Is there anyway someone could "spoof" an IP Address to make it seem like it was coming from somewhere it really wasn't?
Highly unlikely, these are TCP/IP connections we are talking about.
But there's no particular guarantee that the person ultimately in control of the computer system is located in the same place as the computer furthest down the chain - so yes, if an exchange or an E-mail provider participates in a TCP/IP session with a computer that appears to be in China, it's very unlikely that the computer system at the other end of the TCP connection is really in Los Angeles or Moscow.
But we don't know if that computer in China is relaying packets for, or controlled by, someone who's sitting in another city on another continent and using SSH tunnels or VPN service or a rented VPS or an open (or secret) proxy to hide the origin of their activity.
The only way to figure that out is to walk up the chain, find out who was connected to the last server in the chain, then find out where that connection came from, then find out where that connection came from, and so forth.
For all we know it's going to end up at an open WiFi hotspot at some coffee shop or in some suburban neighborhood somewhere with absolutely no record of who was connected.
However, if the unknown person(s) appear to control resources that are known to be controlled by particular individuals, it's a pretty good clue that either that person was involved, or they have shitty security.
How many times will the "I guess the account got compromised, someone guessed/found my password" excuse be used?
