This response considers that you are using Outlook/Exchange.
You can view the email headers for the server sending the email (SMTP) to tell who was the actual sender. Double-click the message and then click on View/Options. There is no requirement for the From and To information within the message to be accurate, but the headers tell all. It’ll show you where the message came from, what server version they were using, the IP Address, domain, etc. Obviously, this takes into consideration that the email server that the email was sent from was not spoofed, however, the IP Address must be a valid address. If the IP were spoofed, the real email server would reset the connection since it did not generate the traffic or the three-way TCP handshake will not occur…
If the address was sent internally, the server would use the MTA to send the email. You would need to look at the message ID and go back to the server to look for the person who sent the email, but it will only give you information if you have message tracking already on. The same applies for SMTP email coming from outside your Exchange organization, but at least you have some information contained in the header to go by with external emails.
I think that you can get the message ID by looking at the view/options method for viewing headers. I’m not connected to an Exchange server right now to verify it, however. The difference is that you won’t have any SMTP headers. If you are going to find the message ID, this is where you’d find it.
Hope that helps.
The email header may also help in tracking the IP details. As the case mentioned by you can be that of IP theft as well as that of Email Spoofing.