I've been tackling this very issue for past 12 years and will try to share as much insight as I can and possibly give solution that proves to be most effective at reducing spam and false positives to near zero.
Where spam comes from?
First it's important to understand where spam comes from and how it reaches one's mailbox to be able to effectively fight it. Perpetrators aren't humans they are bots and if you want to send someone something, you need to know where you can reach him. Huge majority of spam bots operate on recipient databases, those come from web scraping, database breaches and dark web.
So what needs to be done?
It's paramount to avoid being a target. Deny spam bots knowledge of your email address. If your address leaks you need to be able to permanently plug the leak without disrupting the service.
Filters? Nope ...
Assumption that you can effectively filter spam based on its content, sender or any other meta info is wrong, you can't. You'll miss whole lot and even mistakenly flag many that aren't spam essentially dividing inbox into two folders where both need to be regularly checked.
What about SPF, DKIM, DNSBL? Useful but ...
SPF and DKIM aren't exactly anti-spam, they make sure sender is who it claims to be. While they bring order into service, have no drawbacks and make lives little harder for spammers, they aren't solving the rampant spam problem.
DNSBL is applying concept of collective guilt, if there is spam coming from IP address whole address is blocked. While it may sound like a way to put stop to spammers, it affects regular users who are often blocked just because abuser used same service. This can affect millions of innocent users and turn to be worse than spam itself and only a handful of private companies hold all the keys.
Machine learning, algorithms? Humans error ...
Email hosting service providers train their algorithms based on user interactions. But this isn't solution either. I've seen coordinated attacks on companies where users subscribed to their emails and abused flag as spam reports to get this company on the blacklist. Others decide what is and isn't spam for you. While it may get a lot of spam offloaded to spam folder, it's still open to abuse and you are stuck with established brands who scan all the emails.
How to tackle the problem? Take matters into your own hands!
You have to create your own domain and either host mail server yourself or find suitable provider. With your own domain and proper hosting, you get clean slate and can use infinite number of aliases, basically unique addresses that lead to one same mailbox. With aliases you can provide every recipient/service with uniquely different one and if this alias ever starts receiving spam, you'll know who leaked it and you can safely block it from receiving emails ever again. If you feel like trying your luck again you can generate new alias for service that leaked it and keep receiving email from them. There are two possible methods to use aliases.
Convenient
You can define catch-all mailbox, then any email sent to your domain no matter the alias will land in inbox (whatever@mydomain.tld). This lets you to freely register on sites and never bother with setting up anything. If alias leaks you use filter to blacklist it. Drawback is that if your alias leaks to wrong kind of spam bot you may still be target for dictionary attacks (like info@mydomain.tld or abuse@mydomain.tld).
Bullet-proof
You don't use catch-all, but instead define each alias manually (through administration or API). To avoid dictionary attacks you generate random hash like g230njc1jsdg06@mydomain.tld and register or share this to one service or person. Generate new one for each recipient and store them in password manager (you should already be using for random password generation). Each alias can be thought of as secret passphrase that permits people to send you email and if it gets abused this access will be revoked. This is 100% efficient way to prevent spam and you don't need any spam folders or filters. All emails are legit unless there is alias leak to which you have all the tools necessary for a fix. You simply remove this alias from usage with one or two clicks.
PS: Owning a domain also means your email address is your own, you can transfer to different hostings as you please while people using someone else's domains like gmail.com are locked to specific service and email address is not in their possession, they are only permitted to use it while certain conditions are met.
