i too, run my own mail server. i also run my own dns server. the email addresses i generate for each vendor i deal with also live in their own unique mail subdomain, meaning the subdomain has its own mx record. so, for vendor X, i will give them an email address of x@x.example.com and will create an MX record for x.example.com. i never share that address with anyone except the vendor, and i rarely will ever send an email from one of those addresses. over the years this scheme has served me well in stopping spam.
since there are no other email addresses in that vendor's mail domain, if i do start getting spam i can just delete the mx record and the mail domain. and if i do start getting spam i know that the vendor has shared my info, or their systems have been compromised.
i used this scheme for several years and never received a single spam email. that was ... until 2007, when td ameritrade's systems were compromised, and most recently just a few days ago when i received spam to the account i had created for dropbox. (there have been several other cases in between.) i sent two emails to dropbox and contacted them via two separate web forms but have heard exactly zerozilchnada from them.
the major problem for me when this happens is that it's a time sink to really do anything about it. it's very easy for me to delete the subdomain and mail address and then create a new one. but getting the vendor to even acknowledge an issue (let alone getting assurance that something is being done about it) is time consuming and frustrating.
they do have some legal obligations when their systems are compromised; public shaming them into action seems to me to be the easiest for the consumer.
(for one of the instances where this happened to me, you can visit my rant blog at http://caringcostsextra.org/2011/01/20/ewiz-com-superbiiz-com-user-data-hacked-and-compromised/)
