MHA does not ID forged headers

[8string]

My first time here, so please be patient. I just ran MHA against a known fraudulent email that had a forged header. I would have expected MHA to have identified this. any ideas on why it didn't? i.e setup, not able to, etc.
Names changed to protect the innocent and I'm adding the actual forged header info for the sake of clarity.
So the compromised user account sent a forged header email and It was NOT caught by Defender. I would expect that it would be!
It ended up in her inbox. It clearly from this header information came from OUTSIDE the company and not from the email address that sent it.

Any thoughts? Should I not expect an advanced AI tool like this (grin) to catch what appears to be an obvious fake?

Subject	New 401K Plan Enrollment For 2023/24
Message Id	0100018b3fb066d8-d5f4f258-15e8-4ab3-99e3-c7d6d1fd4626-000000@email.amazonses.com
Creation time	Tue, 17 Oct 2023 22:10:07 +0000 (Delivered after 7 seconds)
From	"[email protected]" <compromised [email protected]>
To	[email protected]

Subject New 401K Plan Enrollment For 2023/24
Message Id 0100018b3fb066d8-d5f4f258-15e8-4ab3-99e3-c7d6d1fd4626-000000@email.amazonses.com
Creation time Tue, 17 Oct 2023 22:10:07 +0000 (Delivered after 7 seconds)
From "[email protected]" <compromised [email protected]>
To [email protected]

[stephenegriffin]

The goal of MHA is strictly to present the header information in an easier to read format. There is no AI involved.