Header tests focus on the message headers. The tests are mainly concerned with detecting fake headers and determining whether a message has been routed via an open relay.
For example, a header test could flag all emails that appear to have been sent over 72 hours ago, or sent at a future date. Most email servers have accurate clocks. However, spammers frequently use trojanned PCs, which may have inaccurate clocks, and so spam messages might have dates that are in the past or the future. Examining email headers is described in more detail later in the chapter.
Header tests do not form a large proportion of tests that SpamAssassin performs. These tests use up considerable amounts of CPU, memory, and disk I/O resources.