Back when I ran an email server I’d basically trust nothing but the headers that connected to my server and the smtp server logs. If you don’t have access to the smtp server logs then you can be reasonably sure the ip is valid. Look up the ip and if your server isn’t hardened enough you may find the ip from a dsl or cable connection, or an open relay somewhere. I use to get tons of spam from misconfigured Apache web servers in various third world nations like Iran. These servers generally had misconfigured relaying rules that accepted whatever you threw at them.
Rarely, did I get a misconfigured spf but it happened sometimes, so check for an bad spf record on the relay server.
You can try to contact the owner of the server that relayed the email but it’s likely that they will ignore you; this is what I ran into when running email servers for 5ish years. You contact the owner and the owner wouldnt reply, so all you can do is blacklist their email and put it on one of the widely known spam lists like spamcop.