Security Comparison: Why it's time to use Tutanota instead of GMX.

This comparison explains security details between GMX and Tutanota that are important for protecting your email account. With data breaches and security risks rising, it is time to switch to the most secure option.

Email accounts are the gate to your online identity. Linked to several other services - e.g. Amazon, Facebook, Twitter - that offer password resets via email, your mailbox must be secured to the maximum. Should a malicious attacker gain access to your email account, they can take over all other online services that are linked to this email address. When choosing an email service, its security must be considered. This comparison will help you decide between two very different German email services: GMX and Tutanota.


In January 2019 German magazine The Spiegel published a story that GMX and Web.de allow users to register an email address with the word ‘pasword’ as a password.

Such a security setting is completely unresponsible as it puts lots of users at risk. We at Tutanota focus on security, and we were very surprised to learn that GMX and Web.de negelcted their users’ security to such an extend. Thus, we found it necessary to investigate further and to shed some light on the security settings of Tutanota and GMX so that people can make an informed decision about whether to use GMX, Web.de or Tutanota.

General comparison of Tutanota and GMX

GMX and Tutanota both offer free email services to the public. Tutanota limits free users to 1 GB of free storage while GMX users can increase their free storage to 10 GB by downloading the GMX app.

Another main difference is that Tutanota automatically encrypts all emails and contacts to secure their users’ emails to the maximum, which GMX does not. Due to the built-in encryption, Tutanota cannot support IMAP/POP3, but offers its own desktop clients that also support built-in encryption. GMX, on the other hand, can be used via IMAP/POP3.

Both services offer paid upgrades that allow adding your own domain email address, additional users, and more. For more details on usability features, you can visit the homepage of each email provider: GMX and Tutanota.

Security comparison of Tutanota and GMX

Security assetTutanotaGMX
Only strong passwords allowed¹YesNo
Password hashed on client²YesNo
State of the art brute force protection³YesNo
Two-Factor authentication⁴YesNo
Encrypted storage of dataYesNo
Easily encrypt emails end-to-endYesNo
Data stored in GermanyYesYes
No reuse of email address⁵YesNo
No advertisementsYesNo
No ability to read users’ emails⁶YesNo
  1. GMX allows ‘password’ as a password and indicates weak passwords with a green bar. Tutanota also checks your password upon sign-up. If the password is too weak, registration with the chosen password is not possible.

  2. GMX transmits the password in clear text to the server. Tutanota hashes and salts the password with bcrypt and SHA256 before transmitting the hash to the servers. It is impossible to derive the actual password from this hash, thus, no one can intercept the password.

  3. Tutanota’s brute force protection kicks in way before GMX tries to stop unauthorized persons to guess passwords. Tutanota hashes the password with Bcrypt to make brute-force attacks much harder.

  4. No option to add a second factor to GMX accounts. Tutanota supports second factors since August 2017 and recommends to use a hardware token (U2F) as this is the most secure 2FA option.

  5. GMX Terms state that unused email addresses may be made available for new registrations after 12 months. Tutanota does not recycle unused email addresses for security reasons.

  6. GMX reads users’ emails (German source). Tutanota stores all data - emails and contacts - encrypted so no third party can read users’ emails.

Conclusion of the security comparison between GMX and Tutanota

To sum up: GMX started in 1997 when email was still a very young medium. Its level of security has not much improved since then.

Today users must ask for much better security measures because cyber attacks, in particular against email phishing as these attacks are becoming increasingly more sohpisticated.

Besides, when you switch to Tutanota, you are using a green email service.


Recommended for further reading: Our online security guide explains three easy steps to keep your emails safe from hackers.