Email is just about as old as the internet itself, but it is also one of the few services that have barely changed over the decades.
The powers that be opted to avoid upgrading email too much in favor of making sure that emails are universally compatible.
That has caused some critical security concerns, but encrypted email is ready to take over. We will now review Tutanota to see if it’s secure enough.
Tutanota’s email security is second to none, while its mobile apps are fast, efficient, and user-friendly. Pricing plans are fair and affordable, with a free option available, all with added value like a calendar. The main problem with Tutanota is that it takes 48 hours to verify a new account.
Having the ability to encrypt your emails is no small thing. We don’t always realize how public our private email conversations are and how some of our chats are used to spy on us or show us ads.
Tutanota is one way to ensure that your personal email conversations stay private. But is it really that great or that important? Let’s evaluate Tutanota in closer detail and find out.
Tutanota’s Plans And Pricing Structure
Tutanota starts with a free plan. It allows one user with 1GB of storage space for emails. 1GB sounds like a lot, but it can run out quickly when we begin counting attachments into that. The calendar is included, but your search options are limited.
You are also forced to use an @tutanota.com email domain. Still, this is pretty decent for a secure encrypted email account that you’re not paying for.
Tutanota’s Premium service costs as little as ±€1 per user per month. For the most part, it’s identical to the free version, except that you can add more users, use a custom domain, have multiple calendars, have five aliases, unlimited search, and the ability to set inbox rules.
It’s like the free plan on steroids, and let’s be honest, €1 is practically free anyway.
Tutanota also has options for Teams and Businesses, with prices ranging from ±€2 to €7 per user. And if 1GB isn’t enough for you, you can get additional email storage space – anything from 10GB at ±€2 to 1TB at €50.
Other optional features are available on the Business and Teams packages, all at fair prices.
In summary, Tutanota compares favorably with its competitors, being equal to or slightly better than ProtonMail and Mailfence when comparing features and pricing.
A critical factor for any encrypted email service is its user-friendliness. If a user cannot figure out how to use your service, they will simply miss things and not use it as it’s supposed to be used, which could lead to insecure email and data leaks.
The passionate team behind Tutanota put in a lot of effort to ensure that their platform cannot possibly be any more user-friendly.
Tutanota has a very easy-to-use webmail interface, making it easily accessible from any device, even in public spaces like libraries. But there are also apps for Android, iOS, macOS, Windows, and Linux to make access easy on any of your own devices.
All of the apps have blinding fast loading times and user-friendly interfaces similar to the webmail interface.
There is no IMAP support, meaning you cannot access your Tutanota emails in a familiar email client like Outlook.
This is done on purpose to improve security by ensuring that Tutanota has control over your email every step of the way, at least until it reaches the recipient’s server.
Getting used to Tutanota’s interface does not take long. The interface is intuitive and familiar, and all the buttons and functions are precisely where users of Outlook or similar email apps will expect them to be.
Signing up for Tutanota can be a bit frustrating, though. Not because of the signup process, which is pretty simple, but because there’s a 48-hour waiting period for your email account to be manually approved.
You cannot send or receive emails during this time. Anyone who wants an encrypted email account to send an urgent email message will find this waiting period unbearable.
In terms of interface and user-friendliness, Tutanota scores well, with perhaps the most uncomplicated user interface among its competitors.
The support system that Tutanota has in place is what can be expected for personal users. There’s a comprehensive FAQ section on the Tutanota website that efficiently answers most common questions.
A dedicated Tutanota Support forum is available on Reddit for those requiring more comprehensive support. Tutanota’s staff uses the Reddit forum to interact with users.
For those highly complex support questions, email support has a pretty efficient response time and a very knowledgeable support staff.
The only support problem is the lack of telephone support, which could be a problem, especially for business users. In a business environment, when something goes wrong, you often don’t have the time to wait for an email reply.
So far, support is the only area where Tutanota is severely lacking. But for personal Tutanota users, this should be a minor concern since the available support platforms are very efficient for resolving issues already.
Tutanota’s Additional Features
One thing that makes Tutanota stand out from the competition is the additional features it offers. In many ways, Tutanota tries to provide a service that is similar to other commercial email services like Gmail and Microsoft Exchange.
Though its main focus is encrypted email, which is something that they are definitely not neglecting, they are also focused on adding value.
Apart from the encrypted email service, Tutanota has a built-in calendar function. This is not unique since ProtonMail also has a calendar, but Tutanota’s calendar focuses more on team collaboration.
It is possible to share multiple calendars with multiple people, and changes are automatically synchronized between the different accounts that share access to the same calendar.
Like Microsoft 365 and Gmail’s business packages, Tutanota has an admin panel where new users can be added, old users removed, aliases created, etc. This gives control over all of a team or company’s email accounts in one central place.
Businesses also have the option to white-label their email platform by adding company logos and colors to the interface.
Rather than seeing the Tutanota logo, staff and team members will see their company’s colors and details.
They might not even know they are using Tutanota since it can appear like a company-specific email platform.
Another unique feature that Tutanota offers to business users is a piece of code for a website contact form. Usually, when users complete a contact form on a website, their details are sent in plain text over the internet.
