IP source from private ip address

Hi, I’ve been analyzing my DMARC failures by looking at CSV file downloaded from detail viewer.
I noticed there are 11 NXDOMAIN in source host, and some of those IP address are private address.
How can this happen? Can this be spoofed?

I would like to know where DMARC report gets it’s ip_source from. Is it domain part of “mail from” e-mail address? Or is it from smtp connections? I suppose it’s from “mail from”, then it can be easily spoofed. But I can’t be sure. Someone please comment on this. Thank you!

The IP shown here is based on the IP contained in the report sent in by the reporters. Typically, this mean the reports contain bad information and are badly constructed by the receiver due to a incorrect DMARC verification implementation.