If emails claiming to be from paypal do not have a DKIM-header, you can safely classify them as SPAM.
You could manually check the DKIM signature if one is present, but that's tedious for so many emails.
As a general solution, the email server should only accept the emails from paypal domains, if the DKIM signature of the eMail is valid.