OverviewEmail Security SecureTransport Validation Authority                          
OverviewIndustry Solutions Application Solutions                                                                     
OverviewPortal Login Consulting Training Contact                                           
Overview Find a Partner Apply Now Technology                         
 
 

Tumbleweed Press Releases

Tumbleweed Announces Strategy To Support A Comprehensive Set of Email Authentication Standards

Tumbleweed Email Authentication Strategy Stops Spoofing, Spam and Phishing with Support for Email Digital Signatures, Microsoft Caller-ID, SPF, and Yahoo! Domain Keys

Redwood City, CA – March 22, 2004 – Tumbleweed® Communications Corp. (NASDAQ:TMWD), a leading provider of secure Internet messaging software for enterprises, today announced it is developing and supporting the most comprehensive set of email sender authentication technologies in the industry. Trust in email has been eroded over the past several years by the drastic increase in spam, email fraud and phishing, and a continuing string of email-borne viruses, Trojan horses and worms. These email problems all stem from the ability of email senders to “spoof” the sender or domain from which the email message was sent. By delivering a comprehensive set of email authentication services that enterprises can apply at the gateway, Tumbleweed will enable organizations to block spam more effectively without false positives, stop email scams and fraud, and provide positive proof to customers and partners that email can be trusted.

“Email authentication is important to preventing spoofing, and the email fraud problems that result from it," said Arabella Hallawell, Research Director of Gartner Inc. "However enterprises will have to bear the burden of new technology upgrades and process changes that are necessary for better authentication. In addition, multiple authentication standards have emerged; S/MIME, Caller- ID, SPF and Yahoo! Domain Keys, that will further complicate adoption for enterprises."

Tumbleweed plans to evaluate many email authentication approaches in order to determine which ones are most effective at reducing or eliminating unwanted email, and which ones are gaining traction with customers and large ISPs. Once these have been identified, Tumbleweed will incorporate the leading standards into its new Email Authentication Engine as part of its Email Firewall solution. Tumbleweed’s Email Firewall protects, filters and secures email traffic at the Internet gateway with an integrated set of anti-spam, anti-virus, intrusion detection, content filtering, email relay, encrypted messaging, and email authentication capabilities.

Support for Existing Email Authentication Standards
Tumbleweed’s first priority is to support leading email authentication standards that exist today, to provide immediate effectiveness in fighting spoofing, spam and phishing. In particular, Tumbleweed is focusing on S/MIME, a protocol that adds digital signature and encryption capabilities to Internet email. Digital signatures ensure that an email message has not been spoofed or tampered with. When the recipient opens a digitally signed e-mail, he sees a 'red ribbon' displayed by his email client. This is a visual cue, similar to the SSL lock on a browser, which says that the 'From' address is real, and that the sender can be trusted. Invalid signatures, a mismatched 'from' address or other signature identity issues will be flagged by the e-mail application to warn users of trouble.

“S/MIME digital signatures are an Internet standard that has been around since 1995,” said Ken Beer, Director of Product Management at Tumbleweed Communications. “Because these digital signatures are supported on over 350 million desktop email clients today, this is a very promising, pragmatic approach that can 'raise the bar' for spammers and phishers.”

Digital signatures are lightweight, and can be easily and unilaterally applied at the desktop or outbound mail gateway of any organization. And since signatures are already supported in almost every commercially available e-mail application, it requires no action on the part of the recipient.

Tumbleweed intends to support the use of S/MIME digital signatures to sign outbound email at the gateway, allowing organizations to proactively prove to their customers and partners that the message is trusted. And for inbound email, Tumbleweed will validate digitally signed messages to accurately identify the sender, allowing organizations to block messages from known spammers or scammers, and to bypass spam filters for known, trusted senders such as business partners.

