Schau dir unsere Roadmap an, um zu sehen, was wir als nächstes zu Tutanota hinzufügen werden.

Diese neuen Funktionen werden wir demnächst implementieren.

Denkst du wir haben eine wichtige Funktion übersehen? Diskutiere mit uns und der Community auf unserem Reddit-Forum.

Bitte schau dir unseren Issue-Tracker auf GitHub an, um mehr Details bspw. über Bugfixes, an denen wir gerade arbeiten, zu erfahren.

#590: Offline usage

As a user i want to be able to access my mailbox when there is no or just a poor internet connection available (e.g. travelling). I need to have access to my emails, contacts and calendar entries so i can at least read the content.

After log in to my mailbox i currently have to wait each time in every view until the progress spinner is completed to see the content. I expect that the content that i have accessed before is visible right after login without any larger delays.

When i am online again or if i log in with an internet connection there should be a non blocking indicator that the content of my mailbox is synchronized with the server.

Acceptance criteria:

  • Create design document for offline mode including thread model for unauthorized db access.
  • #3812
  • Build search index prototype using offline storage so the same data is used (e.g. Mail/MailBody). Do performance tests
  • Offline access is available on desktop and mobile apps
  • Instances that have been accessed by the users or by the search indexer should be available for offline access.
  • #3813
  • Access to contacts
  • Access to calendar events
  • Restricted access to settings
  • #3815

Implementation hints
For detailed description and discussion see the wiki page for offline storage (/pages/viewpage.action?pageId=38898504 )

#3444: Provide option to lock saved credentials with PIN/biometrics

As a user of the Tutanota mobile or desktop app i want to be able to protect my stored credentials with the PIN/fingerprint of my device. If i choose "Store credentials" from the login screen the app should display options of how to secure my stored credentials. The option should be used for all further stored credentials. The selection can later be changed in the settings.

Every time i need to access the stored credentials the app should ask for the chosen option.

Acceptance criteria:

  • Provide options to secure the saved credentials after creating a persistent session using "Store credentials"
  • Ask for biometrics/pin when accessing credentials
  • Usage of biometric unlock option should not be required.
  • Setting to change selection
  • Migrate existing credentials and ask for options when opening new app version.

Implementation hints
We currently use the local storage of the web view to store the credentials. It is the same mechanism that is used for the web browser. We want to change the storage location to the secure storage of the device which is already used to store the device keys that are used to decrypt calendar event reminder notifications.

With this issue we will not automatically lock the application. We will protect how the saved credentials are stored on the device by encrypting them with a device key. The device key should be stored in the secure storage of the device. We will not have direct access to that key but instead we need to ask the system to decrypt the credentials.

When setting up the this for the first time the user should have the following options:

  1. Use biometrics
  2. Use system password/pin (or biometrics)
  3. Use device lock (no user interaction when accessing credentials)

Every time user needs to access the credentials we will ask for authentication.This is the case when:

  1. Access login screen
  2. Save additional credential
  3. Delete credentials

Together with @charlag @rosso-ptg @bedhub we discussed if it is acceptable to ask for authentication again upon delete or logout because it might be ask too often. We decided that it is acceptable for now.

We will do biometrics/pin protection for mobile apps only. For desktop clients we will store the key to decrypt credentials in the keychain of the system. Which usually will be unlocked when user logs in.

We decided that we will use intermediate key in encryption chain which can do multiple operations. This will allow us to do multiple operations on multiple credentials. Keeping it in memory for a short time has almost no effect on security but improves user experience a lot.

When selecting authentication method user should see a dialog with following text:

The credentials are stored encrypted on your device. How would you like to unlock them in the future:

  • Automatically
  • System password or biometrics
  • Only biometrics

The dialog should have three vertical options. It should have a skip button to default to automatic authentication. Option in settings should also open the same dialog.


#2178: Support FIDO U2F security key in desktop client

As a user i want to be able to use (login and register) my FIDO U2F security key as a second factor in the desktop client and in the mobile apps. A security key that is registerd on mobile/desktop application should also be usable within the web version and vise versa.


  • Allow setting up a security key in Settings > Login
  • Authenticate with security key as second factor in desktop client/mobile app
  • Authenticate with the same key in web client on

Development notes:
We are currently migrating from U2F Api to WebAuthn Api because chrome is dropping support for U2F API. We also should use WebAuthn standard if possible. See also: #2140

Instead of implementing the device communication in the native part of the application using different libraries we prefer to use the WebAuthn API of the browser or web view. WebAuthn only works in a secure context (https) and the devices must be registered for a certain domain. In our case the devices are registered for the domain when adding a security key in the web client on

The desktop/mobile apps are not running in that secure context. We are creating a web view/browser window and serving the application files from the local file system.

We cannot just create such a secure context for locally so the idea is to open another browser window/web view which opens a site on whenever we need to confirm the second factor and and just use this window to confirm the second factor.

A conflict occurs when the security key was set up on a whitelabel domain. This key cannot be used to authenticate on because it is a different domain. We probaly can also not allow to authenticate within the desktop/mobile app for such keys. They have to register the key for the app again, which then will be registed for

More information about integrating WebAuthn

Electro specificn:

Same as #443 for desktop client.

#443: Support FIDO U2F security key in Android app

I have a linked FIDO U2F security key to Tutanota.
I expect to be able to use that token for 2FA in the android application when logging in.

