My concern isn’t that spammers will strip the +… bit, but that the companies I give my email address to legitimately won’t treat it with care and respect (e.g. they’ll add me to mailing lists without my consent, sell my details, or their database will get compromised). That’s why I give a different email address to every company I deal with. Setting up a throwaway address for all of them would take time, so I have a catchall set up and have a program that checks the inbound addresses against an allowlist and a blocklist to decide whether to pass them on to my inbox. The set-up took some time but it pays off over the many years I’ve used it since: I just wish I’d had it for my entire 27 years of email history!