I've been a https://sneakemail.com/
client for about 10 or 12 years now; it's $2 per month, or only $24 per year.
It's not an email server, but an anonymizing 'front end'; for each new contact you need, it creates a random address prefixed to the *.*@snkmail.com suffix/domain, which you can preserve or delete at will. Also for each new contact you get to name it, as; 'AnyName' <*.*@snkemail.com>.
So I've got one for Paypal, as; 'PayPal' <firstname.lastname@example.org. I created the 'PayPal' title, and SneakEmail created the random, unique alpha-numeric address represented by the 'xxxxxxxxx' part.
SneakEmail receives incoming or outgoing emails, and 'rolls them over' to or from my Desktop email server, my 'core', real email address which nobody ever sees or gets.
So one day, I received a Paypal request warning me of phishing attacks and asking me to click on the attached link and log in to authenticate my account; it may have also asked me to update my password.
Believe me, I am not stupid, but the entire presentation was so 'authentic', I would have fallen for it hook, line, and sinker, except for one teensy tiny little detail; the email prefix should have been 'PayPal', and instead it was one of my other unique shopping account SneakEmail addresses. The entire come-on was true-blue Paypal, absolutely, positively, down to the last detail... ...except that the optional prefix which should have said 'PayPal', was one of my seldom-used 'any store' prefixes (ie Amazon, Ebay, 'acme hardware', and so on).
Instead of clicking on the enclosed Paypal link included in the email, I went to the Google web search page (I've since switched to 'Duckduckgo'), looked up Paypal, found their scam-phishing report email address, and reported the entire suspect email, header and all, to the real Paypal.
Within a few hours, the real Paypal with the proper 'PayPal' prefix as created by me in SneakEmail, reported back to me with a confirmation that said basically, "You're right; it's a phishing attack."
As follow-up, I went and logged into my personal SneakEmail account, brought up the phishing attack email address (which was originally created for a hijacked legit store front email address), and deleted it.
My 'real' email address, the 'core' one nobody ever sees, remains safe and confidential.