I was wary of this thread showing up on HN because I felt I was a bit unkind when posting in that thread, but Chris' comment towards me seemed completely unjustified. And he deleted a prior post along the same lines, hence why I quoted him on my next post.
I also use unique addresses for every site, and while my Dropbox email wasn't compromised, I've occasionally gotten that response from tech support elsewhere.
You mean that tim-somespecificsite@mydomain.com was randomly compromised, but NO OTHER random email was mailed to me? No, that's not how spammers work. If they'd decided to spam tim-*, I would have gotten hundreds of emails...sigh...
That is just awful, and is an awkward example of why you may not want unpaid, mostly un-vetted volunteers as the public face of a company.