Secure Contact
Whether it's for
IT consulting or
services like
Apscitu
Mail, you are about to contact me —
Duane Thresher, B.S., M.S., Ph.D.,
CEO of Apscitu Inc. — about entrusting some of your
most important and private information to me. You should have
some proof of who I am — authentication — before
doing so.
I also require some authentication of you; see the "Select
clients" note in the Legal Notes section of the
About Apscitu
Law page on the
Apscitu Law website.
Phone numbers provide no easy means of authentication (and
even for businesses should not be put on webpages, so I don't
include one here).
There are authentication methods you can use in email, but you
are contacting me because you don't know how to securely use
these and in general these methods are not very good.
(Authentication is the lesser-known half of email security,
the other well-known half being encryption, for which there
are very good methods; Apscitu Mail uses these.)
So how do we do this first contact?
There are email address domains that are restricted in who can
get them — to get one you have to be authenticated. Two
of the most common are .edu and .gov. For example, to get a
.edu email address you would have to have attended a
university and to get a .gov email address you would have to
work in government.
I have a B.S. in Electrical Engineering and Computer Science
from
MIT
so have the email address
dr.duane.thresher@alum.mit.edu.
I also have a Ph.D. in supercomputing from
Columbia
University so have the email address
dr.duane.thresher@caa.columbia.edu.
So to authenticate me first email me at one of these
university email addresses.
To authenticate you, email me, at least the first time, from
your .edu or .gov account. If you have neither, you can email
me from your business (.com) or organization (.org) account,
preferably with a username that is your name, and I will do
some authenticating using that email address. Please, no
emails from yahoo.com, gmail.com, etc. Anyone can get one or
more of those email addresses without authentication and they
are immediately suspect.
Don't send any sensitive information yet, just whether you are
generally interested in consulting or Apscitu Mail (extended
consulting includes Apscitu Mail) and your phone
number.
I will email you back from dr.duane.thresher@apscitu.com,
which is an account on one of my ultra-secure Apscitu Mail
email servers, or call you, and provide my phone number and
proof of receiving your email, thus authenticating me. (Like
for emails from anyone, you should check your spam folder at
least once a day. Apscitu Mail doesn't need a spam
folder.)
Actually, I've set it up at the universities so that
dr.duane.thresher@alum.mit.edu and
dr.duane.thresher@caa.columbia.edu simply forward to one of my
ultra-secure Apscitu Mail email servers, which are far more
secure than the university email servers (e.g. see
The
Doomsday Microsoft Government Email Data Breach). In
fact, not only don't send any sensitive information via these
university email servers, but if you are uncomfortable even
having your name go through them, and are comfortable I've
authenticated myself, email me directly at
dr.duane.thresher@apscitu.com.
With this first contact made, we can decide how to proceed
from there, but to include phone calls and face-to-face
meetings, which is the foundation of both authentication and
custom service. Would you interact with your doctor or lawyer
— to whom you also entrust some of your most important
and private information — as just an online
entity?
As indicated in the introduction above, all information you
provide, including email address, phone number, and that you
contacted me at all, is strictly confidential. That is the
whole point of Apscitu, ultra-security, and privacy is a part
of security.