Tutanota is an email service provider based in Germany and one of the best secure email providers. Since 2011, it’s slowly grown market share in the secure email space by offering a higher level of privacy and security than more established services.
In our Tutanota review, we examine the features that make it one of the best secure email providers that you can choose today.
Tutanota: Plans and pricing
Tutanota has a free plan and three paid plans. You can pay monthly or annually, with annual plans receiving a 15% discount. Non-profit organizations receive a 50-100% discount on paid plans, depending on their country of residence.
The free plan is for one user only, there’s limited search functionality, and you can only have one secure calendar. However, it comes with a generous 1 GB of storage.
Premium is the cheapest paid plan, at €1.20/month/user ($1.40). This unlocks custom domains, unlimited search, inbox rules, multiple calendars, and five aliases. The Teams plan costs €4.80/month ($5.62), plus €2.40/month ($2.80) for each additional user. It includes 10 GB of storage space and the ability to share calendars. The Pro plan is €7.20/month ($8.43), plus €3.60/month ($4.21) for each additional user. With the Pro plan, you can customize your logo and colors.
The initial prices are quite low, but if you stretch the limits of the service, the required add-ons can get expensive. For example, storage capacity is shared by all your users, and an additional 1 TB of storage costs €60/month ($70). Adding a secure content form to your website costs €24/form/month ($28). These costs add up quickly.
Besides its solid privacy and security features, Tutanota has a few features not always found on secure email providers. For starters, there’s a secure calendar that uses end-to-end encryption, so no one can see your appointments and reminders. There are also desktop apps for Windows, macOS, and Linux, as well as mobile apps for iOS and Android.
Not everyone you email will use Tutanota. Thankfully, you can send confidential messages to people who use services like Gmail. Instead of receiving your email text, they receive a link to open the email message securely on Tutanota. Each confidential email is protected by a password.
Now all you have to worry about is getting them the password securely. Tutanota suggests the use of encrypted instant messaging client Signal for this purpose.
For businesses, you can rebrand your email service with your own colors, meta tags, and logo. Secure Connect is another interesting feature. Essentially, it’s a secure form for your website that’s end-to-end encrypted, so people can contact you through an entirely secure channel.
Tutanota: Interface and in use
Signing up for Tutanota is refreshingly simple, and you’re not asked for any personal details. But when you upgrade to a paid account, you must state your country of residence. Business customers must also state their full name and complete address.
Tutanota has suffered from several DDoS attacks over the past few months. While no data was compromised, the service was often unavailable for hours at a time. During our testing, the Tutanota website went offline for short periods. The company is taking steps to improve security, but it’s something to consider if you plan to use Tutanota for a business account.
Tutanota has a small team, and support is only available for paid accounts. The small team size often means that support requests are not dealt with over the weekend. In our testing, which was performed during the week, we received replies from customer service within two hours.
The website includes a long list of how-tos and a searchable FAQ database. These are all accompanied by useful screenshots.
Tutanota’s biggest strength is its security. It uses AES-128 symmetric encryption or RSA-2048 asymmetric encryption, depending on the email recipient. Encryption is performed on your device and sent over an SSL/TLS tunnel, making for true end-to-end encryption. The platform is all open-source, so many people have poured over the source code looking for flaws.
Many secure email providers use OpenPGP, which doesn’t encrypt email subject lines. Tutanota uses its own variant that obfuscates the subject line of emails and the name of attachments.
Tutanota uses a zero-knowledge model for your account. Only you know your account password, and the staff can’t decrypt your emails without it. There’s support for TOTP and U2F two-factor authentication too, so you can lock down your account even further.
ProtonMail is a direct competitor to Tutanota. Though it lacks a few of Tutanota’s privacy-focused features, such as the encryption of email subject lines and U2F two-factor authentication, it has a more modern user interface and is cheaper than Tutanota for larger groups.
If you need an entire secure office suite, Mailbox.org is a top choice. It is also located in Germany, and besides the mail app, it offers an address book, calendar, spreadsheet, word processor, web chat, and cloud storage drive.
Tutanota offers arguably the best secure private email product on the market. It has end-to-end, zero-knowledge email that goes further than most competitors to secure your data. The website, Android, and iOS user interfaces are easy to use, and you can even send encrypted emails to non-Tutanota users.
However, recent ongoing service outages and the slow technical support experienced by many of Tutanota’s customers cause us to question whether it’s reliable enough for mission-critical applications. It’s also expensive for businesses when you factor in the price of the add-ons. But if security and privacy are your absolute priority, Tutanota is the ideal secure email provider.
- We've also featured the best email hosting.