It shurely doesn't make sense if the secondary MX is under your control, but there are many setups where the ISP or someone else runs a backup MX for his customer's domains as a service. With this configuration, the secondary MX will usually not know about valid users in the destination domain.
Therefore it makes sense for the spammers to deliver mail to the secondary MX, as they can always claim that 100% of the mails have been successfully delivered.
One possibility is to list your primary again as the tertiary, possibly under a different name and/or IP address. Spammers that deliver in reverse MX order will still end up trying to deliver to your primary first.
You could also list a bogus server in IP "dark space" (ie. an address known to have no listening server) so that the spammer must first check the empty address first. Even better is when there's a host there that drops packets (no TCP reset or ICMP port unreachable reply) to port 25, so that the spammer must time out the TCP connection attempt.