Emerging Email Authentication Standards Under Evaluation
Tumbleweed will support the leading emerging email authentication protocols as they become pervasive on the Internet. The following protocols are beginning to emerge as the leading candidates in the market:

  • Caller-ID for E-Mail (Microsoft) –Caller ID allows organizations to add lists of published email servers to their DNS (Domain Name System) record using XML. Other organizations can use these lists to identify and reject email messages that are ‘spoofed’ by claiming to come from that domain, but weren't sent from an approved server.
  • SPF (Sender Policy Framework) – the SPF protocol allows organizations to describe their email servers in a special SPF record that is attached to the DNS server. Other organizations can use this SPF record to identify and reject any messages that claim to come from that domain, but weren't sent from an approved server.
  • Domain Keys (Yahoo) – With Domain Keys, a system sending an e-mail message would embed a secure, private key in the message header. The receiving system would check the DNS record for the public key registered to the sending domain. If the public key is able to decrypt the private key embedded in the message, then the e-mail is considered authentic and can be delivered. If not, then the message is assumed not to be an authentic one from the sender and is blocked.

“Better authentication of email is the answer to a host of email security problems, including spam, phishing, and email-borne viruses and worms” said Dave Jevans, Chief Marketing Officer for Tumbleweed Communications. “Our customers consider email authentication to be a basic requirement of their email infrastructure, and we intend to provide comprehensive, robust support for all the leading approaches as part of our base product.”

About Tumbleweed's Email Firewall
Tumbleweed Email Firewall has been recognized as the #1 enterprise software solution for fighting spam according to Network World (http://www.nwfusion.com/reviews/2003/0915spam.html), and the #1 email firewall software for large enterprises by Information Security Magazine. Tumbleweed Email Firewall protects, filters and secures email traffic at the Internet gateway with an integrated set of anti-spam, anti-virus, intrusion detection, content filtering, email relay, encrypted messaging, and email authentication capabilities -- minimizing email communications risks and reducing email management costs. Tumbleweed Email Firewall is used by over 400 of the largest, most demanding messaging infrastructures in the world, and is available in both appliance and software editions.

About Tumbleweed Communications Corp.
Tumbleweed is a leading provider of secure Internet messaging software products for enterprises, financial services organizations and government. By making Internet communications secure, reliable and automated, Tumbleweed's email firewall, secure file transfer, secure email, and identity validation solutions help customers significantly reduce the cost of doing business. Tumbleweed products are used by millions of end-users and tens of thousands of corporations. Tumbleweed customers include ABN Amro, Bank of America Securities, Catholic Healthcare West, JP Morgan Chase & Co., The Regence Group (Blue Cross/Blue Shield), St. Luke's Episcopal Healthcare System, the US Food and Drug Administration, and the US Navy and Marine Corps. Tumbleweed Communications was founded in 1993 and is headquartered in Redwood City, Calif. For additional information about Tumbleweed go to www.tumbleweed.com or call 650-216-2000.

SAFE HARBOR STATEMENT
Tumbleweed cautions that forward-looking statements contained in this press release are based on current plans and expectations, and that a number of factors could cause the actual results to differ materially from the guidance given at this time. These factors are described in the Safe Harbor statement below.

Except for the historical information contained herein, the matters discussed in this press release may constitute forward-looking statements that involve risks and uncertainties that could cause actual results to differ materially from those projected, particularly with respect to the potential increase in sales of Tumbleweed products resulting from new features and funcationality included within the products.. In some cases, forward-looking statements can be identified by terminology such as "may," "will," "should," "potential," "continue," "expects," "anticipates," "intends," "plans," "believes," "estimates," and similar expressions. For further cautions about the risks of investing in Tumbleweed, we refer you to the documents Tumbleweed files from time to time with the Securities and Exchange Commission, particularly Tumbleweed's Form 10-K filed March 15, 2004.

Tumbleweed assumes no obligation to update information contained in this press release, including for example its guidance regarding its future performance, which represents the Company's expectations only as of the date of this release and should not be viewed as a statement about the Company's expectations after such date. Although this release may remain available on the Company's website or elsewhere, its continued availability does not indicate that the Company is reaffirming or confirming any of the information contained herein.

###

Products

Solutions

Industry Solutions Application Solutions

Additional Information

Contact Us

Press Kit