Still, after some time they are so filled with spam that there is no way to use them further.
If the email accounts only purpose is for bounties and airdrops I wouldn't care too much about the spam that is being sent to it. Just don't connect it with anything of importance.
Only pass kyc if your sure on the project where you pass your private documents.
It is impossible to know what ulterior motives a company who is asking for KYC has. Do they need it to comply with regulations, do they want to sell your data on the black market or even try to abuse the info and steal your identity?
Projects who look clean and trustworthy can change over night if their intention was to gain their users trust and go out with a bang.