Payflow supports a Silent Post URL, which is a page that will be notified upon completion of a successful transaction (payment, refund, etc...). The Silent Post URL can be configured via the PayPal manager.
Most similar payment systems implement the notion of a "post back" where the receiving software can post back the results to make sure that the transaction information is legitimate and not originating from a hacker. Payflow doesn't appear to support a post back and the Payflow Pro documentation doesn't mention any other way of verifying the transaction data received at the Silent Post URL.
All valid PayPal notifications originate from 173.0.81.65. Simply ignore any notifications that don't come from this IP.
The answer is hidden away in the depths of the PayPal knowledge base: https://ppmts.custhelp.com/app/answers/detail/a_id/445. More information can also be found at https://ppmts.custhelp.com/app/answers/detail/a_id/883/kw/payflow%20ip%20address