I wrote this procmail recipe following an email exchange with a very helpful Hotmail employee; unfortunately I forget his name. Apparently, all "real" Hotmail email has an "X-Originating-IP:" header line attached to it. But almost all of the spammers forging Hotmail email don't add this line! So just add this to your .procmailrc:
# Legitimate Hotmail mail always includes an X-Originating-IP: line in the
# header; filter on it to kill million$ of $ex $pam$!
:0 H:
* ^(From|X-From-Line|Return-Path):.*hotmail\.com
* !^X-Originating-IP:
junk