Смотрите заголовки Received, как правило в них есть вся цепочка начиная от формирования письма. Можно воспользоваться чем-то типа
https://toolbox.googleapps.com/apps/messageheader/ - но обычно все гораздо лучше и больше видно по самим заголовкам. Вот, например, заголовки Received письма полученного через списки рассылки:
Received: from smtp2.osuosl.org ([140.211.166.133]:43816)
by mx242.i.mail.ru with esmtp (envelope-from <openid-specs-risc-bounces@lists.openid.net>)
id 1nD7cH-000BCL-Nx; Thu, 27 Jan 2022 19:27:22 +0300
Received: from localhost (localhost [127.0.0.1])
by smtp2.osuosl.org (Postfix) with ESMTP id 818F640207;
Thu, 27 Jan 2022 16:27:16 +0000 (UTC)
Received: from smtp2.osuosl.org ([127.0.0.1])
by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 0oLF9wJ5GV1X; Thu, 27 Jan 2022 16:27:15 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
by smtp2.osuosl.org (Postfix) with ESMTP id F27D4401DD;
Thu, 27 Jan 2022 16:27:14 +0000 (UTC)
Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
by ash.osuosl.org (Postfix) with ESMTP id 4A7A21BF84C
for <openid-specs-risc@lists.openid.net>; Thu, 27 Jan 2022 16:27:11 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp2.osuosl.org (Postfix) with ESMTP id 36EB3401DD
for <openid-specs-risc@lists.openid.net>; Thu, 27 Jan 2022 16:27:11 +0000 (UTC)
Received: from smtp2.osuosl.org ([127.0.0.1])
by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 6ALaTL5qxGLX for <openid-specs-risc@lists.openid.net>;
Thu, 27 Jan 2022 16:27:09 +0000 (UTC)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77])
by smtp2.osuosl.org (Postfix) with ESMTPS id B051F400CC
for <Openid-specs-risc@lists.openid.net>; Thu, 27 Jan 2022 16:27:09 +0000 (UTC)
Received: from rcdn-core-7.cisco.com ([173.37.93.143])
by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA;
27 Jan 2022 16:19:37 +0000
Received: from mail.cisco.com (xbe-rcd-004.cisco.com [173.37.102.19])
by rcdn-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id 20RGJaJO009169
(version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK)
for <Openid-specs-risc@lists.openid.net>; Thu, 27 Jan 2022 16:19:36 GMT
Received: from xfe-rtp-001.cisco.com (64.101.210.231) by xbe-rcd-004.cisco.com
(173.37.102.19) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Thu, 27 Jan
2022 10:19:36 -0600
Received: from xfe-aln-005.cisco.com (173.37.135.125) by xfe-rtp-001.cisco.com
(64.101.210.231) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Thu, 27 Jan
2022 11:19:36 -0500
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (173.37.151.57)
by xfe-aln-005.cisco.com (173.37.135.125) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14
via Frontend Transport; Thu, 27 Jan 2022 10:19:35 -0600
Received: from BL0PR11MB3267.namprd11.prod.outlook.com (2603:10b6:208:6b::22)
by BL1PR11MB5318.namprd11.prod.outlook.com (2603:10b6:208:312::24)
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4930.17; Thu, 27 Jan
2022 16:19:35 +0000
Received: from BL0PR11MB3267.namprd11.prod.outlook.com
([fe80::c981:5c34:715b:b3a6]) by BL0PR11MB3267.namprd11.prod.outlook.com
([fe80::c981:5c34:715b:b3a6%3]) with mapi id 15.20.4930.018; Thu, 27 Jan 2022
16:19:34 +0000
