Secure email for everybody: How to choose a secure email service.

Tutanota is the most secure email provider. Check this post to learn why.

When we started to develop Tutanota in 2011, our aim was always to establish the most secure email service possible. Now, we can confidently say that you can't have more secure emails than your Tutanota mailbox. This post explains why Tutanota is the most secure email provider, how we plan to stay ahead of quantum computers, and how you can make sure that no one can get access to your secure emails.


Secure email for everybody

Our motto with Tutanota is to provide “secure email for everybody”. This includes not only top-notch security and privacy standards, but also that the secure mailbox is very easy to use so that it is accessibly to everybody.

That’s why Tutanota combines built-in encryption with ease-of-use. In regards to security, Tutanota pays attention to seemingly little details, such as not using third-party code - because this would allow said third parties to track our users, or open sourcing the entire client code - because this is the only way of proving that the end-to-end encryption works as promised and that Tutanota does actually offer secure emails.

Built-in encryption for secure emails

When we designed the encryption for Tutanota, we made sure that the encryption method used is secure, flexible, and can be easily upgraded to more secure algorithms. All of this was achieved by implementing technically complicated, but easy-to-use end-to-end encryption.

If you want to dive into the technical details, please check our post on Tutanota’s encryption. By implementing our own encryption method - based on secure algorithms also used in PGP - we are able to

  • encrypt subject lines of your secure emails,
  • easily update the encryption algorithms if needed (post-quantum crypto),
  • add support for Forward Secrecy, as well as
  • encrypt other features, such as the entire Tutanota address book, or our new calendar easily.

Research in post-quantum cryptography

As the development of quantum computers progresses, every secure email service must stay ahead of this development. RSA and PGP - basically most currently used standards to encrypt emails will become breakable by quantum computers in the near future. To win the crypto wars, we must start updating Tutanota now.

That’s why we have already started a research program together with the Leibniz University Hanover to update the algorithms in Tutanota to quantum-secure ones. Once we have specified and tested future-proof algorithms, we can easily update the algorithms used in Tutanota for all users automatically.

This is due to the smart design of our encryption method and brings a great advantage to all our users relying on Tutanota to secure their emails - now and in the future.

No third-party code

To guarantee that no one can track your activity in your secure email account, we make sure that we do not use any closed-source third-party code such as Google Captcha or Google Analytics.

Tutanota is one of the very few email services - even among secure email providers - that takes things like not using third-party code seriously.

Open source client code

The entire client code of Tutanota - our secure desktop clients for Linux, Windows and Mac OS, our Android & iOS apps, and our web client - are all published on GitHub so that tech-savvy users can verify that the code is doing what we promise: Securing your encrypted mailbox to the maximum.

You can get the code directly from GitHub and build your Tutanota client locally. Or, if you want to use our desktop clients, you can verify the signature to make sure that the code published on GitHub is used in your local installation of Tutanota as well.

Secure emails with top login protection

One of the weakest points in any online service - and in Tutanota - are your login credentials. That’s why we focus on offering the most secure login protection possible.

  • We only allow strong passwords for registrations.
  • We use Bcrypt to protect your password from brute-force attacks.
  • We only transmit a hash of your password to the server.
  • We offer top-notch 2FA methods such as U2F and TOTP.

We strongly recommend that you enable second factor authentication via a hardware token (U2F) or an authenticator app (TOTP) to protect your secure email account from email phishing.

Maximum privacy protection

At Tutanota we put your right to privacy at the heart of everything we are doing. We do not log IP addresses and offer a truly anonymous email registration, without ever asking for a phone number.

We also strip IP addresses from emails sent and received, and we do not load images by default to protect your privacy. This is important because with loading images the person who sent the email to you can track your IP address, your location, the browser or client you are using and more.

Please make sure that you trust a sender before loading external images within your Tutanota mailbox.

Putting security first

To sum up: Security and privacy is at the center of every decision we make. Our goal with Tutanota is to offer the most secure email service. The built-in encryption is a good start, but as this post has explained, there is more to secure email than just encryption.

Please check our comparisons to see at one glance how Tutanota compares to other email services, such as Gmail, Yahoo, GMX, Outlook, Fastmail, Posteo, Hushmail, Protonmail, Startmail, and Mailbox.org.

We hope you enjoy your secure emails! Happy encrypting. :)