Blockchains are open and permission-less. That means that anyone can send you a NFT without your permission, and see what NFTs you own without your permission (see my post on blockchain incentives). Think of email – anyone can send you an email, but the difference is that now anyone can read your inboxes. Adding more complexity to the story, receiving an NFT counts as a taxable event.

Instead of the anti-spam systems that services like Gmail have implemented, blockchains rely on transaction fees. In fact, Bitcoin actually was inspired by an email anti-spam algorithm called Hashcash (1997). That system used proof-of-work (e.g., mining in Bitcoin) to compute a header that was sent alongside the email. Spammers would have to waste many compute cycles to send mass spam.

I don't think this is an unfixable flaw in blockchain systems, but something that will inevitably be fixed. It might be done on the client-side (you receive them but don't see them). It might be done in the protocol (encrypted NFTs, or some mechanism to "receive" them). It might even be done at a new layer of centralization (centralized anti-spam custodial services or infrastructure).

My guess is that Occam's razor applies – the solution that requires the fewest moving parts will win. How soon this becomes a real problem (and how soon these decentralized protocols can respond), I'm not sure.