The nature of email is that it can be spoofed (although it doesn't sound like they've had the sense to even do that). This is what cryptographic signatures are for, but the dancing pigs problem means that only security nerds, employees of security-conscious businesses and those who've been stung by forged messages in the past ever use them.
The headers will tell you it came from such-and-such a machine on such-and-such a network. To find out more, you need the cooperation of the network/machine admin, which should generally require a warrant from the relevant law enforcement agency.
Of course, J Random Network Admin may respond to an abuse@ email reporting (with evidence) that one of their users is sending malicious messages by invoking their own acceptable use policy. If the malicious party has any sense at all, the consequences of this will simply be the loss of a throw-away account, but there's always a chance that the sender was stupid enough to do it from their employer or educational institution's network, where the consequences are likely to be more consequential.
ETA: Re-reading your post, iPhone 6 (if that's not spoofed, which it probably isn't if they didn't spoof the from address) plus "not wifi" suggests a cellular connection. Those are CGNAT all the way down, so you're not getting anything useful without police involvement.
Geolocation data should always be taken with a pinch of salt. Network topography can be misleading, and the databases are full of all sorts of bollocks. (She says, from Arnold, Nottingham.)
I'd suggest the contents of the message combined with who it was addressed to may ultimately be more revealing than the technical details.
