Thanks for the follow up info kseistrup. Is there a thread already about how you got that so other's can do it for this and other suspicious emails?
Not really, I just looked in the raw email headers (the first two code sections), and did a whois lookup of the offending email address. I don't know about Windows, but mostly anyone on Linux should be able to do that easily.