If someone from a computer in, say, London enters his corporate network in, say, Chicago (method unknown), and sends an email from that Chicago server, is there some way of knowing that the process originated from the London IP? The London IP would not show in the email, would it?