I've tried to use this system in the past, but found it to be a PITA. A lot of email systems won't let you use a +. The other gotcha I get is that they use the email address as a login token (Dropbox, for example). So you have to remember a) that you used a token and b) what it was. Any suggestions on approaching these?
Even though a service might desperately want to know my personal and/or business email address, and disguise that desire with the usual "Hey, just use your email address as your login username!", doesn't mean I have to comply. Unless they're prepared to accept responsibility to disclosure of my address, I feel perfectly happy taking the required measures to minimise those risks myself - no matter what they attempt to enforce with crappy email validation or ToS requirements.
(And, although Dropbox have finally arrived in their forum-thread ~24hrs late apologising for their "community moderators" calling their customers idiots, the responses from Nathan and especially Chris only strengthen my resolve to ignore any attempt by companies/services to gain access to my personal email addresses as part of their user databases.)
I always use the domain-name minus the top level for my token. So if my base email were "david@example.com", for "dropbox.com" it would be david+dropbox@example.com. That makes it very easy to figure out all the emails I might have (since I'm essentially just remembering an very simple algorithm to generate them). Very often sites have sucky email validation that rejects "+" so I configured my system to allow . and _ to also work the same way. That way I can choose david.dropbox@example.com or david_dropbox@example.com if the + doesn't work.
I once ran into the problem where a retail site forced me to sign up before paying, then refused to accept Paypal payment from any address except the one I signed up with. Of course my Paypal wasn't myemail+retailsite@gmail.com. Very annoying.
