It would also be worth checking if "MAIL FROM:" is the same as "From:" and
"RCPT TO:" is the same as "To:". Can anyone think of why these would ever
be inconsistent in a valid email?
The first argument to "MAIL FROM:" is the mailbox where errors and DSNs
are sent. This is different from the "From:" header, which should be
the mailbox of the author of the message and also the default "reply-to"
address. These two can easily not match when address extensions and
mailing lists are involved.
To recap, mailing lists and robots. IME, messages from non-occasional
mailing list and several robots sooner or later are stored in their own
imap folder(s). In case doing so is common, there is an interesting
point to consider: it is very easy to discriminate between vanilla
human-to-human messages on the one hand and robots and occasional
mailing lists on the other.
Comparing that with the overwhelming intricacies involved in the spam
vs. ham discrimination, I'd say the former is cleaner than the latter.
It also clarifies the meaning of SPF.