There are legitimate emails you need to receive, e.g. for domain transfers, WDRP notices, or any complaints.
Unfortunately, spammers also monitor the public WHOIS constantly, so new domain registrations can trigger these messages, which can get forwarded to you along with legitimate notifications.
Our upstream partner has also recently upgraded their filtering with a more developed scoring system for emails, which should help with spam getting through as well.
If your email hosting provider filters out the spam (all the big providers like Google, Yahoo, Microsoft, etc. should) there isn't much to worry about. If you've set up your own hosting, you may need to train your spam filters.
As noted, having WHOIS privacy in place is the best protection to prevent your personal information from being harvested. Additionally, each privacy email address that's being used in the public WHOIS is unique, which is better than having your personal email address associated with every domain name.
If you have any further questions, please let us know.