[djmcmath]

E-mail detectiving is a real trick. If somebody obtained his password, then all the computer sleuthery in the world will only show that it was his user logged in. If he _gave_ his password out, then perhaps he ought to learn the lesson that he needs to be responsible for the use of the account, even if it isn't him (ianal, but I seem to recall a court precedent along those lines). Like id10t says, as well, someone entirely separate could have faked the e-mail headers -- SMTP is an open standard, a fact that makes it particularly prone to this sort of nonsense.

Good luck,

Dan