Monthly newsletter Weekly news roundup Breaking news notification      

New e-mail authentication engine launched to stop spoofing, spam and phishing

Get free weekly news by e-mailTumbleweed Communications Corp., a provider of secure Internet messaging software and appliances for enterprises and government agencies, has announced the immediate availability of the Tumbleweed Email Authentication Engine. This next-generation technology, which is integrated with the Tumbleweed Email Firewall, both simplifies and automates the process for authenticating inbound and outbound enterprise e-mail.

While businesses increasingly rely upon e-mail to communicate, trust in e-mail has eroded due to the growth of spam, e-mail spoofing and phishing, as well as a continuing string of e-mail-borne viruses and worms. Tumbleweed's new Email Authentication Engine restores that confidence and trust by allowing recipient gateways and users to transparently verify the source of an e-mail message.

"Spam and phishing problems exist, to some extent, because it is not possible to verify who sent an unsolicited message," said Jeff Smith, chairman and CEO of Tumbleweed. "The Email Authentication Engine adds a new dimension to the fight against spoofed e-mail, allowing enterprises to send trusted outbound e-mail to customers and verify inbound trusted e-mail from business partners. As a result, we can provide enterprises with reduction in both the success of phishing attacks on their brand and the likelihood of false positives in their spam filters."

Tumbleweed's first priority in releasing the Email Authentication Engine was to support leading email authentication standards that exist today, to provide immediate effectiveness in fighting spoofing, spam and phishing. That is why this first release of the E-mail Authentication Engine supports S/MIME, the de facto standard for email security, enabling the signing and/or encryption of email messages.

The Email Authentication Engine provides a turn-key approach to e-mail authentication that is easy and cost effective to manage. Inbound and outbound S/MIME digital signature policies are automatically applied at the gateway. No training of enterprise senders is required. Unlike other anti-phishing solutions, digital certificates or special software do not have to be issued to customers. And unlike S/MIME desktop encryption, S/MIME digital signatures do not require an implementation of public key infrastructure (PKI) and complex digital certificate management.

"Multiple email authentication approaches have been proposed to stop the problem of email spoofing, spam, and phishing," commented Matt Cain, senior vice president of META Group. "Through the end of 2005, we expect to see increasing adoption of several leading domain authentication approaches, with no clear winner. These approaches include Microsoft's Caller-ID, the Sender Policy Framework (SPF), and Yahoo! DomainKeys proposals. In the short term, we anticipate that existing e-mail sender authentication standards such as S/MIME digital signatures will be implemented on a unilateral basis to stem the flow of spam, diminish other unsavoury e-mail practices, and give customers and partners proof that enterprise email communications are valid."

www.tumbleweed.com

Date: 25th March 2004 •Region: N.America / World •Type: Article •Topic: IT continuity
Rate this article or make a comment - click here


Copyright 2004 Portal Publishing LtdPrivacy policyContact usSite mapNavigation help