Tumbleweed Announces New Release of Email Firewall To Stop Email Phishing Scams and Improve Anti-Spam Effectiveness

REDWOOD CITY, Calif.–(BUSINESS WIRE)–Oct. 27, 2003– Tumbleweed Communications Corp. (Nasdaq:TMWD), a leading provider of mission-critical Internet communications software products for enterprises, financial services, healthcare and government, today announced the release of Tumbleweed MMS(TM) 5.6, a major enhancement of Tumbleweed’s email firewall. This new release offers enterprises new anti-spam management features providing improved visibility and feedback of spam-blocking efforts, and additional protection against email fraud and phishing scams via digital signing of email messages.

Improved Spam Management

Tumbleweed’s email firewall is one of the top anti-spam solutions for enterprises, according to Network World magazine. It is used to block tens of millions of messages per day by hundreds of enterprise customers. Tumbleweed MMS 5.6 introduces a number of new anti-spam management capabilities that provide better visibility and feedback of spam blocking efforts, so that IT organizations can improve the effectiveness of their anti-spam efforts and reduce the total cost of ownership (TCO). These features include:

— Automated forwarding of false positives to Tumbleweed’s Message Protection Lab for refinement of Tumbleweed’s heuristic anti-spam rules
— New spam reports including capture and false positive rates
— Improved dashboard visibility and control of the spam analysis queue

“For most organizations, spam is the single greatest threat to the stability, security, and usefulness of their email system,” said Matt Cain, Vice President of the META Group. “Due to the dire nature of spam, most IT groups are encountering little trouble in finding funding for spam-blocking/filtering tools. We believe that organizations should use this situation as an opportunity to bring world-class email hygiene and security to their messaging infrastructure by acquiring integrated tools that handle multiple email hygiene duties, including anti-spam. These types of tools promote efficiencies at the operational level (e.g. open a message once to scan for spam, viruses, and content) and at the management level (e.g., common interface, single point of control) as well as minimize vendor product conflicts.”

Stopping Phishing Email Scams

In addition to the growing volume of spam messages, a new, more sinister trend of using spam techniques to perpetrate e-mail scams has begun to emerge. Phishing attacks involve the mass distribution of ‘spoofed’ e-mail messages with return addresses, links, and branding which appear to come from banks, insurance agencies, retailers or credit card companies. These fraudulent messages are designed to fool the recipients into divulging personal authentication data such as account usernames and passwords, credit card numbers, social security numbers, etc. Because these emails look “official,” up to 20% of recipients may respond to them, resulting in financial losses, identity theft, and other fraudulent activity.

Tumbleweed MMS 5.6 helps solve this problem with a two-pronged approach. For inbound email messages to an organization, Tumbleweed’s Dynamic Anti-spam Service continuously updates the e-mail firewall with new heuristic rules, as new phishing attacks are identified. These heuristics utilize a number of different techniques for blocking phishing attacks, including identifying the IP addresses and URLs of known phishing scams. This helps protect email recipients within an organization.

For outbound email messages sent by an organization to its customers, Tumbleweed gives organizations the ability to automatically add digital signatures to outbound email messages at the Internet gateway. This allows customer and business partner recipients to be sure that the messages they receive are authentic. All of the leading email clients, including Microsoft Outlook and Lotus Notes already support the verification of standard digital signatures, so customers receiving digitally signed email messages can easily distinguish them from fake ‘spoofed’ emails. Because Tumbleweed MMS does this digital signature work at the Internet gateway, and not the sender’s desktop, organizations don’t need to implement a costly PKI digital certificate infrastructure to use this standards-based solution. This allows organizations to help protect their customers from scams, and their brands from theft.

“We are seeing this new form of email fraud called ‘phishing’ sweep across the Internet,” said Dave Jevans, Senior Vice President of Marketing for Tumbleweed Communications. “And we are hearing from our customers that phishing attacks are successful 20% of the time. Enterprises need to help their customers distinguish valid email from fake. We feel that the best way to do this is to leverage existing standards for digital signatures to make email “spoof-proof.”

About Tumbleweed’s MMS Email Firewall

The Tumbleweed MMS(TM) email firewall is rated by Information Security Magazine as the #1 email firewall software for large enterprises, and is currently in use at over 400 of the largest, most demanding messaging infrastructures in the world. Tumbleweed MMS is an enterprise-class email firewall for protecting, filtering and securing email traffic at the Internet gateway. MMS manages the organization’s mission-critical email stream with an integrated set of anti-spam, anti-virus, anti-hacker, content filtering, email relay, and encrypted messaging capabilities — minimizing email communications risks and reducing email management costs.

Organizations use MMS to protect their networks from hacker, virus and spam threats; comply with email regulations (SEC, NASD, HIPAA, GLB, FDA); enforce email communications and security policies; and securely communicate with customers, partners and suppliers. Tumbleweed MMS complements and works seamlessly with corporate email servers such as Microsoft Exchange, Lotus Notes, Novell Groupwise and a variety of UNIX-based email servers. The product is available as both a software package for larger companies, or as an appliance that provides enterprise level protection and management capabilities to small and mid-sized companies.

About Tumbleweed Communications Corp.

Tumbleweed is a leading provider of mission-critical Internet communications software products for enterprises, financial services, healthcare and government. By making Internet communications secure, reliable and automated, Tumbleweed’s anti-spam email firewall, secure file transfer, secure email, and identity validation solutions help customers significantly reduce the cost of doing business. Tumbleweed products are used to communicate with millions of end-users and tens of thousands of corporations. Tumbleweed has more than 600 enterprise customers, including ABN Amro, Bank of America Securities, Catholic Healthcare West, JP Morgan Chase & Co., The Regence Group (Blue Cross/Blue Shield), Society for Worldwide Interbank Financial Telecommunication (SWIFT), St. Luke’s Episcopal Healthcare System, the US Food and Drug Administration, and the US Navy and Marine Corps. Tumbleweed Communications was founded in 1993 and is headquartered in Redwood City, California. For additional information about Tumbleweed go to www.tumbleweed.com or call 650-216-2000.

Tumbleweed cautions that forward-looking statements contained in this press release are based on current plans and expectations, and that a number of factors could cause the actual results to differ materially from the guidance given at this time. These factors are described in the safe harbor statement below.

Safe Harbor Statement

Except for the historical information contained herein, the matters discussed in this press release may constitute forward-looking statements that involve risks and uncertainties that could cause actual results to differ materially from those projected, particularly with respect to potential sales of Tumbleweed products and the ability of such products to stop spam and/or phishing attacks. In some cases, forward-looking statements can be identified by terminology such as “may,” “will,” “should,” “potential,” “continue,” “expects,” “anticipates,” “intends,” “plans,” “believes,” “estimates,” and similar expressions. For further cautions about the risks of investing in Tumbleweed, we refer you to the documents Tumbleweed files from time to time with the Securities and Exchange Commission, particularly Tumbleweed’s Form 10-K filed June 4, 2003, Form 10-Q filed August 14, 2003, Form S-3/A filed September 18, 2003 and Form 8-K filed October 21, 2003.

Tumbleweed assumes no obligation to update information contained in this press release, including for example its guidance regarding its future performance, which represents the Company’s expectations only as of the date of this release and should not be viewed as a statement about the Company’s expectations after such date. Although this release may remain available on the Company’s website or elsewhere, its continued availability does not indicate that the Company is reaffirming or confirming any of the information contained herein.