AI Email Scanning

AI-powered email scanning

PreviousBrowser Extension Admin Guide NextResmo Agent (Beta)

Last updated 1 year ago

Was this helpful?

AI Email Scanning

AI-powered email scanning

Resmo Email Scanning checks your emails to find where you might have signed up for new accounts. It looks for emails that are about joining or subscribing to something. This way, you can easily see what accounts you've made through emails and manage them with Resmo.

How the Scan Process Works

Currently, email scanning supports Google Workspace only.

The first step in the process is downloading Gmail emails for all users in your organization. To achieve this step successfully you will need to create a service account and configure domain-wide delegation for this account.

How to Create a Service Account

Credentials and super admin rights are required in Google Workspace is provided by service account.
To configure service account, you can check documentation from .

Open the Google Cloud Console ().
Select a project. If there are no existing projects, create a project.
Enable the API.

On the navigation menu, select API & Services > Library option if it is not already selected.
In the displayed list of APIs, click Admin SDK API and Gmail API . Enable these options if they are not already enabled.

On the navigation menu, select Credentials.
To create a new service account click Create Credentials.
- From the drop-down menu, select Service Account.
- Enter the account name. The ID is automatically populated.
- To furnish a new private key, select the json key type.
- Click Create. You are prompted to download the key.

How to Add Domain-Wide Delegation

Domain-wide delegation provides credentials are required to read all emails.

In the Admin console, go to Menu -> Security -> Access and data control -> API controls -> Manage Domain Wide Delegation.

Click Add new and enter your service account client ID.

You can find the ID (also known as the Unique ID) in the JSON file that you downloaded when you created the service account or in Google Cloud (click IAM & Admin -> Service accounts -> the name of your service account).

Enter the client ID of the service account or OAuth2 client ID of the app.
In OAuth Scopes, add each scope that the application can access.

a. https://www.googleapis.com/auth/admin.directory.user.readonly
b. https://www.googleapis.com/auth/gmail.readonly

Click Authorize.
Point to the new client ID, click View details, and make sure that every scope is listed. If a scope is not listed, click Edit, enter the missing scope, and click Authorize. You can't edit the client ID.

After that, AI takes part in the process to achieve the best results in identifying possible account creations from emails. The scan process uses AI-based classification practices and labels emails into several categories. With the help of labeling, unrelated emails eliminated and the others processed in Resmo as related users and apps.

How to Use

# Ensure you have git and Python 3.7 installed in your environment. AI Labeling can take time.

# Clone the repository
$ git clone https://github.com/resmoio/email-app-scanner.git

# Install the dependencies
$ cd email-app-scanner
$ pip install -r requirements.txt

# Set variables
ADMIN_EMAIL="admin@yourdomain.com"
INGEST_KEY="b80b2cb6-2036-471d-85be-0f250ad435f8"
SERVICE_ACCOUNT="service-account.json"

# Run the code for downloading emails for all users, it will take a while depending on your internet connection and number of users
$ python gmail-download-mails.py \
  --admin-email $ADMIN_EMAIL \
  --service-account $SERVICE_ACCOUNT

# Run the code for AI labeling emails for all users. It's recommended to use a machine with GPU for this step. It will take a while depending on your machine and number of users
$ python label-emails.py

# After the execution is done, you can see the results in the JSON file
# To upload this file to Resmo, run the following code
$ python send-to-resmo.py --ingest-key $INGEST_KEY

You can see results in Resmo by checking accounts with email sources:

PreviousBrowser Extension Admin Guide NextResmo Agent (Beta)

Last updated 1 year ago

Was this helpful?

How the Scan Process Works

Currently, email scanning supports Google Workspace only.

How to Create a Service Account

Credentials and super admin rights are required in Google Workspace is provided by service account.
To configure service account, you can check documentation from .

Open the Google Cloud Console ().
Select a project. If there are no existing projects, create a project.
Enable the API.

On the navigation menu, select API & Services > Library option if it is not already selected.
In the displayed list of APIs, click Admin SDK API and Gmail API . Enable these options if they are not already enabled.

On the navigation menu, select Credentials.
To create a new service account click Create Credentials.
- From the drop-down menu, select Service Account.
- Enter the account name. The ID is automatically populated.
- To furnish a new private key, select the json key type.
- Click Create. You are prompted to download the key.

How to Add Domain-Wide Delegation

Domain-wide delegation provides credentials are required to read all emails.
To configure domain-wide delegation, you can check documentation from .

to your . Sign in using an account with (does not end in @gmail.com).
In the Admin console, go to Menu -> Security -> Access and data control -> API controls -> Manage Domain Wide Delegation.

You must be signed in as a for this task.

Click Add new and enter your service account client ID.

You can find the ID (also known as the Unique ID) in the JSON file that you downloaded when you created the service account or in Google Cloud (click IAM & Admin -> Service accounts -> the name of your service account).

Enter the client ID of the service account or OAuth2 client ID of the app.
In OAuth Scopes, add each scope that the application can access.

a. https://www.googleapis.com/auth/admin.directory.user.readonly
b. https://www.googleapis.com/auth/gmail.readonly

Click Authorize.
Point to the new client ID, click View details, and make sure that every scope is listed. If a scope is not listed, click Edit, enter the missing scope, and click Authorize. You can't edit the client ID.

How to Use

# Ensure you have git and Python 3.7 installed in your environment. AI Labeling can take time.

# Clone the repository
$ git clone https://github.com/resmoio/email-app-scanner.git

# Install the dependencies
$ cd email-app-scanner
$ pip install -r requirements.txt

# Set variables
ADMIN_EMAIL="admin@yourdomain.com"
INGEST_KEY="b80b2cb6-2036-471d-85be-0f250ad435f8"
SERVICE_ACCOUNT="service-account.json"

# Run the code for downloading emails for all users, it will take a while depending on your internet connection and number of users
$ python gmail-download-mails.py \
  --admin-email $ADMIN_EMAIL \
  --service-account $SERVICE_ACCOUNT

# Run the code for AI labeling emails for all users. It's recommended to use a machine with GPU for this step. It will take a while depending on your machine and number of users
$ python label-emails.py

# After the execution is done, you can see the results in the JSON file
# To upload this file to Resmo, run the following code
$ python send-to-resmo.py --ingest-key $INGEST_KEY

You can see results in Resmo by checking accounts with email sources: