I wrote this procmail recipe following an email exchange with a very helpful Hotmail employee; unfortunately I forget his name. Apparently, all "real" Hotmail email has an "X-Originating-IP:" header line attached to it. But almost all of the spammers forging Hotmail email don't add this line! So just add this to your .procmailrc:
# Legitimate Hotmail mail always includes an X-Originating-IP: line in the
# header; filter on it to kill million$ of $ex $pam$!