there are cryptographic signatures on almost all mails sent by large mail providers these days, which makes it very hard to just forge an email that will hold up to closer examination with the help of the provider. so basically the IT techs of the company would need to be on board with whatever the perpetrator is doing, for them to get away with it.
senders can only be easily forged if you control the senders mail server or if they don’t use best practices for running a mail server.
See also:
there are cryptographic signatures on almost all mails sent by large mail providers these days, which makes it very hard to just forge an email that will hold up to closer examination with the help of the provider. so basically the IT techs of the company would need to be on board with whatever the perpetrator is doing, for them to get away with it.