With properly configured SMTP services, the header preserves all of the "Received" lines, so the chain is know to the ultimate recipient.
But the originator can spoof his sending IP address in the header, and some SMTP handlers don't check the header (in the email) against the network packet (which should have the same IP address), and forward the email anyway. There are other ways to "forge" or insert header lines.
There is tons of spoofed e-mail in the wild. Analysis based only on e-mail headers makes some huge assumptions, and the report I read (linked at the top of this thread) does not discuss those assumptions.
Not easy to do for non-State actors (but possible.)
And if NSA (for example) wants to make this look like a chain of possession that belongs to the Russians, they can.