Tutanota was founded in 2011 in Hanover, Germany, and has since provided a privacy-focused and secure email service to millions of users. It offers end-to-end encryption for all its products, including email, calendars and contacts. Our Tutanota review will go over the email service’s security, privacy and pricing aspects to show why it’s one of the most secure email services.
Key Takeaways: Tutanota Secure Email Service
- Tutanota email service offers end-to-end encryption and excellent privacy for all users, making it a great Proton Mail alternative.
- It offers features like encrypted email, calendars, contacts, contact forms and full-text search.
- Tutanota offers a free plan with 1GB of storage and other affordable plans for private and business users.
If you’re looking for a quick summary, Tutanota is one of the top two secure email services, but it comes just short of beating Proton Mail as the best encrypted email service. It makes a great Proton Mail alternative, but as you can see in our Tutanota vs Proton Mail matchup, it falls short in pricing and ease of use.
Tutanota offers its encrypted mailbox for free with 1GB storage. The application has many features, but you need to purchase most of them as add-ons, making the service slightly more expensive. However, the free version is still a great option if you can live with a few limitations.
01/14/2023 Facts checked
Rewrote this review after completing a fresh evaluation of the service.
Strengths & Weaknesses
- End-to-end encryption
- No-logs policy
- Zero-knowledge contacts & calendar
- Encrypted subject line
- No personal information required for registration
- Offline mode
- 48-hour verification process
- Expensive add-on features
Although most of the features offered are not unique to Tutanota, it has a few features that make it stand out from competing email services. Let’s discuss some of the service’s best and most notable features.
Most business websites have contact forms for customers to submit messages, but not all of them are secure enough to maintain the secrecy of your messages. The “secure connect” feature offers a contact form with end-to-end encryption to ensure that only you and the customer can decrypt the emails.
An encrypted contact form provides an anonymous email to the sender along with a password, so they can re-access it for back-and-forth communication. Tutanota has made the feature free for news sites because of how valuable the security and anonymity are to journalists and whistleblowers, though other users have to pay for it.
Encrypted Calendar and Contacts
If someone has access to your calendar or address book, they can easily find out about your upcoming meetings and even get their hands on people’s contact information. Tutanota encrypts all your contacts and calendar events — even the reminders for your calendar meetings are encrypted.
The calendar is encrypted using a zero-knowledge model, so not even Tutanota itself can decrypt the data in your calendar and address book.
Custom Domains and Themes
Tutanota allows you to use your company’s custom domain in place of @tutanota.com, helping you to maintain your brand identity while using their service. You only need to buy custom email domains from any domain provider and add them to Tutanota to use multiple custom domains on your primary email account.
Additionally, advanced Tutanota features enable you to customize your email experience to match the needs of your business with your business’s meta tags, colors and logo. Your employees can also access the customized email through the company website.
Email aliases are alternative email addresses that you can use on Tutanota in addition to your primary email address for sending and receiving emails. Suppose you want to sign up for a newsletter or access a website that requires registration. In this case, you can use an email alias to hide your digital footprint and personal information from prying eyes.
The emails sent to your email aliases are automatically forwarded to your primary Tutanota mailbox. When combined with inbox rules, email aliases are a helpful tool for organizing your emails. For example, you can set one alias to receive newsletters and another to receive personal emails.
The spam filter automatically transfers any spam emails to the spam folder after checking them against the DNS spam lists. However, because the spam filter is still in the test phase, phishing emails often slip through the cracks.
Tutanota is one of the few secure email providers that offer full-text email search. Apart from searching using the sender’s email address or a search query in the subject line, you can also search for a keyword or query in the bodies of emails in your storage. Even better, you can easily search each folder separately to save time.
Tutanota offers an offline mode. You can still access your already opened emails, all contacts and calendars without an internet connection, saving you from downloading your emails to your devices and using up storage space.
Unlike local storage, which lacks encryption, your data is protected in Tutanota’s offline mode. However, you cannot access incoming emails or emails older than 31 days in the offline mode.
