No surprises here I'm afraid, AS28840 is a russian outfit known as "OAO TATTELECOM" (tattelecom.ru), with the routes (amongst others);
A little basic research shows the IP that sent me the spam, which I'll get to in a second as it is rather funny, is known to ProjectHoneyPot and flagged by them as "Suspicious";
Given the information at PHP, it looks like a mail server, and I find it very difficult to believe that it's a compromised one, especially given it's location (perhaps I'm being too suspicious there? time will tell), and one or two of the other IP blocks owned by this company, has also been involved in malicious activity.
What is rather strange, is that other than the ProjectHoneyPot entry, I couldn't identify any other information referencing 220.127.116.11 as being malicious, though I easily found several references to other net blocks owned by this AS in various places such as news.admin.net-abuse.sightings, romancescam.com.
So what of the e-mail itself? Well in this case, though boring as the tracks stop there, the linky in the e-mail is to - Google (Outlook stripped the HTML, so presumably it didn't originally - one of these days Outlook will actually take notice of the options I've got set).
And yep, the headers are childs play to interpret too, one single fake "From" line, and that's it.
hpHosts - 18.104.22.168