Folow us
Youtube
Twitter
Menu
We may earn affiliate commissions for the recommended products. Learn more

VPNproSecure Email

Tutanota review

Last updated Jan 18, 2024 at 12PM ET
16
Mikaela Bray
Mikaela Bray, Contributing Writer
Tutanota

If you’re reading this, there’s a good chance you’ve sent an email today. But how can you be sure that message was only read by yourself and the recipient?

It would be nice if email services were always secure. But this simply isn’t the case. In 2018, we learned that Google had permitted numerous app developers to access Gmail users’ accounts.

And Gmail isn’t alone. Many mainstream email providers offer insecure services. The messages you send via these providers is hardly ever encrypted, and their content can be intercepted in a number of ways. Moreover, hackers have managed to obtain account details from providers on multiple occasions – a sign that the companies involved don’t take email security as seriously as they should.

In response, this has led to the emergence of a cluster of genuinely secure email services. And one of the leading lights is Tutanota. So let’s explore what Tutanota encrypted email service have to offer, and why they might (or might not) be a good fit for your communication needs.

Introducing Tutanota mail: an innovative open source email provider

Tutanota mail (“secure message” in Latin) was founded in Germany in 2011 and had a radical aim. It sought to create one of the first open source email client projects which could guarantee user privacy.

At around about the time when Edward Snowden’s revelations about the NSA surfaced, Tutanota email started to become much better known, but the developers didn’t seek to take a mainstream commercialization route. The source code for Tutanota’s client is still available on Github for coders to check out, and it’s also stored on F-Droid – an open source app distribution platform.

What does Tutanota do and how does it work?

The Tutanota email service is cloud-based and uses a separate email client. Unlike some cloud email providers, Tutanota mail puts encryption at the core of everything it does. The whole point of the project is to protect every packet sent by users – to a degree that no commercial alternative had ever attempted.

You can use the client to send AES-256 encrypted mail to fellow Tutanota users, so if you like what you see, be sure to refer the company to your contacts.

However, it’s also relatively easy to send mail to people who don’t use the service. In that case, the app creates a unique Tutanota email account for each message, and if the recipient has the required password, they can access the content of the mail.

Key features of the Tutanota email client

A list of the main features offered by the Tutanota mail service gives a much fuller idea of what we’re talking about:

  • All emails are sent via end-to-end military grade (AES-128 or AES-256) encryption.
  • Passwords never pass in their entirety to Tutanota email servers. Instead, a Bcrypt hashing function is used, which sends a “fingerprint” of your password.
  • Apps are available for Android and iOS phones, as well as desktop operating systems. And the Android app is Google-free – so there’s no likelihood of the search giant intruding upon your online affairs.
  • A free service is available, which provides 1GB of storage, but comes with advertisements. After all, Tutanota email is not geared towards profits and must raise funds somehow. However, their paid-for packages come without any ads.
  • All email accounts are anonymous if desired, allowing you to send and receive messages without anyone knowing who you are. There’s no IP address logging at any stage.
  • Similarly, if you need to reset your password for any reason, Tutanota’s admins have no way of knowing this, and no access to your login details.
  • Email domain names can also be customized, just as with many mainstream email services, and this is funded by a small supplementary monthly fee.
  • All payments can be made in Bitcoin, ensuring a high level of anonymity.

All of these features are designed to deliver anonymity and privacy. However, the company does admit that some user data is required. While Tutanota email apps try to keep permissions to an absolute minimum, they do ask for:

  • Full network access
  • The ability to receive data from the internet
  • View network connections
  • Access to contact lists
  • The ability to read data from SD cards
  • Control vibration to deliver email alerts
  • Deactivate sleeping mode – again, to deliver alerts

How to use the Tutanota mail app

The company’s app functions just like a normal email client. You supply login details and set a password, and enter these into fields as you usually would.

However, there are some features that won’t be so familiar to users of mainstream services. For example, Tutanota mail recommends using their 2-factors authentication options to add an extra layer of security. This can be set up easily via the “Settings” > “Login” menu. This can entail using security keys provided by companies like YuBikey, or app-based alternatives like Authy.

Another difference is that you can’t recover your password if you lose it. So you’ll need to record both your password and a recovery code when you sign up.

Aside from that, the actual experience of using the Tutanota mail client will be very familiar, with folders, trash, spam filters, email search, attachments etc..

One other difference will appear when you send emails to external recipients. In this case, you’ll have to supply a password for each email. The recipient then uses this password to access the encrypted message.

