Absent any email authentication results, email sources can sometimes be related to an email stream if external factors are considered such as server reverse names and network ownership.
Legitimate email originating from related servers should be identified using SPF and DKIM. Leaving it up to receivers to identify legitimate email is suboptimal.