The Reply-To address is "
info_@mtgox.com". Does this mean that the mtgox.com machine is compromised too and they have set up a special mailbox there?
No. Any email can have any reply-to address.
If you examine the *full* header of the email, you should be able see the actual path of where it originated. An application such as Mozilla Thunderbird allows this under "View-Headers-Full". I don't think most web-based email reader easily allow this.