results:
https://digital.com/blog/create-email-using-gmail/You set it up so that you have a single "catch all" account that gets all emails sent to that domain name.
My own technique was the above; I got Google Apps for Business back when they had a free tier; now it's GSuite and you'll have to pay if you go this route. I still pay ~$12/year for my domain name. I use a new BusinessDomain.com@MyDomain.com email for every single account I create. I can tell what accounts have been compromised (or if my email was sold) and can easily filter or block emails that start to get spam. (I actually create "honey pot" email accounts in GSuite and add bad aliases to them so that they go into a black hole.)
Still, sometimes someone puts my
personal email into some online web site like a quiz or something, and it ends up getting little dribbles of spam. But Google's system usually detects these, and it's a lot less painful than if that same email was used everywhere.
Bonus: Using the above techniques for accounts helps in the case of compromised databases; they don't get an email address that can be re-used anywhere else as a key in authenticating your account somewhere else. (I still strongly recommend you use a password manager such as
BitWarden and use a strong, unique password for every account.)