The longer an email exists (and is used for logins and/or registrations), the more likely it will attract spam and phishing emails. It may take some time, but it will happen.
Lots of businesses lose control of their user databases, or sell the information to others. This does lead to spam emails. For examples of these breaches we have several topics on this site, the latest can be found at Data Breaches 2024 to 2025 (it has links to the previous topics as well). There is some discussion about tightening our privacy laws as well, this is being discussed by Government to help give users better protection regarding how our data is used by businesses that we give our details to.
I use disposable email addresses wherever I can, if one becomes a problem I can just block it. If the site is still important to me, I supply a new disposable address and let them know that my previous address has been compromised. Filtering (as @Gregr has mentioned) of the emails for any address I can’t change (there aren’t too many of those), stops most bad emails getting through from those.