If you take an email address like my iCloud account, it’s krypted@me.com. If I take the username and add a + at the end I can then type some characters and put it all in front of the @ and domain name then the mail will still come to me. So, let’s say I use it to create an AppleID for an APNS certificate. That would be:
krypted+apns@mac.com
Or iTunes:
krypted+itunes@mac.com
Or iPhone1 (or these days iPad1):
krypted+ipad1@mac.com
The only gotcha is that occasionally you’ll run into some field on a webpage that has input validation for non alpha-numeric characters. Shouldn’t be the case, but it comes up from time to time. I use this a lot. For example, rather than use my email w/ my credit card company, I can use krypted+SOMECOMPANY@me.com and then I can create filters in Mail a little more easily for mail that comes from them. The best part about that is that it then shows me really easily who is selling my information that shouldn’t. For example, you’d think SOMECOMPANY gets enough $ out of me as a paying customer, but apparently not because they’ve sold my email address to at least 3 or 4 companies.