In [1]:
import re
import datetime

In [2]:
def parse_email_header(email_header):
  """Parses an email header and returns a dictionary of information about the email.

  Args:
    email_header: A string containing the email header.

  Returns:
    A dictionary of information about the email, including the following keys:
      * from: The email address of the sender.
      * to: The email address of the recipient.
      * date: The date and time the email was sent.
      * subject: The subject line of the email.
      * message_id: The unique identifier for the email.
  """

  email_header_dict = {}

  # Extract the from, to, date, subject, and message_id fields from the email header.
  for line in email_header.splitlines():
    match = re.match(r'^(From|To|Date|Subject|Message-ID):\s+(.*)$', line)
    if match:
      email_header_dict[match.group(1).lower()] = match.group(2)

  # Convert the date and time field to a datetime object.
  email_header_dict['date'] = datetime.datetime.strptime(email_header_dict['date'], '%a, %d %b %Y %H:%M:%S %Z')

  return email_header_dict


In [3]:
def investigate_email_crime(email_header):
  """Investigates an email crime.

  Args:
    email_header: A string containing the email header.

  Returns:
    A dictionary of information about the email crime, including the following keys:
      * suspicious_activity: A list of suspicious activity that was found.
      * verdict: A verdict of whether the email is likely to be fraudulent or not.
  """

  # Get the email header dictionary.
  email_header_dict = parse_email_header(email_header)

  # Look for suspicious activity.
  suspicious_activity = []
  if email_header_dict['date'] > datetime.datetime.now():
    suspicious_activity.append('The email is dated in the future.')
  if ('phishing' in email_header_dict['subject']) or ('scam' in email_header_dict['subject']):
    suspicious_activity.append('The subject line contains phishing or scam keywords.')
    
  # Render a verdict.
  verdict = 'The email is likely to be fraudulent.' if len(suspicious_activity) > 0 else 'The email is likely to be legitimate.'

  return {'suspicious_activity': suspicious_activity, 'verdict': verdict}

In [8]:
email_header = """
Date: Mon, 25 Sep 2023 21:53:41 GMT
Message-ID: <CADmSYyt0teF6o+xEmHXAEWh2=tWsacaduQD_qPBHVcQxyw3bOg@mail.gmail.com>
Subject: Testing Code for Assignment
From: Sameer Bramhecha <bramhechas89@gmail.com>
To: bramhechasameer@gmail.com
"""

In [9]:
investigation_results = investigate_email_crime(email_header)

print(investigation_results)

{'suspicious_activity': [], 'verdict': 'The email is likely to be legitimate.'}
