I already am in that situation. Like onions and Ogres, my email defense is in layers.
1. Specific known compromised TO addresses are sent to devnull.
2. Specific FROM senders are whitelisted.
3. Three or sometimes four heuristics engines evaluate. If any of them pass the mail, it goes to a separate new-senders inbox. I thus get maybe a dozen spam messages per week in that box - and five figures of messages rejected.
I used to tweak it a lot, now I just occasionally add another FROM address to the whitelist.
Someone did this with my main real world Gmail address. I am still fighting it by periodically dropping from the spam lists I was recently added to.
We need a law that just like you are required to let people drop from a mailing list, there's a law requiring one ack or click on a link to join a list. I always get on legit lists that will stop once I request. But in a month I get 100+ new lists often sending me 10-50 messages a day.