Secure email for everybody: How to choose a secure email service.

Tutanota is the most secure email provider. Check this post to learn why.

2019-8-26
When we started to develop Tutanota in 2011, our aim was always to establish the most secure email service possible. Now, we can confidently say that you can't have more secure emails than your Tutanota mailbox. This post explains why Tutanota is the most secure email provider, how we plan to stay ahead of quantum computers, and how you can make sure that no one can get access to your secure emails.
SIGN UP

Secure email for everybody

Our motto with Tutanota is to provide "secure email for everybody". This includes not only top-notch security and privacy standards, but also that the secure mailbox is very easy to use so that it is accessibly to everybody.

That's why Tutanota combines built-in encryption with ease-of-use. In regards to security, Tutanota pays attention to seemingly little details, such as not using third-party code - because this would allow said third parties to track our users, or open sourcing the entire client code - because this is the only way of proving that the end-to-end encryption works as promised and that Tutanota does actually offer secure emails.

Built-in encryption for secure emails

When we designed the encryption for Tutanota, we made sure that the encryption method used is secure, flexible, and can be easily upgraded to more secure algorithms. All of this was achieved by implementing technically complicated, but easy-to-use end-to-end encryption.

If you want to dive into the technical details, please check our post on Tutanota's encryption. By implementing our own encryption method - based on secure algorithms also used in PGP - we are able to

  • encrypt subject lines of your secure emails,
  • easily update the encryption algorithms if needed (post-quantum crypto),
  • add support for Forward Secrecy, as well as
  • encrypt other features, such as the entire Tutanota address book, or our new calendar easily.

Research in post-quantum cryptography

As the development of quantum computers progresses, every secure email service must stay ahead of this development. RSA and PGP - basically most currently used standards to encrypt emails will become breakable by quantum computers in the near future. To win the crypto wars, we must start updating Tutanota now.

That's why we have already started a research program together with the Leibniz University Hanover to update the algorithms in Tutanota to quantum-secure ones. Once we have specified and tested future-proof algorithms, we can easily update the algorithms used in Tutanota for all users automatically.

This is due to the smart design of our encryption method and brings a great advantage to all our users relying on Tutanota to secure their emails - now and in the future.

No third-party code

To guarantee that no one can track your activity in your secure email account, we make sure that we do not use any closed-source third-party code such as Google Captcha or Google Analytics.

Tutanota is one of the very few email services - even among secure email providers - that takes things like not using third-party code seriously.

Open source client code

The entire client code of Tutanota - our secure desktop clients for Linux, Windows and Mac OS, our Android & iOS apps, and our web client - are all published on GitHub so that tech-savvy users can verify that the code is doing what we promise: Securing your encrypted mailbox to the maximum.

You can get the code directly from GitHub and build your Tutanota client locally. Or, if you want to use our desktop clients, you can verify the signature to make sure that the code published on GitHub is used in your local installation of Tutanota as well.

Secure emails with top login protection

One of the weakest points in any online service - and in Tutanota - are your login credentials. That's why we focus on offering the most secure login protection possible.

  • We only allow strong passwords for registrations.
  • We use Bcrypt to protect your password from brute-force attacks.
  • We only transmit a hash of your password to the server.
  • We offer top-notch 2FA methods such as U2F and TOTP.

We strongly recommend that you enable second factor authentication via a hardware token (U2F) or an authenticator app (TOTP) to protect your secure email account from email phishing.

Maximum privacy protection

At Tutanota we put your right to privacy at the heart of everything we are doing. We do not log IP addresses and offer a truly anonymous email registration, without ever asking for a phone number.

We also strip IP addresses from emails sent and received, and we do not load images by default to protect your privacy. This is important because with loading images the person who sent the email to you can track your IP address, your location, the browser or client you are using and more.

Please make sure that you trust a sender before loading external images within your Tutanota mailbox.

Putting security first

To sum up: Security and privacy is at the center of every decision we make. Our goal with Tutanota is to offer the most secure email service. The built-in encryption is a good start, but as this post has explained, there is more to secure email than just encryption.

Please check our comparisons to see at one glance how Tutanota compares to other email services, such as Gmail, Yahoo, GMX, Outlook, Fastmail, Posteo, Hushmail, Protonmail, Startmail, and Mailbox.org.

We hope you enjoy your secure emails! Happy encrypting. :)

SIGN UP
Author
Black and white picture of Hanna being shocked a bit.
Hanna is part of the Tuta team since the launch of the secure email client Tutanota in 2014. Over the years she has become an expert in explaining cryptography to the average internet user, making sure that everyone understands why privacy matters and how encryption helps to protect ones data on the web.
Top posts
Threat Modeling In 2024: Your Guide For Better Security
10 Best Private Email Services in 2024
Google Pays 1150 Times More for Its Search Monopoly Than for Lobbying in the EU & US
Why Use A Password Manager - And Our Top 3!
Anonymous email: Create an email address without a phone number.
The Illusion Of "Swiss Privacy" Being The Best
10 best free email accounts in 2024
Latest posts
Google Search Is A Problem: How Google Is Crushing Tuta.
The XZ Backdoor and the importance of Open Source Software
Apple is finally giving you the choice: Take it and install a private browser right now!
The Russian Hacker Group Sandworm is Back: New Kapeka Malware Secretly Infecting Systems Since 2022
Terminate subscription
Company
Community
Team
Jobs
Terms
Privacy
Legal notice
Development
Changelog
Roadmap
Security
Encryption
Open Source
GitHub
Features
Secure Email
Encrypted Calendar
Business
Support
Forum
Press
Support
Language
English
Translate