I would recommend formulating your threat model before doing anything else. There is a lot of materials on the topic on the world wide web, but for starters, ask yourself and answer the question, what information about yourself would you like to keep secret and why.

Again, before anything else, subscribe to an email alias service - maybe there are free ones out there too, I don’t know. This way, you don’t have to share your real email address and you can turn off or even delete that attack vector at anytime.*

Finally, regarding Bandcamp, I have never uses it myself so my understanding of your situation is poor to say the least, but are not able to simply save the links in a text file? Again, I’m not trying to play down the situation, I just don’t understand it.

*This is basically what I do with almost all my services that need registration: I give them an email alias, a randomly generated cyberpunk name and create a 30 characters long password with a password manager. The only services where this doesn’t anonymize you are those that require your payment information, which is often tied to your real identity. Had I been living in the US, I would have used those anonymous prepaid debit cards that work like email aliases, but for your debit or credit cards.