Just ran into this too, shocked to see that any spammer can prevent reporting by forging a received header with an IPv6 address. Why not, in the short term, only consider received headers up to the first which contains an IPv6 address? It would prevent reporting when the last step went over IPv6, but I expect that's really uncommon. Are you keeping track of how common that is?
Received headers from my failed report: http://www.spamcop.net/sc?id=z5022302439z8...b815b78a60e50bz
Received: from exsmtp3.ntu.edu.sg ([155.69.5.168])
by host.theinternetco.net with esmtp (Exim 4.76)
(envelope-from <NEC-RSVN[at]ntu.edu.sg>)
id 1QRQdJ-0004gY-OQ
for x; Tue, 31 May 2011 09:13:27 -0600
Received: from EXCHHUB2.staff.main.ntu.edu.sg (155.69.24.24) by
EXSMTP3.staff.main.ntu.edu.sg (155.69.5.168) with Microsoft SMTP Server (TLS)
id 8.1.436.0; Tue, 31 May 2011 23:12:58 +0800
Received: from EXCHANGE32.staff.main.ntu.edu.sg ([fe80::a14d:b7e8:6637:5d61])
by EXCHHUB2.staff.main.ntu.edu.sg ([2002:9b45:1818::9b45:1818]) with mapi;
Tue, 31 May 2011 23:12:58 +0800
Which looks like a normal final receive by my provider, a normal untrusted receive by a spam relay, and a forged IPv6 receive to prevent reporting.
