- Strengths & Weaknesses
- Secure… Calendars?
- Whitelabeling and Secure Connect
- Sending Emails to Non-Users
- Native Apps for Windows, macOS and Linux
- Tutanota Features Overview
Tutanota is a small, open-source email provider based out of Germany. Launched in 2011, the service has been fighting an uphill battle against the old guard, with services like ProtonMail and Hushmail founded decades prior (read our ProtonMail review as well as our Tutanota vs ProtonMail comparison). In that fight, though, this provider has established itself as one of the safest email platforms on the market.
In this Tutanota review, we’re going to talk about our experience after spending some time with the service. As a Tutanota user, we tested everything from security to settings to make sure it was up to snuff. Thankfully, it was.
For individuals looking for a free way to protect their emails, Tutanota is a great option. It’s cheap for businesses, too, though only in its base configuration. As we’ll explain throughout this review, the ways you can customize your plan can get expensive quickly.
Strengths & Weaknesses
- Excellent security
- Zero-knowledge model
- Encrypted calendars
- Responsive web app
- Whitelabel support
- Protected “Secure Connect” forms
- Add-ons can get expensive
- Shared storage
- No tiered discounts on multi-user plans
Tutanota has more features than most other secure email services, but as we’ll get to in the next section, you’ll pay for those features. Still, the service accounts for the basics and even includes a few unique features across plans.
By far the most unique feature is secure calendars. The number of calendars you can have varies based on your plan (free users have access to one), but it doesn’t cost anything to use this feature.
In short, secure calendars are, well, secure. Using the same end-to-end encryption, you can protect your appointments, reminders and more, as well as share them with other Tutanota users.
Although it’s a great feature to have around, these calendars aren’t as decked out with options as something like Google Calendar. The calendar feature is still in active development, with options like “calendar search” and “events from email” coming soon.
Whitelabeling and Secure Connect
On business plans, for an extra fee, you can whitelabel your email service with your business’ logo, colors, meta tags and more. Whitelabeling certainly isn’t a feature unique to Tutanota, but it’s nice to have around if you want more control over your encrypted email service.
Much more interesting is “secure connect.” If you run a website and want visitors to contact you over an encrypted channel, “secure connect” is for you. It’s basically a form for your website, just one that’s end-to-end encrypted. Using the same secure email servers as your personal emails, visitors on your website can contact you through a “secure connect” form.
The problem, though, is that it’s expensive. Like nearly all of Tutanota’s features, you’re charged extra for “secure connect.” You’re just charged a lot more for this feature, compared to its other features. Each form runs 240 euros (around $270) per year, and if you’re paying monthly, it costs 24 euros (around $27) each month. CounterMail offers a similar feature and it’s free, however, Tutanota’s version is better (read our CounterMail review).
Sending Emails to Non-Users
Although it’d be great to get all of your friends to use Tutanota, that’s probably not going to happen. Thankfully, you can easily send messages to non-Tutanota users. When composing a message, if you put a non-Tutanota email in the “to” box, a password field will appear. Set a password, make sure your recipient knows it and click “send.”
Tutanota creates a new mailbox for that recipient, which they can access with the password you set. The inbox doesn’t have all of the settings of a full account, but it offers a way for non-users to communicate with subscribers over an encrypted channel.
Native Apps for Windows, macOS and Linux
Although unexciting, Tutanota has native apps for Windows, macOS and Linux. No matter how safe the service is, there are inherent flaws with web-based email. Tutanota gives you the option to use a desktop application purpose-built for the service, with no need to fuss around with IMAP or POP protocols. If you’re on mobile, there are apps for Android and iOS, too.
Tutanota Features Overview
|Custom Domain Support|
|Supported Platforms||Android, iOS, Web|
|Email Support||Paid users only|
|Live Chat Support|
Tutanota takes an interesting approach to pricing. Technically, there are four plans split between private and business use. The “plans” are better defined as “bundles,” though. You can build on the free plan with more storage, more email aliases and other features.
Everything starts with the free plan, though, and Tutanota’s offering is solid (Hushmail could use a few pointers on this front). The free version includes 1GB of storage for a single user, and you can only use a tutanota.com email address. You’re also limited to a single calendar and can’t use the full power of search in your inbox.
Up a tier at the Premium plan, you gain the ability to add users to your account (same price as the base subscription per user) as well as email support and expanded search functionality. The oddball is the Teams plan. It includes two user accounts, 10GB of storage and calendar sharing, but it comes with only two user accounts and is limited in its stock form.
Most of the plans are limited in their stock form, really. For instance, aliases top out at five, even on Teams. You can purchase more, but for a significant price. An additional 100 email aliases will run you the same price as a Teams subscription per year.
Business Plans and Extras
Above Teams is the Pro plan. It’s expensive and, like Teams, comes with only two users in its base configuration. It has some extra goodies, though, including custom domain login, contact forms and full whitelabeling. However, at nearly twice the price of the Teams plan, Pro is hard to justify, even for large businesses.