#2177: Support FIDO U2F security key in iOS

I updated the description for the desktop client in this issue: #2178. We want to try the same approach for the iOS app.
We checked pros and cons from the yubico documentation page and decided to try the ASWebAuthenticationSession or SFSafariViewController approach.

This approach requires iOS 13, so we either have to drop support for iOS 12 or just disable the security keys in older iOS versions.

#516: Provide a way to configure/change the Sender Name based on the aliases

Right now, the Sender Name is set at account level. If we happen to have an alias where we don't want to expose that name –for any reason(s)-, there is no way we can do that – or yes, there is: changing the account's Sender Name back and forth...really not an option.

This is one of the most important things that are currently missing in the service.

#6: Conversation view

Gmail has conversation view.

I have been looking for a privacy-conscious email service that offers this
as well. I have been using OpenMailbox and RiseUp, however they both
use RoundCube software.

RoundCube has had a ticket open on this for 9 years so who knows when they
will implement this, if ever. Please add conversation view so I can dump Gmail
for good.

#1579: Shared team calendars

As administrator I can create and delete shared team calendars. I can assign and remove users of my account to them without invitations. I can invite users outside my account with group invitations.

#1756: Calendar Widget

I want to put the Tutanota calendar to my homescreen.

#1066: Better contact integration on Android and iOS

I want to use my contacts from the dialer app 👍

#393: Allow sending mails to recipient lists and share recipient lists with groups

As a user I want to be able to create recipient lists. When sending a mail or calendar invites I want to be able to use such a list in the address field to send the mail to every user in the list without entering each mail address individually. Furthermore, I want to be able to share such lists with other users and define who has which right on the list (read/write/manage). I want to be able to share multiple lists at once with the same group while also being able to share different lists with different users. For privacy reasons I only want to share the mail address (and optionally a name) for each entry in the recipient list but not the entire contact I have in my private contact list. I do not want to share entire contact lists. In the contact view I want to be able to see and edit all my recipient lists and who they are shared with.

Users can:

  • Create different lists of recipients in the contact view.
  • Each entry in a recipient list must have a mail address. Optionally it also has a name.
  • If a recipient list entry's mail address is the same as on of an existing contact, the information in the contact should be used (external sender password, maybe display the name) but not shared with the group.
  • Use recipient lists to send mail or calendar event invites to everyone in this list and in the former case decide if the recipients see each other or not (TO/CC/BCC).
  • Share a lists of recipients with other users.
  • Share multiple lists with the same group of users.
  • Share different lists with different groups of users.
  • Define which rights those other users get on the list group (read/write/manage).
  • Optionally, the user should be able to flag a list as non-confidential. In that case they should not be asked to enter passwords for external recipients if they do not exist each time they send to this list.
  • The server must not get any knowledge about the entries in a recipient list but only those users the list is shared with. (It is acceptable that the server can infer this information from the fact that a client requested the recipient list and then sent emails to a set of mail addresses.)


  • Sharing is a solved problem. See shared calendars and template groups.
  • When the user enters such a list in the address field every mail address should be resolved like we do now and the user should be informed if there is a problem with one mail address. They should be able to decide if this address should be excluded. If no errors occur, sending such a mail should work just like the user had entered each address individually, i.e. the mail is encrypted for every recipient and then sent.
#3443: Allow write access in offline mode

As a Tutanota user i still want to be able to do certain write operation while i am using the Tutanota application in offline mode These action should get synchronized after i am online again. Such actions are:

  • Create/update draft, event, contact
  • mark an email as read
#529: Disposable e-mail addresses

Disposable e-mail addresses are a randomly generated string of characters that are used to create a unique alternate e-mail address:


The difference between regular e-mail aliases and disposable ones is that the latter are intended to be temporary, for instance, you can use them for a short-term purpose before deleting the address to prevent your real address from being sold and added to Spam lists.

Additionally, a description field (or something similar), along with the e-mail address itself is a nice-to-have in order to associate/know the service or Web site in question.

Disposable e-mail addresses are just for receiving e-mail – they should not be used to send e-mails.

It's important to emphasize that this is completely different from the usual disposable e-mail address services one can find out there.

#318: organize emails by tags/labels

I'm new in tutanota but the first thing I looked for in the UX is the ability to tag/label my mails.
It is a very simple and powerful feature, superior to folders as many tags could be applied to an email when only one folder could be associated with it.

I think you should consider this feature as it will dramatically enhance the user experience and it's relatively simple to implement.

#175: Photo in contact

new attributes are now available see #168

#198: Autocrypt support

Hi there, is Tutanota planning to follow the path of other mail clients and implement Autocrypt? Seems like most major clients are planning on releasing support for it soon (K9, Thunderbird, Mailpile). Would be nice if Tutanota follows and stays compatible.

#843: Full unicode emoji support

We should display a selector for emojis
We can use svgs from (

#528: Tor onion service

As evidenced on Tutanota's own blog, the organization is pro-privacy and pro-Tor/VPN usage - and thank god for that!

In order to further protect Tor users (who by definition value privacy more), how about setting up an onion address to access the webmail at, in parallel to the clearnet site?

This approach is used by, among others, ProtonMail, ProPublica, The NYT, etc.

If feeling ambitious, why not make it a nextgen onion address? :)