While this generally works as a way of filtering that one company if needed, it doesn't protect against spam when if they have their mailing lists stolen (or selling them is BAU), and many spammers know about this and will send to the base address instead.
Unless you automatically file anything without +something as junk, of course.
I apply labels and `skip inbox` via Gmail filters automatically. It's probably the one redeeming quality of Gmail at this point and is what keeps me using it so that email can be processed prior to it sending a push notification to my devices.
With that said, it's a niche use anyway, stick to the catch-all on your own domain whenever possible, and for anything else, it's a fringe case anyway.
Unless you automatically file anything without +something as junk, of course.