Many of my users prefer to keep their email addresses confidential for obvious reasons. I mask the recipient's address from the header to preserve the recipient's identity. I will not release this information. However, if you are indeed the sender of the email, you should be able to figure it out from your logs. If this doesn't work, you can always reply to the spam report and ask the user for assistance. If you are nice and convince the user that he or she did actually sign up for your list, the user will probably help you.
First, look at the SpamCop report. It should include the full headers of the email in question, including the partial MessageID:
From firstname.lastname@example.org Thu May 20 17:16:54 1999
Received: from localhost (root@localhost)
by sam.julianhaight.com (8.9.3/8.9.1) with ESMTP id RAA13580
for <x>; Thu, 20 May 1999 17:16:56 -0700
Date: Thu, 20 May 1999 17:16:55 -0700 (PDT)
Subject: messageid test
Content-Type: TEXT/PLAIN; charset=US-ASCII
Using the receiving servers (domain), date and time stamps and the partial MessageID provided, you should be able to match the header to your mail logs to get the address the mail was sent to.
But, I don't keep my logs. What can I do?
All legitimate list managers keep logs. If you do not, you
should think about hiring an outside agency to manage your lists.
Find someone who can handle this type of problem.
[Append to This Answer]