I received an email at work the other day and needed to see where it physically originated from so I looked at the header and can see the IP addresses of the servers it went through, but tracing it back to where the originating IP address should be, it just says "unknown" and then gives a private IP address (10.xxx.xxx.xxx) which doesn't help.

My question is, will I be able find the IP address? and if it was successfully hidden, how is that possible?

I have no idea but why is the private IP address not the sender; wouldn't logic say the private IP address is where it originated from.

I'm clueless but did do some email sending with masking the from address as a fake uni email at university for a networking class.

It would be also possible that the email came from work somehow on the network by a virus?

Exactly, you can easily change an email address in a header, so you shouldn't care about it.

It is a complicated story but I suspect the sender's address could be genuine (ie not spoofed by someone else) but given the content it would be in their interest to be able to distance themselves from it, hence why the IP address has been removed. Without it they can say "It wasn't me, I'd never send such a thing, someone must have spoofed my account blah blah blah"

I know that an IP address can be spoofed to show a different one but this has literally been removed.

The private IP just identifies the device on the sender's network. I need the sender's public IP address.

My understanding is that typically each SMTP server which relays a message will add its own "Received" header to the email before sending on, and in that way you can trace back.

But if the originating client does not have a public IP, and the mail server it talks to is on the same private network, you may not get any kind of public IP for the originating client at all, but only be able to trace it back to the original relaying server and then the private IP from which that server received the message, which sounds like your case. There is nothing that is being removed, that is just the correct chain, and identifying the source would involve being able to interrogate the DHCP setup on that local network to see which machine had that IP address.