OverviewEmail Security SecureTransport Validation Authority                          
OverviewIndustry Solutions Application Solutions                                                                     
OverviewPortal Login Consulting Training Contact                                           
Overview Find a Partner Apply Now Technology                         
 
 

Tumbleweed Press Releases

Tumbleweed Announces Availability of Email Authentication Engine To Stop Spoofing, Spam and Phishing

New Tumbleweed Product Drops Into Existing Networks, Simplifying Email Authentication

Redwood City, CA - March 24, 2004 - Tumbleweed® Communications Corp. (NASDAQ:TMWD), a leading provider of secure Internet messaging software and appliances for enterprises and government agencies, today announced the immediate availability of the Tumbleweed Email Authentication Engine. This next-generation technology, which is integrated with the Tumbleweed Email Firewall, both simplifies and automates the process for authenticating inbound and outbound enterprise email.

While businesses increasingly rely upon email to communicate, trust in email has eroded due to the growth of spam, email spoofing and phishing, as well as a continuing string of email-borne viruses and worms. Tumbleweed's new Email Authentication Engine restores that confidence and trust by allowing recipient gateways and users to transparently verify the source of an email message.

"Spam and phishing problems exist, to some extent, because it is not possible to verify who sent an unsolicited message," said Jeff Smith, Chairman and CEO of Tumbleweed Communications. "The Tumbleweed Email Authentication Engine adds a new dimension to the fight against spoofed email, allowing enterprises to send trusted outbound email to customers and verify inbound trusted email from business partners. As a result, we can provide enterprises with reduction in both the success of phishing attacks on their brand and the likelihood of false positives in their spam filters."

Tumbleweed's first priority in releasing the Email Authentication Engine was to support leading email authentication standards that exist today, to provide immediate effectiveness in fighting spoofing, spam and phishing. That is why this first release of the Email Authentication Engine supports S/MIME, the de facto standard for email security, enabling the signing and/or encryption of email messages.

The Email Authentication Engine provides a turn-key approach to email authentication that is easy and cost effective to manage. Inbound and outbound S/MIME digital signature policies are automatically applied at the gateway. No training of enterprise senders is required. Unlike other anti-phishing solutions, digital certificates or special software does not have to be issued to customers. And unlike S/MIME desktop encryption, S/MIME digital signatures do not require an implementation of public key infrastructure (PKI) and complex digital certificate management.

"Multiple email authentication approaches have been proposed to stop the problem of email "spoofing", spam, and phishing," said Matt Cain, Senior Vice President of META Group. "Through the end of 2005, we expect to see increasing adoption of several leading domain authentication approaches, with no clear winner. These approaches include Microsoft's Caller-ID, the Sender Policy Framework (SPF), and Yahoo! DomainKeys proposals. In the short term, we anticipate that existing email sender authentication standards such as S/MIME digital signatures will be implemented on a unilateral basis to stem the flow of spam, diminish other unsavory email practices, and give customers and partners proof that enterprise email communications are valid."

Trusted Outbound Communication with S/MIME Digital Signatures - "SSL for Email"
The Email Authentication Engine allows enterprises to automatically apply S/MIME digital signatures to select outbound email at the gateway, based on policy. When recipients open a digitally signed email, they see a ribbon or icon displayed by the email client, indicating that the message has not been forged or spoofed. In the same way that the padlock icon in a Web browser represents a trusted SSL connection, the ribbon icon in an S/MIME-enabled email client represents a trusted sender. In this way, S/MIME digital signatures allow enterprises to provide positive proof to customers and partners that email can be trusted.

For email sent with an invalid signature, an S/MIME-enabled email client will notify the recipient with a warning message. This means that spammers and phishers who attempt to digitally sign spoofed email will have their messages flagged as invalid and untrusted. S/ MIME-enabled email clients include Microsoft Outlook, Outlook Express, Lotus Notes, and Novell Groupwise.

"Our objective with this first release of the Tumbleweed Email Authentication Engine was to combine S/MIME's unspoofable cryptographic strengths with its simplicity and ubiquity to proactively address spam and phishing," said Ken Beer, Director of Product Management at Tumbleweed Communications. "With over 350 million email clients natively supporting S/MIME digital signatures today, it is clearly the right standard to leverage."

