Hey Charles,
My recommendation would not be to run uRPF facing a BGP customer.
That said, you have two issues to address here: one is the acceptance of prefix advertisements, and the other is the acceptance of traffic.
uRPF does nothing to help with the former, and the gold standard there is generally considered to be RPKI. IRR based filtering is another reasonable way to filter prefix advertisements you receive, and several well-known IX's and transit providers for example do just this.
The latter, acceptance of traffic, is a broader challenge. In essence, you don't really have a good way to know what traffic is legitimate and what isn't. My advice would be simply to watch for things you don't expect, log them when they occur in significant quantity, and manually review incidents that are unexpected to understand why. If you cannot understand why, then you can work with the client sending the traffic to try to understand it, or block that specific traffic from that specific client. uRPF on a client circuit raises exactly the issues you've already raised. Many clients, even smaller ones, who choose to run BGP sessions with transit providers will wish to be able to employ common TE practices, and by deploying uRPF, you may very well be creating a nasty situation for them which potentially is also difficult for smaller shops without high end tooling in place to diagnose easily.
- mdh
