Not Quite Spam IP Blocks
Many of the not-quite-spam e-mails I've received over the years do appear, at first glance, to come from the folk they say they're from. However they're not. Even quite large companies are apt to use specialised e-mail companies for this, for example PurePromoter (http://www.pure360.com). These can be spotted, flagged in an artificial header and ultimately sent to the appropriate low-priority folder, cough, on the IP address block that they use via procmail (http://www.procmail.org). A typical rule would be:
* ^Received: from .*\[94\.236\.20\.1(2|[0-9])\]
| formail -I "X-BIB: PurePromoter Ltd"
Sadly specifying these blocks do require that you grok your Regular Expressions. Some nice CIDR-type block specification seems to be beyond procmail.
You can also have a rule like this:
| formail -I "X-BIB: Pluto PHP unsubscribe"
As they're spotted too.
Then it's a case of a single rule on the new X-BIB header:
# Box all the BIB messages
You can, like me, spend rather a lot of time on such shenanigans. My procmailrc is enormous, and beyond my simple comprehension. I think that it may be self-aware.