Sydney – 18 July, 2008 – Tumbleweed® Communications Corp. (NASDAQ:TMWD), an industry leader in managed file transfer, email security, and identity validation, today announced MailGate® 3.6, the latest version of its award-winning email security product. MailGate 3.6 adds a number of compelling capabilities for government agencies and regulated industries, including S/MIME encrypted email for data loss prevention (DLP), a granular employee or user-based DLP reporting feature, and integrates the latest elliptic curve cryptography, which will help streamline future Federal Information Processing Standard (FIPS) certification.

“MailGate 3.6 answers the call from many of our public, regulated and government customers – governmental agencies, in particular, will benefit significantly from these enhancements,” said Mr. Stree Naidu, Regional Vice President Asia Pacific and Japan at Tumbleweed. “MailGate routinely gets exceptional scores in independent product reviews, particularly for our strong DLP policy engine, market-leading encryption, and superior interface. The rally cry for data loss prevention is everywhere, and Tumbleweed is one of the only vendors to successfully and effectively integrate DLP capabilities into our complete product suite. Within MailGate, these valuable outbound capabilities help protect sensitive information sent via email, which is arguably the most-used business communications channel today.”

“Since the launch of Mailgate 3.5 this time last year Australian organisations have become even more focused on how they protect data as it moves and controlling the perimeters in which information travels. We expect that both Federal and state government departments and the private sector will continue to react as positively to Mailgate 3.6 as they have to its earlier versions,” Naidu continued.

MailGate 3.6 provides customers with gateway inspection of S/MIME encrypted email for both inbound and outbound encrypted mail, thus helping prevent costly or dangerous data breaches. In addition, the added SMTP extension includes an authentication step that helps ensure the true identity of the sender is known.

MailGate DLP policies will drop any encrypted message that cannot be decrypted and reviewed for content scanning or return the message to the sender with instructions on how to send encrypted mail through MailGate. Additionally, MailGate 3.6 provides a comprehensive employee/user-based DLP “summary” report, providing insight into employee or user activity that could expose sensitive data.

Also integrated is the United States (US) NSA-approved elliptic curve cryptography technology, a move that provides one of the highest levels of security while streamlining future FIPS 140-2 and Suite B compliance renewals. FIPS 140-2 is the security requirement for cryptographic modules as defined by the National Institute of Standards for Technology (NIST) in the US. Suite B is the set of cryptographic algorithms recommended by the National Security Agency (NSA) in the US to secure classified and unclassified communications.

SAFE HARBOR STATEMENT Tumbleweed cautions that forward-looking statements contained in this press release are based on plans and expectations as of the date of the press release, and that a number of factors could cause the actual results to differ materially from the guidance given at this time. These factors are described in the Safe Harbor statement below.

Except for the historical information contained herein, the matters discussed in this press release may constitute forward-looking statements that involve risks and uncertainties that could cause actual results to differ materially from those projected, particularly with respect to the functionality of Tumbleweed’s MailGate solution. In some cases, forward-looking statements can be identified by terminology such as “may,” “will,” “should,” “potential,” “continue,” “expects,” “anticipates,” “intends,” “plans,” “believes,” “estimates,” and similar expressions. For further cautions about the risks of investing in Tumbleweed, we refer you to the documents Tumbleweed files from time to time with the Securities and Exchange Commission, particularly Tumbleweed’s Form 10-K filed March 17, 2008 and Tumbleweed’s Form 10-Q filed May 12, 2008.

Tumbleweed assumes no obligation to update information contained in this press release. Although this release may remain available on Tumbleweed’s website or elsewhere, its continued availability does not indicate that Tumbleweed is reaffirming or confirming any of the information contained herein.

About Tumbleweed Tumbleweed Communications Corp. (NASDAQ:TMWD), an industry leader in managed file transfer, email security and identity validation, provides enterprise-class solutions to organizations of all sizes. Tumbleweed’s innovative products enable organizations to effectively manage and protect business-critical Internet communications, with capabilities that span secure file transfer, encryption, data loss prevention, and email security. Tumbleweed has more than 3,300 customers worldwide, including blue-chip companies across an array of industries such as Technology, Retail, Finance, Healthcare, Manufacturing, Consumer Packaged Goods, Telecom, Energy, and the U.S. Government. The world’s most security conscious organizations rely upon Tumbleweed technology including Bank of America Securities, JP Morgan Chase & Co., the U.S. Food and Drug Administration, and the U.S. Department of Defense. Our award-winning products build on 15 years of R&D and 31 security patents in the U.S. alone – many of which are licensed by other security vendors. More information can be found at www.tumbleweed.com.

Tumbleweed and MailGate are registered trademarks of Tumbleweed Communications Corp. in the United States and/or other countries. All other trademarks are the property of their respective owners.

For further information or media interviews please contact: Cathryn van der Walt, 12 Worlds 0402 327 633 cathryn@12worlds.com