Use the “passwords” feature to check if one of yours is compromised. If it shows up, never ever reuse those credentials. They’ll be baked into thousands of botnets etc. and be forevermore part of automated break-in attempts until one randomly succeeds.
I hate how many places don’t allow for + aliases. I want to know who leaked my email.
No + required. There are hundreds of companies offering aliases using their shared domain.
At the same time, it is trivially easy to strip a + alias, so I’d not trust it to do anything much at all.
Even if your alias is leaked they can remove the + part and it’ll lead to your original email without aliases. They probably do some data formatting on emails to no get caught so easily and obviously.