I've been running catch-alls on multiple domains for a few years now, and haven't had too much trouble with spam. Most of my domains get almost no spam at all (at least not that get through my spam filters).

One of my domains used to get a lot of "obvious address" spam like nerd's examples above. Those were easily blackholed and I now get almost none of it.

Another of my domains (the one I use the most) has been trickier to control, because some spammer decided to use randomly generated usernames (vxwed@mydomain, oiuwre@mydomain, etc.) as the "From" addresses on his spam, so I was getting a lot of backscatter (bounced messages that I never sent in the first place). My e-mail provider upgraded their spam filters to provide better filtering of backscatter spam, but a tiny bit still sneaks through in fits and starts. It's not enough to outweigh the usefulness of the catch-all, though, so I'm sticking with it for now.