The Lowly Parentheses: Its important job in email

The parenthesis servers a surprisingly vital role in determining where email really comes from. In the email "headers" are a series of Received lines. The email server inserts vital information about an email's origin inside the parentheses. It is the one bit of information you can rely on.

For example:

This is a falsified Email Received line:
Received: from 89.210.237.165 by autotec.com.inbound15.mxlogicmx.net; Fri, 18 Jun 2010 02:01:56 0200

The parens are missing completely.

This is a real one;
Received: from ppp089210237165.dsl.hol.gr (ppp089210237165.dsl.hol.gr [89.210.237.165]) by ahost.somedomain.com (8.13.5/8.13.4) with ESMTP id o5HN38he003988;

Another common thing is for a scammer/spammer to falsify the origin of an email, but the Received line rats them out:

A real, but modified example:

Return-Path: 
Received: from mx1.mytiolo.info (mailhost.dwdtechllc.com [74.119.64.217])
 by host.domain.com (8.13.5/8.13.4) with SMTP id o5HLswgI022584
 for ; Thu, 17 Jun 2010 14:55:11 -0700

The spammer claimed to be from mytilol.info but it really came from dwdtechllc.com because it's what's inside the parens of the Received line that is correct.

These falsifications are sometimes legit (not everyone owns their own email server) but are often not.

Hurray for the parentheses.