Cloudflare has a catch-all option that you can enable, but they only allow you to receive emails not send them. https://developers.cloudflare.com/email-routing/setup/email-routing-addresses/

I agree for the most part but it doesn’t entirely defeat the purpose. If someone got a hold of your password for a website it would still protect you. And let’s be honest, that’s the most likely scenario. But yes if someone got into your password manager then it’s completely game over. A scenario where having a separate 2fa device would still protect you.