For every email in GetResponse the scenario reads the hidden headers: it finds the real sending server, checks its reputation and verifies the authenticity signatures — then returns a verdict on whether it's spoofed.