[thedrake]

It is because of the DMARC setup that Paypal has put in place which is doing exactly what they want it to do which is put any non verified and in alignment (not coming from the paypal.com domain) - this is why you see the via in the from. The current DMARC policy for Paypal.com is dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=paypal.com

[nh2]

This doesn't sound perfectly accurate for my case (since the DMARC policy seems to be for paypal.co.uk, not .com), but quite related / perhaps the other way around?

I see in the headers:

    ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paypal.co.uk header.s=pp-dkim1 header.b=UsIpWUs9;
       spf=pass (google.com: domain of service@paypal.co.uk designates 173.0.84.226 as permitted sender) smtp.mailfrom=service@paypal.co.uk;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=paypal.co.uk
    Received: from mx0.slc.paypal.com (mx1.slc.paypal.com. [173.0.84.226])
            by mx.google.com with ESMTPS id q195si2496022ita.120.2019.02.05.13.10.37

> this is why you see the via in the from

I am not sure, it may also appear due to what I said in https://news.ycombinator.com/item?id=19100315