This Tutanota feature encrypts the user details on the website before sending it, thereby ensuring your website users’ privacy as well as your own.
There’s just so much “extra” with Tutanota that it’s almost impossible to go into all of it. Yes, some of it costs extra as well, but it’s worth the expense for users who need those services.
Tutanota scores far above its competitors because of all its additional features and small value-adds.
What It’s All About – Tutanota’s Security
Tutanota is focused on security and privacy from the roots level. It’s evident that this is what the company is for and what they are concerned about.
When you sign up for an account with Tutanota, you are not required to provide even one piece of personal information, not even a name or telephone number. Any personal info you provide is purely by choice.
The fact that Tutanota has a 48-hour manual activation period, though frustrating, is again a security measure.
This is not to check up on personal user information but to ensure that spammers don’t abuse the system. If there are no spammers, Tutanota’s email servers’ IP addresses and domains are more trusted on the internet, ensuring better delivery of your emails.
With Tutanota, your emails are genuinely end-to-end encrypted. Suppose you send a mail to another Tutanota user (even in a different organization) or another encrypted email service like ProtonMail or Mailfence.
In that case, your email is never in an unencrypted state at any point. Even if a snoop manages to get access to the email, it will be encrypted, and none of it will make sense to them.
That applies to every part of the email as well. Body text, attachments, and even subject lines are all encrypted. Not even ProtonMail encrypts an email’s subject line. Tutanota does that little bit extra.
Furthermore, Tutanota makes use of zero-knowledge architecture. That means absolutely no one, not even Tutanota’s own staff, can access emails; only an authorized user can access emails.
Zero-knowledge architecture also means that someone who steals the server that holds your emails won’t be able to gain anything from that at all. Everything is entirely encrypted.
It’s not only your emails that are encrypted, either. Your calendar, inbox rules, filters, and even the search index are all encrypted.
Tutanota uses AES 128 symmetric encryption for all emails sent to encrypted addresses and AES 128 / RSA 2048 asymmetric encryption for encrypted emails sent to non-encrypted addresses. Encryption happens automatically so that there’s less margin for error.
Sending encrypted emails to non-encrypted email accounts, like Gmail, happens by sending an email notification to the user’s email account with a link to open the email.
Once the recipient clicks on the link, they are taken to Tutanota’s server rather than their own email server, where they have to enter a password before being allowed to open the email.
Accessing your Tutanota inbox is also a secure process since your password is never sent to the server. It is hashed on your device, and the hash is compared with the hash on the server.
There is also a two-factor authentication (2FA) option that you can enable if you wish, but they strongly recommend that you do so for added security.
There’s even more that can be mentioned in terms of security. You can monitor and close login sessions remotely, meaning you control who is logged in.
Tutanota also uses open source code, which means that it’s been checked many times over by multiple users worldwide, ensuring that any weaknesses are patched before they can become a problem.
Tutanota’s security principles and practices are nothing short of incredible. Its biggest competitors, namely ProtonMail and Mailfence, fall short in some of these areas.
Even the fact that it does not support IMAP and external email clients is a positive point for Tutanota’s security since it eliminates one additional point of weakness.
Tutanota’s Data Storage And Backups
All emails are stored on Tutanota’s own servers in Germany, in Tutanota’s ISO 27001 compliant data centers.
Emails, even those of personal account users, are also backed up to the same servers that hold Tutanota business account emails, and backups are also encrypted to ensure privacy and security.
Your data is kept completely safe and private and as unhackable, as it’s possible to be.
What Tutanota’s Users Say
It’s straightforward to look at Tutanota’s features and say that it’s unbelievably great. But the actual test comes when users use the platform daily.
How do they find it? Is it effective? Does it do what it’s supposed to, and can they use it efficiently?
There are lists and lists of excellent reviews for Tutanota online. Not counting reviews from websites that could probably be in it only for the money, judging by the comments made by users online, especially on the Tutanota Reddit forum, people are impressed, to say the least.
Compliments for Tutanota on their high level of security, their ease of use, their pricing, and even their support, are rampant.
There have even been reports about a DDoS (Distributed Denial of Service) attack against Tutanota in 2020, resulting in some of its servers slowing down.
Still, no vulnerabilities were exploited, and no user data or emails were exposed.
Most of the negative comments about Tutanota are around the 48-hour manual activation period. Some users claim that the waiting period made them change their minds and opt for one of Tutanota’s competitors.
Tutanota’s response is simply that they would rather lose a handful of users than risk spammers, scammers, and users looking for encrypted burner email addresses taking over the system, ruining it for all loyal and patient customers.
And let’s be honest, people who are looking for an encrypted email account to protect their privacy are looking for a long-term option, so this is a comforting fact.
Conclusion – The Final Verdict
Tutanota is not the only encrypted email provider out there. It is not the only excellent encrypted email service either.
But when all the pros and the few slight cons are considered, it is entirely possible that it just might be the best.
Either way, as an encrypted email service, you can do far worse than Tutanota, and since you can try it with a free account, all you have to lose is 48 hours.