Why would you want to check who it came from (warn them perhaps or block email from it)?
The likelihood is that the from address is forged which is common practice, so trying to warn, etc is pointless. The from address is forged using an email address found on the infected system, addressbook, documents, web pages, etc.