π’ Trust Rating: High
Tutanota offers strong encryption, competitive pricing, and commitment to privacy, though German jurisdiction requires legal compliance.
What is Tutanota?
Tutanota (recently rebranded to just "Tuta") is an end-to-end encrypted email service based in Germany, founded in 2011. Built with privacy-first principles, it's become a major ProtonMail competitor, offering similar security at lower prices.
Key Features
Security Architecture
- End-to-end encryption - All emails, contacts, calendars
- Encrypted subject lines - Unlike most providers
- Post-quantum cryptography - Future-proofing encryption
- Perfect forward secrecy - New keys for each session
- Encrypted storage - Everything encrypted at rest
Privacy Features
- No tracking - Zero analytics or ads
- Anonymous signup - No phone number required
- Open source - Fully audited clients and crypto
- Minimal metadata - Stripped from emails
- Encrypted calendar - Included free
German Jurisdiction: Pros and Cons
Advantages
β Strong privacy laws (GDPR)
β Not Five Eyes member
β Constitutional privacy rights
β Data protection culture
Concerns
β Fourteen Eyes member
β Must comply with court orders
β EU data retention debates
β Intelligence sharing agreements
Pricing Structure
Free Plan
- 1 GB storage
- 1 email address
- Limited search
- Encrypted calendar
- Mobile apps
Revolutionary (β¬1/month)
- 10 GB storage
- 5 aliases
- Unlimited folders
- Email support
- Custom domain support
Legend (β¬8/month)
- 500 GB storage
- 25 aliases
- 10 users
- Phone support
- Whitelabel option
Technical Details
Encryption Implementation
```
Tutanota uses:
- AES 256 symmetric encryption
- RSA 2048 asymmetric encryption
- Custom protocol (not PGP)
- Automatic key management
```
What's Encrypted
β Email body
β Attachments
β Subject lines
β Contact details
β Calendar entries
What's NOT Encrypted
β Sender/recipient addresses (legal requirement)
β Timestamps
β IP addresses (deleted after 7 days)
β Emails to non-Tutanota users (unless password-protected)
Tutanota vs. ProtonMail
Tutanota Advantages
- Cheaper - β¬1/month vs $4.99/month
- Encrypted subjects - ProtonMail doesn't by default
- Simpler interface - Less feature bloat
- Faster development - More frequent updates
ProtonMail Advantages
- PGP compatible - Industry standard
- Swiss jurisdiction - Arguably stronger
- More features - Drive, VPN, etc.
- Larger user base - Network effects
Controversies and Incidents
2020 DDoS Attacks
- Sustained attacks demanding ransom
- Service disrupted for days
- Refused to pay
- Improved infrastructure after
Legal Compliance
- Must comply with German court orders
- Has provided metadata when ordered
- Cannot decrypt content
- Transparent about requests
Security Audit Results
2021 Cure53 Audit
- No critical vulnerabilities
- Minor issues fixed immediately
- Cryptography validated
- Open source verified
2023 Security Review
- Post-quantum crypto added
- Architecture improvements
- Mobile app hardening
- Ongoing bug bounty program
When to Use Tutanota
Perfect For
- Privacy beginners - Simple, affordable
- Small businesses - Cost-effective
- Personal use - Gmail alternative
- Activists - Strong encryption
- Europeans - GDPR protection
Not Ideal For
- PGP compatibility needs
- Large attachment requirements
- Complex organizational needs
- Integration with other tools
Setup Best Practices
Account Creation
- Use VPN/Tor for signup
- Choose unique username
- Strong password (20+ characters)
- Save recovery code offline
- Enable 2FA immediately
Ongoing Security
- Regular password updates
- Monitor login attempts
- Use app passwords for devices
- Keep recovery codes safe
- Review account activity
Unique Features
Encrypted Calendar
- Included free
- Share encrypted events
- Reminders
- Mobile sync
- No Google Calendar needed
Secure Connect
- Encrypted contact forms
- No account needed for sender
- CAPTCHA spam protection
- Business feature
Whitelabel Option
- Custom branding
- Your domain
- Remove Tutanota branding
- Business plans only
Mobile Apps
Android/iOS Features
- Full encryption
- Push notifications
- Offline access
- Fingerprint unlock
- Dark mode
Desktop App
- Windows, Mac, Linux
- Offline access
- System integration
- Automatic updates
- No browser needed
Common Issues
Search Limitations
Free accounts have limited search:
- Recent emails only
- Upgrade for full search
- Local search in desktop app
External Email Encryption
To non-Tutanota users:
- Password protection required
- Recipients need password
- Or emails sent unencrypted
- Consider user education
Custom Domain Setup
- Requires paid plan
- DNS configuration needed
- SPF/DKIM/DMARC setup
- May affect deliverability initially
Privacy Tips
Maximum Anonymity
- Sign up via Tor
- Use cryptocurrency for payment
- Fake details where allowed
- Separate identity from real life
- Access only via VPN/Tor
Avoid
- Real name in address
- Linking to phone
- Using for illegal activities
- Mixing identities
- Forgetting password (no recovery)
The Bottom Line
Choose Tutanota when:- Budget matters
- Simplicity preferred
- EU jurisdiction acceptable
- Basic encryption needs
- Starting privacy journey
- Need PGP compatibility
- Require extensive features
- Want Swiss jurisdiction
- Need enterprise features
β οΈ Important Limitations
- Not compatible with standard email clients
- No PGP support
- German legal compliance required
- Limited third-party integration
Frequently Asked Questions
Is Tutanota really secure?
Yes, the encryption is properly implemented and audited. However, they must comply with German law.
Can Tutanota read my emails?
No, emails are encrypted with your password. Tutanota cannot decrypt them.
Why is it so cheap?
Efficient operations, fewer features than competitors, and sustainable business model.
Should I choose Tutanota or ProtonMail?
Tutanota for budget and simplicity. ProtonMail for features and Swiss jurisdiction.
Can I use my own domain?
Yes, with paid plans. Full custom domain support with DNS configuration.
Getting Started
Ready for Encrypted Email?
Start with Tutanota's generous free tier to test the service.
Get Tutanota β