Very much so.
Rule of thumb here is: for any serious matter use your real mail address; for everything else: throwaway one.
Very much so. At any given time there are always threats (threat models) that we dont know about and, as a consequence, are unable to (successfully) defend against. Thats because (cyber) criminals are always (well, most of the time) one step ahead of us. Thats also why AVs exist.
Thats exactly what SimpleLogin offers you to do with their aliases. To put things simple: get spam on your alias? Just disable it and you are spam free again 