Tutanota Features Overview
|RSA, AES, TLS, Perfect Forward Secrecy, DNSSEC, DKIM, MTA-STS, DMARC
|Custom Domain Support
|Android, iOS, Web
|Paid users only
|Live Chat Support
With Tutanota, you can choose between free or paid subscriptions. It offers reasonably priced plans, but customizing your plan will increase the cost. There are six different plans, including a free account and five paid account options. Three are for private use and the other three for business use. As a Tutanota premium user, you have the option to pay for the plans monthly and yearly.
Free Account Details
The service’s free plan, which provides 1GB of free storage, is its most appealing feature. Even though it might seem small, encrypted emails compress to take up less space, allowing you to store more encrypted emails with just 1GB of storage. However, the free plan does have some limitations.
As no custom domains are available with the free plan, you can only use one email address, which must use the @tutanota.com domain. A single calendar is all you get, and a full-text search is not available for emails older than 40 days.
Tutanota offers two other personal plans in addition to the free one. The Premium plan, which comes with 1GB of storage, costs per month annually and supports one custom domain and up to five additional email addresses. You can use as many calendars as you want, but you can’t share an entire calendar. Users can be added and managed for each per month.
The Teams plan, which costs per month annually, is a good option for smaller operations. It can be used as a family plan as well, though you will have to pay $2 per month for each additional user.
This plan comes with 10GB of storage, up to five additional email accounts and one custom domain. It offers the same features as the Premium plan, but allows sharing of entire calendars.
The monthly fee for the business plans, which are all GDPR compliant, starts at per user per month when paid annually. The Teams and Pro plans each provide 10GB of storage, compared to the Premium plan’s 1GB.
The features of the Teams and Pro plans are the same. However, the Pro plan includes 20 more email addresses, customization features and custom domain login. These additional features on the Business Teams plan will cost per person per month annually, while Business Pro plan will cost you per user per month annually.
Extra Storage and Features
Users can buy 10GB of extra storage for $2, 100GB for $10 and 1TB for $50. The add-ons for private plans aren’t too expensive; you can obtain up to 100 email aliases for just $4.
However, the add-on costs of the business plans can rack up quickly. Customization, sharing and professional features like autoresponders have a monthly fee of $1 each per user. The “secure connect” function, which has a hefty $20 monthly fee, is the cherry on top.
Note, also, that Tutanota does not have a full money-back guarantee, so you will only receive a prorated refund if you cancel within 14 days of the subscription’s start date.
Ease of Use
Tutanota offers a swift and easy experience, from signing up to accessing your inbox. Upon creating your account, remember to copy the recovery code you receive. This is the only way to reset your password. If you forget your password, you must first enter your email address and recovery code before creating a new password.
Tutanota offers a standard email user interface similar to Gmail and Yahoo Mail. The categories appear on the left, as is the option to create your custom folders. You can create a new encrypted email by clicking the “new email” button in the top-left corner of the screen.
The calendar and contact list buttons are located in the top-right corner. Even new users will find it simple to navigate between their inbox, contacts and calendar.
The “settings” menu lets you access the various settings, such as changing your email’s appearance, password and adding templates. Here, you can also change your subscription plan and add more space or add-ons. You may set up features like spam rules and change the color theme of your mailbox.
Tutanota Desktop and Mobile Apps
Tutanota works on Windows, MacOS and Linux on desktop. It also offers mobile apps for iOS and Android.
Compared to the web client, the mobile apps only differ in their interface to fit the smaller screen of mobile phones. The app is open source and offers an offline mode and push notifications similar to the web client. Except for the weekly view, it includes all of the same features as the website and desktop apps.
Tutanota has built its entire brand identity around security, offering end-to-end encryption of all data. We’ll walk you through Tutanota’s many security measures, so you can decide if it’s secure enough for you.
End-to-end encryption is the main component of a secure email service, as it makes your emails inaccessible to any third parties. Your email can only be read by you and the recipient, thanks to end-to-end encryption provided by Tutanota.
It offers encryption for all of your data, including text, documents, files, calendars, contact lists, inbox rules and even email subject lines — only a few secure email services encrypt subject lines.
However, Tutanota does not encrypt the sender’s or recipient’s email address. So, even though a third party can’t eavesdrop on your conversation, they can tell who you are speaking with. Emails sent to other Tutanota users are automatically encrypted. For non-Tutanota users, the service gives the emails a password so that only the password holder can access them.
