In theory yes... in practice, sometimes...

To do successfully requires the cooperation of the sysadmins (and by extention their Manglers) of ALL the systems that the message has transited en-route. If you have that, and all the systems have adequate and sufficient logging, then it can be done.

If you cannot secure all of the above, then you are onto a loser; e.g. if a message has transited an ISP, you need their coperation to get the logs. You will almost certainly not get it unless you can obtain a warrant and force them to disclose. Or if the message has been "laundered" through an open-relay, the owner of said system will almost certainly not have sufficient logging to help, even if they wanted to.

Not very promising, is it however it very much depends on who turns out to be involved and where they are based.

[I'm assuming that there is no serious legality issues here -- if there are you should contact your local police and get them to contact there Computer Crime Unit -- I belive that all forces now them (even if they only consist of one person ]

HTH -- if not, ask some more (but I suggest that you don't post anything that might disclose personal identities: you can PM me if you'd like me to take a look at something.)

RTFM