Hi Joe,

We have the same problem with our development instance.   I had opened a ticket with HI and this was the response I received.

By default, Service-now does not filter out emails in our email servers, as each company has their own email requirements and we would not be able to create a specific enough set of rules for this.

Customers can add SPAM protection at the ServiceNow application level. We recommend the following two solutions:

1) Email Filters
Email filters enable an administrator to configure specific email filtering preferences by using a condition builder or a condition script.
SPAM Assassin: Moves email identified as spam to the Junk folder.
http://wiki.servicenow.com/index.php?title=Email_Filters

2) Adding conditions to your inbound email actions to prevent processing.
Administrators can prevent users from untrusted domains from triggering inbound actions. For example, you can prevent email from users outside your company domain from creating incidents.
http://wiki.servicenow.com/index.php?title=Inbound_Email_Actions#Preventing_Untrusted_Users_from_Tri...

If you want to enable SPAM protection before the ServiceNow application level please read below.

The wiki page for Configuring Email discusses spam filtering.
http://wiki.servicenow.com/index.php?title=Configuring_Email

To see how customers can add a spam filter while still using our hosted servers see: Standard Email Configuration Using Your Own Address or Domain. The diagram shows where we would expect customers to implement a spam filter for mail before reaching our mail servers.
http://wiki.servicenow.com/index.php?title=Configuring_Email#Standard_Email_Configuration_Using_Your...

Also, the Next Steps section mentions, "Implement a spam filter to restrict unwanted messages sent to your custom email addresses."
http://wiki.servicenow.com/index.php?title=Configuring_Email#Next_Steps

I understand spam emails can be a problem, but by using 1 or more of the suggestions above you should be able to minimize their impact.