Over the last 18 or so hours I've gotten at least 7 dark web monitoring emails claiming my email and password are on the dark web.  Scans of my password data base indicate none of the combinations are close to anything I use.  It is a travesty that web sites, including commerical ones that allow electronic payments, are still forcing users to sign up for an account using an email address.  I've tried using "fake" emails that forward to one of my valid email addresses but many web sites block the use of forwarding addresses for account credentials.  Anybody have any ideas?

Why am I getting notification from a breach that happened several months ago?
The dark web is where stolen information, such as bank account numbers, and credit card numbers, are sold. The information sold or traded can be in the form of "lists" which can be old, and could even re-appear several months, or years following an exposure of the information. Every time the information reappears or resurfaces on the dark web, you are likely to be notified.

"Exposed" information does not necessarily mean that your account(s) have been hacked. Given that these lists may be old, it is entirely possible that your login details associated with the website/service in question are no longer current. You may have already changed a password, deactivated your account or unsubscribed from the website or service. Sometimes breached sites deactivate exposed accounts, as well, which may make it difficult to remember or identify an account as belonging to you.

https://support.norton.com/sp/en/us/home/current/solutions/v133398194 

What is a Baseline Notification?
When you enroll, we run a one-time historical dark web scan looking back to 2008 to determine if the information you provided us has been previously exposed. If we find exposed information, we notify you. This is known as a Historical or Baseline Notification.

How often are the scans of the dark web performed? How current is the data that is found?
With our ongoing algorithms, we notify you when we find information that may belong to you on the dark web.

https://support.norton.com/sp/en/us/home/current/solutions/v133398194 

Update your financial accounts, mailing address, and other personal information for Dark Web Monitoring*
You can update or add your financial accounts, mailing address, and other personal information at any time by signing into your Norton account. Dark Web Monitoring powered by LifeLock monitors this information on the surface, deep, and dark web and notifies you when your information is found online. So, stay secure by keeping this information complete and up to date.
You can add the following personal information:

https://support.norton.com/sp/en/us/home/current/solutions/v126234485

FAQ: Dark Web Monitoring* powered by LifeLock
https://support.norton.com/sp/en/us/home/current/solutions/v127344370

Check the email addresses from this Norton article. If its not listed they're not valid in the first place. 

SA

I agree that userids should be just as confidential as passwords.

I never use my email address as a userid unless it is forced upon me by the site. My userids are as random and as long as my passwords and if using a password manager to fill then it is completely transparent to me. Sort of like having two passwords to login but it requires zero extra time to do so.

Many financial sites stopped using email addresses as userids a long time ago. I know some used to use social security number as the userid! So maybe things are moving in the right direction.