Having WHOIS privacy in place – which is added by default at registration for all domain extensions that support it – is a huge step in preventing unwanted solicitation and emails. However, per ICANN policy, domain owners have to be reachable by email at all times. This is why emails can be forwarded to you even with WHOIS privacy in place.
There are legitimate emails you need to receive, e.g. for domain transfers, WDRP notices, or any complaints.
Unfortunately, spammers also monitor the public WHOIS constantly, so new domain registrations can trigger these messages, which can get forwarded to you along with legitimate notifications.
If your email hosting provider filters out the spam, and all the big providers like Google, Yahoo, Microsoft, etc. should, there isn't much to worry about. If you've set up your own hosting, you may need to train your spam filters.
As noted, having WHOIS privacy in place is the best protection to prevent your personal information from being harvested. Additionally, each privacy email address that's being used in the public WHOIS is unique, which is better than having your personal email address associated with every domain name.