Is Tutanota mail safe to use?

On the face of things, Tutanota seems very reliable and safe. The community attends to security issues as they arise, the encryption is top of the line, and customer feedback is generally very positive.

The only potential weakness is that the actual email encryption used by Tutanota takes place via JavaScript within the user’s browser. In 2014, the company had to admit that this vulnerability had allowed hackers to launch Cross-Site Scripting attacks. And this reliance on JavaScript remains a minor security issue.

To increase safety, many users are using a VPN (Virtual Private Network) to help anonymize them, as well as to encrypt all their data. You see, VPNs work by creating a secure tunnel for your data to be transferred through. It also helps to hide your IP address by allowing you to use another one in a location of your choosing.

Using both a VPN and Tutanota can offer you greater privacy and safety than using Tutanota alone. You can browse our Best VPNs Guide and subscribe to one of the top VPN providers, such as ExpressVPN or NordVPN.

A quick guide to troubleshooting some Tutanota issues

Another good way to get an idea of how Tutanota works is to think about a couple of common issues that all email users could confront.

Firstly, what happens if you need to recover your password? In this case, as we briefly noted earlier, you’re in trouble. There is absolutely no way to recover a lost password unless you have a recovery code which was set when you signed up.

But if someone hasn’t kept a copy of their password, they are unlikely to have the recovery code close by. The only advice for users here is to record their password and recovery code and have them ready in an emergency.

Secondly, what about deleting a Tutanota account? Can you be sure that your data is wiped clean and removed from their servers?

All free accounts are automatically deleted if the user is inactive for 6 months – including all data. And the account cannot be recycled, ensuring that the user’s privacy isn’t compromised.

If users need to remove their account before then, they can upgrade to a paid account and use Tutanota’s deletion process. Here’s how to do so:

  1. Go to the left-hand side panel on your email inbox.
  2. Choose the “Subscriptions” option and then “Upgrade.”
  3. Pick either the “Premium” or “Pro” options and whether you are a private or business user. Now proceed to payment.
  4. When that’s done, you can add “Extensions” free of charge. This includes a “Delete Account” extension.
  5. You can either completely delete your emails or choose “Take over email address” to transfer them and your contacts to a new Tutanota email account.

So, the situation isn’t ideal for free users who want to remove their account quickly. But the process is flexible and easy for paying customers.

Tutanota vs ProtonMail

Finally, it’s helpful to put Tutanota into context by comparing it to ProtonMail, which is probably the main competitor. Here’s how the two stack up:

Tutanota ProtonMail
Owning company German project run by a team of developers. It’s a profit-making organization, but is run on an open-source basis, and provides specialist support for not-for-profit organizations. It was created by the trio of Dr. Andy Yen, Jason Stockman, and Wei Sun, and is a private business.
Release date 2011 2014
Location Germany Switzerland
Free version available Premium (EUR12/year)Pro (EUR60/year) Plus (EUR48/year)Pro (EUR75/year)Visionary (EUR288/year)
Mailbox storage Premium – 1GBPro – 10GB Plus – 5GBPro – 5GBVisionary – 20GB
Max. attachment limit 25MB 25MB
Security features End-to-end 256-bit AES encryptionExternal 2FATLS encryptionGDPR compliantComplete password protectionNo trackingNo IP loggingUses only ISO 27001 certified data centers in GermanyNo targeted adsExternal content in emails must have user consentIP info is stripped from headersPhishing protectionAnonymous signupsCryptocurrency supportedSymmetric encryption with external recipients End-to-end encryptionData stored on servers is encryptedZero access to user dataUses secure implementations of AES, RSA, and PGPSwiss jurisdictionOwn and manage own data centersNo trackingZero logsAnonymous signupsCan set “self destruct” time limit for emailsAll connections SSL securedSymmetric encryption with external recipients
avatar
Mikaela Bray

Contributing Writer

Mikaela is an investigative journalist that likes to cover the ever-changing world of technology. She tries to keep her finger on the pulse of digital trends and share her insights on the most relevant topics, including big tech, security, privacy, and data breaches.

16 comments
default-avatar.

