James Hess wrote:
RFC1918 addresses should also never be found in mail headers of any messages being exchanged over the internet..
One need to understand the Received: headers and their order. Private address space is perfectly legitimate. Very common in the early part of transport and often seen in the last delivery in large organisations that have multiple distributed SMTP servers. What is important is for a recipient to know which Received: header he can trust. The only IP address you can trust are the one inside your own organisation, and the IP address that sent the message to your organisation. All other Received: headers below that to be considered fake unless proven otherwise. In the above case, it appears that the message arrived within the organisation from a public IP address, and then was sent to another host within the organisation via private address space. It is also important to note that the topmost header was able to reverse translate the 10.*.*.* IP which implies that it was internal to the organisation, using an internal DNS server which makes it more legitimate since it is within that organisation.