Tutanota is an encrypted email provider based in Germany. Servers are also located in Germany and are powered by Green Renewable Energy.
What’s good about Tutanota, and why would you want to use it?
The encryption happens on the user’s device in a way where the user is the only one to have access to their private key. Encrypted information includes Sender and Recipient Names, Subject Line, Content in the Body, and Attachments. The encryption used for your emails becomes End-to-End when communicating with another Tutanota user. Your list of contacts and entire calendar is also encrypted.
They use their own implementation of AES and RSA, the same algorithms used with PGP, this means they are well trusted algorithms. Tutanota can update their implementation whenever they want, and are already working on a Quantum Safe implementation for when Quantum Computers become a thing.
They have a free account but I would recommend paying for your account, because this is the only way they make money, and running the service does cost money.
Custom Domain support is available on paid plans. There is either no limit to the number of domains you can use or I have not reached this limit yet after adding over 30 domains to my account.
What’s not so good about Tutanota, and why may you not want to use it?
Sender and Recipient Names are encrypted, the email addresses remain unencrypted. You may want to be careful what name you choose as part of your email address, and what contacts you communicate with, as this can be seen by anyone who looks at your account.
The same algorithms as PGP are used for encrypting your data, but it is not PGP, it is their own implementation of these algorithms. You may still be able to use PGP with your contacts if you really want to, but you will need to do the encryption/decryption process yourself (which is technically safer anyway).
At time of writing this, you can create multiple aliases, but are limited to the one sender name set globally. They do have plans to change this in a future update.
Notifications are for all folders, meaning if you receive a high volume of emails, and are using their app on your phone or tablet, you will receive constant notifications. Technically they place all emails in your inbox, and its once you log in and decrypt your account that your filters get applied, as long as they continue to do it this way, limiting notifications to certain folders will not be possible.
Security for the app, there is no biometrics or code, so anyone you share your device with could easily open the app and read everything. Hopefully this will be changed soon.
What is the recommended way to use the Tutanota service?
Use the Android or iOS app where possible.
Login only on devices you own and/or trust.
Don’t stay logged in or save your login details, unless it is a device only used for checking your emails
Ensure the device requires passing some kind of security challenge like a password or passcode.
Make sure you have Two-Factor Authentication enabled on your account.
Choose an email address where the domain (the part after the @ sign) ends in .de which is under German Jurisdiction.
Hopefully this post as helped you to make an informed decision as to whether Tutanota is a service you want to use. I would appreciate your comments and feedback on this, reach out: [email protected]