How to identify the real email address the email is comming from

We have a user getting emails that it seems not from Microsoft (to giver at least one example, this has happens with other know companies).

We went into Message Option and noticed that the "Return-Path" is not the same as the sender email, the "from" (see MESSAGE OPTION attached, we have changed real email names for obvious reasons)

Can EE give us some input on this matter?

(We use Outlook 2007)

Return-Path: <sabine460@raku-gaki.com>
Received: from mtain-db12.r1000.mx.aol.com (mtain-db12.r1000.mx.aol.com [172.29.64.96]) by air-de04.mail.aol.com (v128.1) with ESMTP id MAILINDE044-5eb34bW5608f1A1; Wed, 14 Apr 2010 02:28:31 -0400
Received: from plus51.host4u.net (plus51.host4u.net [209.150.128.134])
	by mtain-db12.r1000.mx.aol.com (Internet Inbound) with ESMTP id C116D38000095
	for <USERNAME@aol.com>; Wed, 14 Apr 2010 02:28:25 -0400 (EDT)
Received: from 114-42-76-84.dynamic.hinet.net (114-42-76-84.dynamic.hinet.net [114.42.76.84])
	by plus51.host4u.net (8.11.6/8.11.6) with ESMTP id o3E6RoP15816
	for <USERNAME@DOMAIN.com>; Wed, 14 Apr 2010 01:27:53 -0500
Received: from 114.42.76.84 by mail.raku-gaki.com; Wed, 14 Apr 2010 14:27:08 +0800
Message-ID: <000d01cadb9b$82451620$6400a8c0@sabine460>
From: "Microsoft Team" <support@microsoft.com>
To: <USERNAME@DOMAIN.com>
Subject: Conflicker.B Infection Alert
Date: Wed, 14 Apr 2010 14:27:08 +0800
MIME-Version: 1.0
Content-Type: multipart/mixed;
  boundary="----=_NextPart_000_0006_01CADB9B.82451620"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.3338.1
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3338.1
x-aol-global-disposition: S
X-AOL-VSS-INFO: 5400.1158/57431
X-AOL-VSS-CODE: clean
x-aol-sid: 3039ac1d40604bc560895fe8
X-AOL-IP: 209.150.128.134
Status:

Select allOpen in new window