Re: user-whitelisting
You don't even need a domain, just use plus-form addressing. Say you are G2@gmail.com.
Tell El Reg you are G2+elreg@gmail.com. Tell Tesco you are G2+tesco@gmail.com. Tell your bank you are G2+53CR3T@gmail.com.
All of those will find their way into G2@gmail.com and all you have to do is filter them. And if you get spam to one of them, you know which one leaked.