The only reliable stigmata that I see are the number of received headers
(which depends on your local setup) and the presence of a locally generated
message id, together with the identification of the source as a dialup server
(which is relatively easy but not certain).
The Message-Id: is a good check to add. The received headers make
it difficult, though. What if I forward my mail to another account?
Mail directly to that account will have fewer headers than mail forwarded
onward, and if I use a .forward or a sendmail alias, procmail is never
invoked because delivery is non-local. I can't think of a way to reliably
count headers in our environment here -- some of my mail comes directly
to my machine, while others pass through our external and internal relay
before getting passed on to my machine.
I think that we may have to start relying heavily on scoring within the
message bodies now that the headers are starting to conform more and
more with "normal" mail.
Chris