You get this if $_SERVER['REMOTE_ADDR'] of a ping/track back doesn’t match the IP address of the URL the ping back comes from allegedly.
Let’s say someone claims to send a ping back from example.com but the request IP and the server IP for example.com are different – the ping back is marked as spam.
The documentation is not very clear about this, but a look at the source code told me everything I you wanted to know. 🙂