Well as u said these companies get the details from the record WHOIS, this has been around for while now few years in fact, soon some 1 register a domain/s start to get these emails shortly after even some have said recieving Cold Calls to their phone number.
Can happen to any who simple register domain/s without the WHOIS Privacy.
So yeah get "whos guard"

Our clients get these annoying spam emails too, some within hours of registering a domain on our site. So how is it possible for these spammers to gain access to newly registered RSP domains. Yes, they can use a WHOIS search top get contact details - but how do they know what domains to search? They are getting a list of newly registered domains from somewhere?

My point exactly, how do they know which domains are newly registered and to target them?

It seems they are using the "services" from the likes of https://www.whoxy.com/newly-registered-domains/

Surely this is total violation of the WHOIS terms and conditions?

There are many ways to get newly registered domains and their info as clivejo wrote some buy it, others use some kind server sc****rs or something like that to scrap information.

Is there any way to combat this?

I got a phone call this morning from some guy claiming that my domain is expiring and I had to pay him to renew it! Such a pack of lying scum they are. I couldn't even understand half of what he was saying, sounded African to me, but I'm not sure, very broken English with a strong accent.

yav0r that company I added in one of my posts sells the entire WHOIS records as well. How can they do that? Isn't that a breech of ICANN rules?

This only feels like a recent thing, like only in this past 2-3 months. I wonder what was changed :/

I only skimmed this thread so sorry if I'm repeating some things other have said already....

While this may be new for you, this has been a problem for me for a decade or so. Not with RSP, but just with registering domains in general (I have never actually registered a domain with RSP yet). I not only get spam emails but I also get junk mail and telemarketing calls (for business related products/services).

The only thing that I found that severely lessens this problem is whois guard, which is why I only register domains with companies that offer free or extremely cheap whois guard. I say "severely lessen" instead of "stop" because once you register your domains unprotected, you will always get spam/junk mail/telemarketing calls because your info has already been s-c-r-a-p-e-d and put into databases. But getting whois guard and keeping it eventually does really lessens it. The key is to never let the whois guard expired.

HOWEVER:

If you are inundated with spam and phone calls from your whois info and you want to STOP them altogether, you basically have to start over by using a new email address and new phone # for all you domain regs and making sure you use whois guard from the get-go and never let it expire. Obviously we all know how to get a new email address, but to get a new phone #, just go to Google Voice and sign up for a free account. You will be given a free phone #. This is NOT against ICANN rules because you are not giving false info, just new info. No one can force you to answer any calls made to the phone # listed in your whois info. Just let it go to voicemail and you will get notification of it and check whenever you like. Most telemarketers never leave messages anyhow. Most of my telemarketing calls made to my google voice come up as "missed calls" so I waste no time as there is nothing to listen to...just delete at my leisure.

This will not stop any junk mail since you can't really change your address unless you get a PO Box or other similar service, which is too expensive with little benefit (assuming do don't otherwise need one anyway), but the junk mail is very limited anyhow. Basically the only domain related junk mail I get is from unscrupulous domain registrars that send me fake invoices telling me my domain is expired and that I must pay the invoice (usually $30-$300) to get my domain back. LOLOLOLOL! I even get these invoices for domains I haven't had for a few years. That's because they got my info from a database that s-c-r-a-p-e-d my info when I did not have whois guard. No biggie. I can spot them a mile away. I don't usually open them - they go directly to the shredder. But sometimes I do open them up just to get a kick out of it, then I let the shredder have a good laugh.

I had to spell s-c-r-a-p-e-d that way because the spam filters would not allow the word LOL