Speaking of such (which is a valid concern) I always use a nice feature from gmail which gives the ability to append +anything to your username. Mail will be forwarded to your inbox as usual where you can apply filtering to know whom as leaked your email. Hence you can use username+foobar@gmail.com while registering for foobar webapp.
This assumes that foobar webapp accepts + as a valid email local part character which is not always the case unfortunately (and against RFC) but that is another story.
Simple solution: give everyone address with "+suffix", and mark as junk any mail without it.
For stubborn services who don't accept "+" in email addresses use unique redirect aliases.
(Also, IIRC, Gmail ignores dots, i.e. "j.random.user@gmail.com" and "j.r.a.n.d.o.m.u.s.e.r@gmail.com" is the same address. Chose a canonical one with a dot somewhere, and filter the rest with exception for legimate senders.)
You can hide the + portion of a Gmail address behind redirects and forwards, if you feel so inclined. It's a lot of work, but it does let you use the "deliveredto" operator in Gmail to automatically sort and discard spam like that.
This assumes that foobar webapp accepts + as a valid email local part character which is not always the case unfortunately (and against RFC) but that is another story.
Just sayin