Your email address will not be published.   Required fields are marked *

  1. jd
    jd June 20, 2023 at 5PM

    thx 🍄

  2. Onceafireman
    Onceafireman May 30, 2021 at 12AM

    I used to be a Tutanota Premium user. However, I ultimately switched to Mailfence. I have encouraged many of my five siblings to make the switch from Google to the free version of Tutanota. Try it for as long as they like, then get a premium account if it suits them. After getting 4 of the 5 siblings to switch, we recently had a problem with Tutanota thinking they were spamming. There are seven of us in the email (counting my mom), so this certainly doesn’t constitute spamming. I have come to the conclusion that Tutanota is having some very poor business practices in trying to get free subscribers to pay for a premium account. The one sibling that has a premium account is the only one that did not get a notice about spamming, or “exceeded the limit” and it would be a day or two before they could resume emailing again. I do not recommend Tutanota for free or paid subscriptions because of this devious way of manipulating people.

  3. Jacob
    Jacob February 13, 2021 at 8PM

    I have a lot of emails that I’d not likely worry about sending e2e. What isn’t clear to me, is whether or not those correspondences are automatically encrypted once they land in my Tutanota inbox/outbox. In other words, is an “unencrypted” email safer in a Tutanota inbox than, say, Thunderbird?

      1. Jan Youngren
        Jan Youngren February 19, 2021 at 5PM

        Hello, Jacob. The emails that end up in your Tutanota inbox are unencrypted. So in this sense, they are not safer than they would be in Thunderbird, provided you use a password of similar strength. However, I’d say that hacking into your Thunderbird inbox without using a password would be easier when compared to Tutanota. Besides, if you use 2FA, reading your unencrypted emails becomes almost impossible.

  4. Tamaran
    Tamaran January 9, 2021 at 5PM

    If I purchase pet supplies from chewy.vom will I receive spam from them? What about other online purchases? I want to get rid of my gmail which is so inundated with spam.

      1. Mikaela Bray
        Mikaela Bray January 11, 2021 at 11AM

        Hello, Tamaran. Using a dedicated email for creating unimportant accounts is probably your best bet. I also think that such online shops should give you an option to unsubscribe from marketing-related content. But if you want to register with a Tutanota email, I think that marking it as spam once should be enough to keep your inbox clean. Good luck!

  5. ds
    ds October 12, 2020 at 12AM

    Tutanota does not work for me. I tried to sign up for a premium account. The back end would not process my credit card. Then Tutanota defaulted me to a free account, but the account can neither send nor receive email. And as a free account, I cannot contact any help or support option to fix the situation, and I cannot even close the account.

    What a mess.

  6. June L
    June L May 28, 2019 at 5AM

    I feel this one is really interesting, I totally get that have ads on the free plan, because at some point great technology never comes free, so I think if you cant afford a paying subscription the free one will be just fine.

      1. Rick P
        Rick P September 29, 2020 at 6PM

        I have the free version of Tutanota and Protonmail and I never see ads on either. I’ve never understood that.

          1. Nelg
            Nelg December 8, 2020 at 9AM

            Same here I’ve never seen ads

  7. theamulentofkings
    theamulentofkings April 11, 2019 at 2AM

    Hmmm, I like this a lot, although ProtonMail seems to be safer, at least as far as I can tell. ProtonMail doesn’t have that problem with the JavaScript, does it? Cause I would rather choose a solution that didn’t have that, if I can.

  8. colonelrogers1942
    colonelrogers1942 March 4, 2019 at 5AM

    I like this one, but ProtonMail wins by a hair for me because it’s in Switzerland. Can’t beat those Swiss privacy laws. I might be tempted to try this one out, though, just to see what it’s all about. I like the look of it, and I like the sound of military-grade encryption. Could be great paired with the right VPN.

      1. Ebrael
        Ebrael July 10, 2020 at 6AM

        Being in Switzerland does not make Protonmail immune to USA “information requests”. Protonmail maintains a dedicated office in USA, rather than Tutanota.

  9. 2ndstone
    2ndstone February 7, 2019 at 5PM

    The 1GB service with the ads is totally understandable. I mean, you are getting a great service for free so there must be a small price to pay. The Tutanota paid plans are cheaper than ProtonMail but they are probably not as secure as the later.

  10. Emily
    Emily January 27, 2019 at 5PM

    My company is at the verge of opting for a more secure mailing services with encription. Been reading about Tutanota and Proton mail and kind of confused on which to go for since they almost offer same features. Just want to ask, does Tutanota Supports two-factor authentication. and includes spam blocker??

    Thank you so much in anticipation for your responses.

      1. Mikaela Bray
        Mikaela Bray February 5, 2019 at 1PM

        Hi Emily,

Thanks for your opinion!