"Block them - how?"
1. Get your own domain, or maybe an email provider who can provide you with your own subdomain.
2. Set up a separate alias/address for each firm you have to do business with such as your bank.
3. Every few weeks set up a new alias/address for one-off contacts and tear down the old one.
4. Each of these addresses gets directed to a single mailbox you you don't have to check all of them.
5. If any of these addresses leak you can tell which one. Be ruthless about tearing down the address because it isn't going to affect the rest of your email. If the correspondent gets in touch by some other means to complain make it an educational opportunity. Or change supplier.
6. It also helps to spot the fakes. If banking phishing mail doesn't come addressed to your banking email address it's immediately obvious even if they've hit the right bank name by accident.
This deals with most situations. There are exceptions. Amazon, for instance, seem to insist that communications from market place vendors go through themselves whilst others don't have that much wit. Paypal is one such. They pass the purchaser's email address to the vendor. Most don't spam but one or two do. What makes that particular situation doubly bad is that the email address is also the logon ID; that's right Paypal hand half the customer's login credentials to every vendor they buy from. Maybe there's an el Reg article in that?