Trusted Inbound Business Email Using S/MIME Digital Signatures
Beyond providing trust for outbound customer email, the Email Authentication Engine uses S/MIME digital signature validation to authenticate inbound email from select business partners. By configuring policies that only accept valid, digitally signed email from specific business partner domains, enterprises can ensure that business critical email from customers or partners bypasses spam filters and does not get captured as false positives. In this way, the Email Authentication Engine effectively provides authenticated whitelisting functionality for the Tumbleweed Email Firewall product or other downstream spam filters in the enterprise. Moreover, businesses can now transparently authenticate each other's email at the gateway, thereby reducing the need for traditional content-based spam filtering of business email.

"Enterprises need a way to make sure email from critical business partners gets delivered securely," said Joe Fisher, Vice President of Product Marketing at Tumbleweed Communications. "By providing an easy-to-deploy authentication solution for inbound email based on S/MIME, our customers don't have to worry about important emails getting quarantined or dropped."

About Tumbleweed's Email Authentication Engine
Tumbleweed's Email Authentication Engine validates the sender of inbound and outbound email at the enterprise's Internet gateway, using a variety of email authentication protocols. The Email Authentication Engine plugs into Tumbleweed's Email Firewall to provide a robust set of email authentication services integrated with a comprehensive email security and hygiene capabilities. The Email Authentication Engine provides a turn-key approach to email authentication that is easy and cost effective to manage, with inbound and outbound S/MIME digital signature policies automatically applied at the gateway, and no training of enterprise senders required. Unlike other anti-phishing solutions, digital certificates or special software does not have to be issued to customers. And unlike S/MIME desktop encryption, S/MIME digital signatures do not require a complex PKI.

About Tumbleweed's Email Firewall
Tumbleweed Email Firewall has been recognized as the #1 enterprise software solution for fighting spam according to Network World ( http://www.nwfusion.com/reviews/2003/0915spam.html ), and the #1 email firewall software for large enterprises by Information Security Magazine. Tumbleweed Email Firewall protects, filters and secures email traffic at the Internet gateway with an integrated set of anti-spam, anti-virus, intrusion detection, content filtering, email relay, encrypted messaging, and email authentication capabilities -- minimizing email communications risks and reducing email management costs. Tumbleweed Email Firewall is used by over 400 of the largest, most demanding messaging infrastructures in the world, and is available in both appliance and software editions.

About Tumbleweed Communications Corp.
Tumbleweed is a leading provider of secure Internet messaging software and appliances for enterprises and government agencies . By making Internet communications secure, reliable and automated, Tumbleweed's email firewall, anti-spam appliance, secure file transfer, secure email, and identity validation solutions help customers significantly reduce the cost of doing business. Tumbleweed products are used by millions of end-users and tens of thousands of corporations. Tumbleweed customers include ABN Amro, Bank of America Securities, Catholic Healthcare West, JP Morgan Chase & Co. , The Regence Group (Blue Cross/Blue Shield), St. Luke's Episcopal Healthcare System, the US Food and Drug Administration, and the US Navy and Marine Corps. Tumbleweed Communications was founded in 1993 and is headquartered in Redwood City , Calif. For additional information about Tumbleweed go to www.tumbleweed.com or call 650-216-2000.

SAFE HARBOR STATEMENT
Tumbleweed cautions that forward-looking statements contained in this press release are based on current plans and expectations, and that a number of factors could cause the actual results to differ materially from the guidance given at this time. These factors are described in the Safe Harbor statement below.

Except for the historical information contained herein, the matters discussed in this press release may constitute forward-looking statements that involve risks and uncertainties that could cause actual results to differ materially from those projected, particularly with respect to the characteristics of different Internet technologies as well the features and performance of Tumbleweed's solutions. In some cases, forward-looking statements can be identified by terminology such as "may," "will," "should," "potential," "continue," "expects," "anticipates," "intends," "plans," "believes," "estimates," and similar expressions. For further cautions about the risks of investing in Tumbleweed, we refer you to the documents Tumbleweed files from time to time with the Securities and Exchange Commission, particularly Tumbleweed's Form 10-K filed March 15, 2004.

Tumbleweed assumes no obligation to update information contained in this press release, including for example its guidance regarding its future performance, which represents the Company's expectations only as of the date of this release and should not be viewed as a statement about the Company's expectations after such date. Although this release may remain available on the Company's website or elsewhere, its continued availability does not indicate that the Company is reaffirming or confirming any of the information contained herein.

###

Products

Solutions

Industry Solutions Application Solutions

Additional Information

Contact Us

Press Kit