The majority of the misidentified spam I have received of late contained a List-Id header and those lists I do subscribe to do not include this header. So I can safely direct these spam emails to a holding folder with the following rule:

NB: foo\.lan is a dummy value used to allow the rule to match other values but also to provide a means to list allowed domains. To allow a domain append it to foo\.lan with a | for example foo\.lan|example.org would allow a List_id value containing example.org to not be directed to the holding folder.
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks