What are the names of the various parts of a SMTP `Received:` header?

In this SMTP Received: header:

Received: from mail.dgfip.finances.gouv.fr (bdmprod002-1.dgfip.finances.gouv.fr. [145.242.11.193]) by ... (truncation mine),

there are two "FQDNs" (maybe am I using a wrong appellation) for the sending server:

• a FQDN (bdmprod002-1.dgfip.finances.gouv.fr.) tightly associated with the sending IP address
• a "secondary" (not included in the parentheses) and different FQDN: mail.dgfip.finances.gouv.fr

For investigation purposes, I would like to know the correct appellations of these two FQDN-like names.

Some context: a relative of mines received a strange e-mail from the French government network. We fear that the potentially hacked server bdmprod002-1.dgfip.finances.gouv.fr. tries to masquerade as the legit governamental mail-sending server mail.dgfip.finances.gouv.fr, in a phishing attempt. With the correct appellations, I will be able to search more efficiently on the web.

Received headers are not really standardized but often follow the same premise. In your example

from mail.dgfip.finances.gouv.fr (bdmprod002-1.dgfip.finances.gouv.fr. [145.242.11.193]) by

• mail.dgfip.finances.gouv.fr is the source MTA's HELO FQDN, the hostname the MTA identified itself with.
• (bdmprod002-1.dgfip.finances.gouv.fr. [145.242.11.193]) is the source MTA's IP address preceeded by its reverse DNS hostname (PTR record). Most MXes confirm the rDNS name via forward resolution (A record) to detect forgery. The A record needs to show the original IP address (FCrDNS). Note that the HELO FQDN often doesn't match the PTR too closely.

MTA: SMTP client role (source)

MX: SMTP server role (destination)