Tutanota isn’t expensive, but with all of the add-ons, it can be, especially considering there aren’t any tiered discounts for multi-user plans. Beyond that, though, there are too many stipulations for each configuration. You’re limited in email aliases, your storage is shared between all users and the prices are only displayed in euros, so you’re up to the mercy of the current exchange rate.
There’s a silver lining for nonprofits, though. Schools and nonprofits receive a 50-percent discount for each user. If you’re operating a nonprofit in Austria, Belgium, Canada, France, Germany, Italy, the Netherlands or Sweden, you can apply for a free nonprofit account, too.
As for refunds, you can get your money back if you cancel early. Tutanota doesn’t have a full refund policy, though. Rather, you’ll receive a prorated refund if you cancel your subscription prior to the end of the billing cycle.
Ease of Use
Signing up for Tutanota is a breeze, with a large “sign up” button living in the top menu of the website. After clicking it, you’ll be brought to a checkout page with the various plans available. Once you’ve chosen one, enter your new email address, set a password and you’ll be on your way.
You’ll get a recovery code after, which you should mark down. Tutanota doesn’t see or store your password (which we’ll discuss more in the “security” and “privacy” sections), so the recovery code is the only way to access your account if you forget your password.
Inside the web application, Tutanota has a standard setup. There are some categories on the left side, you can find your contacts and calendar in the top-right corner, and the settings button is nestled in the bottom-left corner. It’s a standard layout, but it works well. In fact, it works better than most other secure email providers.
The web interface feels very responsive, with little to no lag when jumping between different screens. Thankfully, the same is true for the desktop clients. Everything has its place, and those placements work. When it comes down to it, though, the actual feeling of using Tutanota is far better than other email providers.
Digging Into the Settings
Tutanota is dense with settings. From changing spam rules for specific email addresses to storing your encrypted IP in audit logs, there’s a setting for just about everything.
Furthermore, you can upgrade your account from the settings panel. It isn’t an advertisement or checkout page. Rather, you can increase your storage, add email aliases and more, all without leaving your inbox.
What’s great about the settings is that they’re complex yet accessible. Because Tutanota feels so responsive, the settings are much more inviting, even if they’re advanced.
When it comes to security, Tutanota pulls out all the stops. Depending on your recipient, the service uses either symmetric encryption with AES-128 or asymmetric encryption with RSA-2048 (read our description of encryption to learn more about those).
If you’re sending emails between two Tutanota users, asymmetric encryption is used. The password you set when sending to non-users is for symmetric encryption.
Your emails are safe, but like other email platforms, there are some things that aren’t encrypted, including the email address of the sender and recipient (read our guide on email security for more). However, unlike OpenPGP providers, Tutanota encrypts the subject line of emails, as well as attachment names.
Encryption happens locally on your device, making Tutanota a true end-to-end encrypted service. In transit, your emails are protected with an SSL/TLS tunnel abiding by the best standards, including perfect forward secrecy.
Zero-Knowledge Model and Password Security
Beyond encrypted emails, Tutanota protects your account, too. In short, if a process can happen locally on your device, it will, free of servers you can’t control. For your password, there’s a zero-knowledge model in place. Instead of using your raw password, it sends a version that’s been hashed and salted, which is used to authenticate your account.
Just like your password, Tutanota can’t see your private encryption key, either. Instead of generating the key on its servers, the key is generated locally when you create an account, then encrypted with your password. In practice, this means Tutanota doesn’t have access to your private key and thus can’t decrypt your messages.
Beyond these behind-the-scenes protections, there are other ways to protect your account. With support for the best 2FA apps and U2F two-factor authentication, you can lock down your account as much as you want. The platform is open source, too, so there have been a lot of eyes on the source code.
There’s not much to talk about when it comes to privacy. Tutanota has a zero-knowledge model, but it’s better described as host-proof hosting. Put simply, even if it wanted to collect information about you, there are too many safeguards in place to allow that to happen.
As for what data it collects, the service stores your new email address and payment information. That’s it. Tutanota also monitors IP addresses for the purposes of diagnostics. However, all IP addresses are put through an anonymization process, so it’s not considered a piece of personal information.
Tutanota gets a lot right, with a wide range of features, top-notch security and a wonderfully optimized interface. The problem is the price for certain configurations. For individual users, it’s a no-brainer, with the generous free plan at the ready. Businesses may need more add-ons, and although Tutanota affords you that flexibility, it does so at a significant cost, depending on your configuration.
We want to point out, though, that while the extras can get expensive quickly, the business plans themselves are dirt cheap. If you’re working with a small team and don’t need a lot of extras, you should definitely consider this service.
What do you think, though? Are you going to sign up for a free account? Let us know in the comments below and, as always, thanks for reading.
- Tutanota offers a free plan that includes full encryption for your emails at a single address, as well as 1GB of storage. The paid version comes with some extras, including custom domain support and email aliases.
- The name comes from the Latin words “tuta” and “nota,” which roughly translates to “safe note.”
- Tutanota is a privately owned company based in Germany. Currently, it has fewer than 10 employees managing millions of users across the world.