REDWOOD CITY, CA – November 17, 2003 -- Tumbleweed® Communications Corp. (NASDAQ:TMWD), a leading provider of mission-critical Internet communications software products for enterprises, financial services, healthcare and government, announced today that Centegra Health System (Centegra) has implemented Tumbleweed’s integrated email firewall to encrypt electronic communications with patients, comply with the Health Insurance Portability and Accountability Act (HIPAA), to fight spam, and to detect and kill computer viruses.

Centegra Health System, with nearly 3,000 Associates serving the Illinois communities of McHenry County and portions of Lake, Kane and Walworth Counties, wanted to ensure the protection and privacy of patient data sent through email correspondence. Centegra’s vendor selection criteria included finding a secure email solution that would not impact employee workflow, not burden users needing to send secure email, and require no client or desktop software.

Centegra’s HIPAA Security Team initially evaluated five vendors and their products, each tested for usability and workflow impacts. Centegra selected Tumbleweed’s email firewall based on its ability to identify and selectively encrypt email containing Protected Health Information (PHI), minor impact to existing email workflows, and ease of use. Tumbleweed’s ability to fight spam and detect and kill computer viruses were additional business considerations.

Centegra’s implementation of Tumbleweed’s email firewall was seamless. Users simply select the “Business Confidential” flag in their Outlook email application or add a keyword to the email message to encrypt electronic communication between Centegra Associates and their patients or other healthcare facilities. Currently Centegra uses the MMS Email Firewall to look for PHI in outbound email messages. MMS Email Firewall informs senders that their email message may contain PHI and provides instructions on how to send email messages securely in the future.

In addition to encrypted email capabilities, Centegra has also deployed Tumbleweed’s integrated email firewall to fight spam and block viruses at their email gateway. Centegra receives approximately 57,000 inbound email messages per week; approximately 70 percent of this volume is spam. Using Tumbleweed’s email firewall, Centegra now blocks these unwanted messages before they enter the organization’s network, providing significant productivity savings. Centegra also uses the Tumbleweed MMS Email Firewall as its first line of defense against viruses contained in email communications.

"We wanted to proactively protect the privacy of our patients and Associates, while prohibiting offensive and time-consuming spam," said Marvin Randash, Security Analyst for Centegra Health System, "Tumbleweed’s integrated email firewall product meets all of our compliance requirements and expectations -- with minimal impact to our user base.”

About the Tumbleweed's MMS Email Firewall
Tumbleweed MMS has been recognized as the #1 enterprise software solution for fighting spam according to Network World (http://www.nwfusion.com/reviews/2003/0915spam.html), and the #1 email firewall software for large enterprises by Information Security Magazine. MMS protects, filters and secures email traffic at the Internet gateway with an integrated set of anti-spam, anti-virus, anti-hacker, content filtering, email relay, and encrypted messaging capabilities -- minimizing email communications risks and reducing email management costs. MMS is used by over 400 of the largest, most demanding messaging infrastructures in the world, and is available in both appliance and software editions.

About the Tumbleweed's MMS Secure Redirect
Tumbleweed MMS Secure Redirect automatically secures and encrypts outbound email based on company-defined security policies -- without user intervention. Through intelligent, policy-based routing and encryption, Secure Redirect enables organizations to safely use email to communicate with customers, partners, and suppliers by automatically applying the most appropriate security delivery method for each recipient. Secure Redirect offers numerous ways of delivering secure email, including S/MIME to the gateway or desktop, online web delivery with email notification, and offline web delivery via Secure Envelope™. This represents the industry’s broadest set of proven secure delivery options, ensuring ease of use and rapid adoption, regardless of what email client users have on their desktops.

"Healthcare organizations like Centegra Health System are continually seeking integrated email management technologies to both secure their email communications and protect their users from spam and email viruses," said David Jevans, SVP Marketing for Tumbleweed Communications. "Tumbleweed’s email firewall provides Centegra with a high degree of email protection with minimal impacts to their existing business workflow.”

About Centegra Health System
Centegra Health System is located in McHenry County, Illinois. It includes the services of Centegra Memorial Medical Center, Centegra Northern Illinois Medical Center, Centegra Primary Care, Centegra Home Health, and Health Bridge Fitness Center. Annually over 330,000 patient visits are made in acute and ambulatory settings within Centegra facilities. A work force of 3000 Associates and 485 physicians provides care at over 26 sites in the greater McHenry County region.

About Tumbleweed Communications Corp.
Tumbleweed is a leading provider of mission-critical Internet communications software products for enterprises, financial services, healthcare and government. By making Internet communications secure, reliable and automated, Tumbleweed's anti-spam email firewall, secure file transfer, secure email, and identity validation solutions help customers significantly reduce the cost of doing business. Tumbleweed products are used to communicate with millions of end-users and tens of thousands of corporations. Tumbleweed has more than 600 enterprise customers, including ABN Amro, Bank of America Securities, Catholic Healthcare West, JP Morgan Chase & Co., The Regence Group (Blue Cross/Blue Shield), Society for Worldwide Interbank Financial Telecommunication (SWIFT), St. Luke's Episcopal Healthcare System, the US Food and Drug Administration, and the US Navy and Marine Corps. Tumbleweed Communications was founded in 1993 and is headquartered in Redwood City, California. For additional information about Tumbleweed go to www.tumbleweed.com or call 650-216-2000.

Tumbleweed cautions that forward-looking statements contained in this press release are based on current plans and expectations, and that a number of factors could cause the actual results to differ materially from the guidance given at this time. These factors are described in the safe harbor statement below.

Safe Harbor Statement
Except for the historical information contained herein, the matters discussed in this press release may constitute forward-looking statements that involve risks and uncertainties that could cause actual results to differ materially from those projected, particularly with respect to the features and performance characteristics of Tumbleweed products. . In some cases, forward-looking statements can be identified by terminology such as "may," "will," "should," "potential," "continue," "expects," "anticipates," "intends," "plans," "believes," "estimates," and similar expressions. For further cautions about the risks of investing in Tumbleweed, we refer you to the documents Tumbleweed files from time to time with the Securities and Exchange Commission, particularly Tumbleweed's Form 10-K filed June 4, 2003 and Form 10-Q filed November 14, 2003.

Tumbleweed assumes no obligation to update information contained in this press release, including for example its guidance regarding its future performance, which represents the Company's expectations only as of the date of this release and should not be viewed as a statement about the Company's expectations after such date. Although this release may remain available on the Company's website or elsewhere, its continued availability does not indicate that the Company is reaffirming or confirming any of the information contained herein.