Thanks. I will try that.
The email in question comes from a low traffic gmail mailbox, so no blatant spam as such. One recent & quite important mail got scored high though. Incidentally it was an insurance renewal reminder and the email was full of marketing crap and other spammers tricks like hidden text. Very unprofessional format for such an email IMO.
I can confirm the suggested solution works for me.
I thought of defining the To: header match object as a wildcard <.*@gmail.com>. But then it occurred to me, would that make my PMG installation an open relay for gmail destination addresses?!
Apart from fetchmail PMG's access control works roughly as follows:
* for the external port mails _to_ your configured relay domains are accepted
* for the internal port mails coming _from_ any trusted IP in your configured trusted networks
But as always - I would suggest to simply try it - keep an eye on the logs.