i too, run my own mail server. i also run my own dns server. the email addresses i generate for each vendor i deal with also live in their own unique mail subdomain, meaning the subdomain has its own mx record. so, for vendor X, i will give them an email address of email@example.com and will create an MX record for x.example.com. i never share that address with anyone except the vendor, and i rarely will ever send an email from one of those addresses. over the years this scheme has served me well in stopping spam.
since there are no other email addresses in that vendor's mail domain, if i do start getting spam i can just delete the mx record and the mail domain. and if i do start getting spam i know that the vendor has shared my info, or their systems have been compromised.
i used this scheme for several years and never received a single spam email. that was
the major problem for me when this happens is that it's a time sink to really do anything about it. it's very easy for me to delete the subdomain and mail address and then create a new one. but getting the vendor to even acknowledge an issue (let alone getting assurance that something is being done about it) is time consuming and frustrating.
they do have some legal obligations when their systems are compromised; public shaming them into action seems to me to be the easiest for the consumer.
(for one of the instances where this happened to me, you can visit my rant blog at http://caringcostsextra.org/2011/01/20/ewiz-com-superbiiz-com-user-data-hacked-and-compromised/)
"To do this while supposedly being concerned about privacy is beyond me"
can someone point me to the article where the GSM Association was outraged when it learned of the illegal wiretapping program which the carriers happily participated in as agents of the u.s. government? i'm sure they protested that, right? riiight?
caring costs extra(sm)
People are always available for work in the past tense.