Tutanota encrypts all of your data both in transit and at rest. Your email is encrypted in transit by Tutanota using SSL/TLS security protocols and at rest using symmetric (AES-128) and asymmetric (AES-128/RSA-2048).
Furthermore, Tutanota uses zero-knowledge (or client-side) encryption. This means that only the user has access to their encryption code, and that not even Tutanota itself can access their data.
To add an extra layer of protection, Tutanota offers users many ways to use two-factor authentication. With the help of authenticator programs like Google Authenticator, you can create one-time or permanent keys to log in to your mailbox.
Universal 2nd Factor (U2F) offers the maximum level of security, but it needs an external device to store private keys. You can simply plug the device in and log in without having to enter an OTP. Currently, Tutanota supports two-factor authentication across all desktop clients and web browsers.
As with your private key, Tutanota doesn’t have access to your password. It stores your password in an unreadable format that is hashed and salted, making it very difficult for anyone to decrypt it. To protect your data while transmitting your password to Tutanota’s computers, the company uses TLS encryption.
You must choose a strong password to register for a Tutanota account because your password and private key are the same. Tutanota does not offer the typical password reset option because doing so would allow the provider access to your mailbox, defeating the purpose of client-side encryption. You can reset your password using a permanent recovery code.
Tutanota is a privacy-focused email client, so the company does not monitor your online activities. It won’t log your contact information, location and browsing habits, thanks to Tutanota’s strict no-log privacy policies.
Tutanota doesn’t ask for your phone number or email address when you register, so your identity is kept entirely anonymous. The only problem with this is that you must wait 48 hours before accessing your account as a spam-prevention measure.
Tutanota does not track your email activity or record IP addresses, so it cannot know your location. Your IP address is removed from emails you send or receive to protect your privacy. Therefore, the service cannot sell any user data.
It does, however, track a few specific email accounts. Tutanota has the right to track the location and activities of any Tutanota user who has been found guilty of a serious crime by a German judge.
Open Source & GDPR-Compliant
As an open-source email provider, Tutanota makes its source code available online for anybody to inspect. As a result, experts may assess the service’s security claims and analyze the code to see whether any of the code records your IP address or monitors your activity.
Tutanota is also GDPR compliant. The General Data Protection Regulation was adopted in 2018 to safeguard the personal data of EU citizens. It prohibits the collection of personal data without user consent, ensuring a private experience and preventing data breaches. Tutanota fully complies with the GDPR and provides a data-processing agreement to affirm that.
German Privacy Laws
Tutanota is incorporated in Germany, so it complies with its laws. As an EU member, Germany and its businesses are beholden to the GDPR. However, Germany isn’t exactly a bastion of privacy. It’s a Fourteen Eyes country, and it has a vast telecom surveillance apparatus.
Still, Germany (or any other country, for that matter) can’t surveil communication that’s encrypted end to end. Plus, even though German politicians have attempted to impose data retention laws many times, the practice has always been illegal.
However, a German court recently tried to order Tutanota to monitor user email activity, which goes against the email service’s goal of protecting users’ privacy. Tutanota resisted the demand, fought the order and ultimately won the legal battle, and was therefore not required to store encrypted emails of customers.
We will sum up our Tutanota review by saying that because it offers excellent security features, it is a secure email provider you can rely upon with your email messages. Thanks to its zero-knowledge policy, all of your emails are fully end-to-end encrypted, and the service does not track you.
The plans are reasonably priced, but the add-ons can be pricey for businesses. Even so, the service’s business plans are affordable for both small and large organizations.
Do you think that Tutanota is the ideal Proton Mail alternative? Do you think it is the best secure email service? Would you still like IMAP support for Tutanota despite the privacy risk? Let us know in the comments below and, as always, thanks for reading.
Tutanota is a secure email provider; it uses end-to-end encryption and has a no-logs policy.
You can trust Tutanota with your data because it doesn’t track or save your personal information.
Tutanota is a more secure email service than Gmail.
Although Tutanota servers have never been hacked, they have previously experienced extended DDoS attacks.
Tutanota doesn’t support IMAP since that would give the provider access to your unencrypted data.