While pdf 0days do exist, they're patched fairly quickly once known and therefore attackers are likely not going to waste them on non-targeted attacks. Assuming you keep your software up to date and aren't a high value target, you probably don't have to worry about pdf 0days. The spam you're getting with pdfs are likely using pdfs because it's easier to evade spam filters, not because there's a pdf 0day embedded inside.