Or, better yet, use subaddressing, also known as plus addressing. I use a different subaddress for every merchant site I buy from and keep track of it all in keepass (along with unique random passwords for each). When I start getting spam to that address, I change my address on the site and move on. Some places, like AliExpress, don't allow plus signs in email addresses, so I configured my mail server to also use the underscore as a sub address delimiter. It's a good thing, since AliExpress is particularly bad for this. I'm up to address kurt_ali4 now there. Each time I happen to buy something from a bad apple vendor where I forget to check uncheck the "allow merchant to see email address" box for, I increment my subaddress suffix, redirect the previous one to my spam folder, and the flood of spam abuptly stops.
So, to summarize, subaddressing + keepass are your friends for dealing with <strike>state-sponsored terrorism</strike> merchant-supported spam.