Since you asked, this is simply “one person’s opinion” … they may not be practicable by all users, or easily “transitionable” by those with long e-mail histories.
1) Use a non-Apple e-mail provider which YOU control. This allows you to continue to communicate if your AppleID were to somehow become inaccessible to you.
1a) This non-Apple e-mail provider should be VERY secure and reliable; with support for phishing-resistant, crypto-logically based MFA.
1b) The e-mail provider should provide for multiple aliases.
1c) Keep your “actual” email account address closely-held; known only to you and your e-mail provider. Use aliases for everything else.
2) Keep the eMail alias used for your AppleID “out of general circulation” … using it ONLY for your AppleID. This reduces your attack surface exploitable by AppleID scammers.
3) Use other e-mail aliases for day-to-day dealings. Again, if the scamners don’t know your “real” e-mail address, you’re less vulnerable to an account takeover. (it also allows you to more easily “throw-away” an address which has been “leaked”
or become a SPAM-target)