Breaking news

Last night multiple DNS providers were attacked to take down Tutanota. In combination with wrongly cached DNS entries for the tutanota.com domain at different DNS servers, this led to a downtime of several hours for millions of Tutanota users. We had switched DNS entries, but as the propagation takes time, some users did not get access to Tutanota immediately.

This weekend continuous DDoS attacks and an infrastructure issue led to donwtimes for hundreds of users. While we were able to mitigate most of the DDoS, an overreacting IP-block to fight the attacks led to hundreds of users not being able to access Tutanota for multiple hours this Sunday. We deeply apologize for this mistake; it has now been fixed. Here we want to quickly explain why we have to build the DDoS mitigation ourselves, how the progress is so far, and what you can expect as next steps. Thank you very much for supporting our fight against the attackers and for our right to privacy!

Tutanota is still being under DDoS by unknown adversaries. We are constantly mitigating the attacks. These attacks have been ongoing since middle of August, and while we have immensely improved our DDoS mitigation system since then, we have to keep fighting the attacks to make sure no one can stop you from using encrypted emails. We deeply thank all our users for bearing with us during this difficult time. Now is the time to support us and our fight for privacy to show the attackers that they will not be successful!

Politicians regularly demand that companies add encryption backdoors to their end-to-end encrypted email and cloud services to enable law enforcement to easier prosecute criminals. To the contrary, the recent leak of highly sensitive police documents, called BlueLeaks, demonstrates that we need better and more encryption, not less. By demanding to break encryption, Politicians are not asking us to choose between security and privacy. They are asking us to choose no security. This post explains why any encryption backdoor is - and will always be - a stupid idea.

This Saturday a DDoS campaign was launched against the secure email service Tutanota, which led to a downtime of several hours until we were able to mitigate this complex attack. Here we would like to explain how the attack affected Tutanota. We deeply apologize for the downtime and thank all our users for bearing with us during this difficult time. We are currently reviewing and improving our DDoS protection to mitigate similar attacks faster in the future.