© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Tutanota vs. ProtonMail: which is the better secure email service?

Tutanota vs ProtonMail

For those in the know and protective of their privacy, Tutanota and ProtonMail are the industry leaders in “secure email”. Both have an excellent reputation built on guarding user emails from prying eyes – even their own eyes.

So which one is better. Let’s take a side-by-side look at Tutanota vs. ProtonMail to see which one is better in general—or better for you.

Tutanota vs ProtonMail: security and privacy

Both services offer excellent security and privacy – it’s their entire selling point. Both offer end-to-end encryption that even they don’t have the keys to decrypt.

Tutanota encrypts more spaces within its ecosystem, but we give a slight edge to ProtonMail. ProtonMail has a restrictive spam filter, complete anonymity, and RSA 256-bit encryption compared to Tutanota’s 128-bit protocol. ProtonMail also benefits from Switzerland’s excellent attention to privacy.

TutanotaProtonMail
Rating4.6 ★★★★4.9 ★★★★
EncryptionRSA 2048-bit, AES 128-bit, no PGP, encrypted subject lines,
calendars, and address books, perfect forward security
RSA 2048-bit, AES 256-bit, OpenPGP
AnonymityIP addresses stored, but hiddenNo IP address stored
PrivacyProtected by German law, 14 Eyes,
company commitment
Protected by Swiss law, company commitment
Spam FilteringRestrictivePermissive
WebsiteTutanota.comProtonmail.com

Winner: ProtonMail logo

Encryption

Tutanota offers end-to-end symmetrical encryption—RSA 2048-bit for user-to-user emails, AES 128-bit for user-to-non-user emails. The service uses the same algorithms as PGP, but encrypts subject lines as well as the email body above that. Even Tutanota can’t decrypt your messages. It also offers perfect forward security, meaning hacking a past session doesn’t give a cybercriminal access to future sessions. Tutanota also encrypts your address book and your calendar.

ProtonMail also uses end-to-end symmetrical encryption—RSA 2048-bit for user-to-user emails, AES 256-bit for user-to-non-user emails. It uses OpenPGP, an industry-standard email encryption algorithm that has several weaknesses mentioned above—no encryption of subject lines, and no perfect forward security. Like Tutanota, ProtonMail’s encryption prevents even ProtonMail itself from decrypting it and reading your messages.

ProtonMail OpenPGP settings
ProtonMail OpenPGP settings

Anonymity

Tutanota strips IP address information from its messages, making it impossible for anyone to trace the message back to the user, at least using the IP.

Meanwhile, ProtonMail offers complete anonymity to its users, too. In addition to end-to-end encryption, it also strips messages of IP addresses.

ProtonMail vs. Tutanota: the ultimate secure email comparison
video screenshot

Privacy

Tutanota is a German company. Germany is one of the “Fourteen Eyes” alliance of intelligence-sharing countries, but emails that pass through Tutanota are protected by the German Federal Data Protection Act, which prohibits the use or collection of personal data without express permission or a law that specifically allows it. 

ProtonMail is headquartered in Switzerland, with servers hidden under a kilometer of granite, safe even from a nuclear blast. Famously neutral and independent, Switzerland has some of the best privacy laws in the world, and ProtonMail’s parent company is very privacy-focused.

Spam filtering

Tutanota offers an intelligent spam filter with parameters users can use to identify spam and filter out unwanted messages. While they are constantly making improvements, user feedback tends to identify Tutanota’s spam filter as too restrictive.

Global settings on Tutanota
Tutanota settings

Meanwhile, ProtonMail uses a smart spam detection system that automatically puts your incoming messages in an inbox or spam folder. Sometimes it’s bound to misplace your emails, so you can use a whitelister as a method to bypass the blocks if they seem too strict for you.

ProtonMail spam filters
ProtonMail spam filters

Tutanota vs ProtonMail: features

Different features will be valuable to different users. ProtonMail has the advantage of ProtonVPN in its priciest plan, but we’re giving this close race to Tutanota thanks to the availability of encrypted calendars in every plan, even the free plan.

FeatureTutanotaProtonMail
AutoResponderYes (paid plan)Yes (paid plan)
Custom DomainsYes (paid plan)Yes (paid plan)
Secure Form CodeYes (pricey add-on)No
VPN SubscriptionNoYes (highest plan only)
Custom CSSNoYes
Secure CalendarYes (free)Beta only

Winner: Tutanota

Features that both secure emails have

For paying users, both Tutanota and ProtonMail offer an autoresponder and custom domain aliases. When it comes to secure calendars, Tutanota gives it for free while ProtonMail is still in the beta stage of this solution. Therefore, this micro-battle goes to the former secure email.

Tutanota Inbox interface
Tutanota interface

Unique features

The most interesting feature is Tutanota’s SecureConnect. It allows you to implant Tutanota code into your website to create a contact form with the same security and privacy as Tutanota itself. This is a niche feature, and an expensive add-on not included in any plan. Companies that want to receive secure messages from their website visitors, however, may find SecureConnect invaluable.

What separates ProtonMail from Tutanota is its VPN subscription. It’s becoming more common to see secure email providers offer other online security solutions, such as password managers or file encryptors. In this case, ProtonMail’s Visionary plan includes a subscription to ProtonVPN, which privacy-minded users should consider anyway.

Some of ProtonMail’s paid plans also include ProtonMail Bridge, an app that runs in the background and automatically encrypts or decrypts messages in applications that support IATP or SMTP. This is probably of limited use to most users, just like the CSS customization functionality.

Getting back to more widely-used features, we find that Tutanota has a native desktop application. In contrast, ProtonMail can only be accessed by webmail or using a third-party email client.

Tutanota vs ProtonMail: pricing

While the free plan is more restrictive and the packages more expensive, we still give this one to ProtonMail. The a la carte model of Tutanota leads to sticker shock and analysis paralysis – once you start adding features, your plan gets complicated and pricey. Despite the higher price tags, ProtonMail offers valuable features within each package that more than justifies the cost.

VersionTutanotaProtonMail
Free$0.00$0.00
Premium$14.10/year$48.00/year
Teams$56.40/year$75.00/year
 Check PricingCheck Pricing

Winner: ProtonMail

Value for the price

Tutanota offers a free plan with 1 GB of storage. It also offers a €1.20/month Premium plan, a €4.80/month Teams plan, and a €7.20/month Pro plan. Slight discounts are available for annual plans. It is worth noting, however, that Tutanota uses an a la carte approach, with services able to be added. This allows the users to customize their plan, but popular features can quickly erase the savings enjoyed by Tutanota users.

ProtonMail offers a free plan with 500 MB of storage and a limit of 150 emails per day. The paid plans range from €5/month for Plus, €8/month per user (up to 5,000 users) for Professional, and €30/month for Visionary. While these prices are higher and the menus fixed, both the Professional and Visionary plans offer powerful and comprehensive feature packages. Visionary, for example, includes a free subscription to ProtonVPN. Tutanota doesn’t offer anything close to this value, even in the Pro plan.

Tutanota vs ProtonMail: storage and attachments

With no advantage in attachment size, this match goes to ProtonMail based on storage. Yes, the free plan offers less data, but the data offered to the paid plans run circles around Tutanota’s data allowance.

TutanotaProtonMail
Free Storage1 GB500 MB
Paid StorageUp to 10 GBUp to 20 GB
Attachment Limit25 MB25 MB

Winner: ProtonMail

Data allowances

Tutanota offers 1 GB of storage for the Free and Premium plans, 10 GB of storage for the Teams and Professional plans. Tutanota limits attachments to 25 MB.

ProtonMail offers 500 MB of storage for their Free plan, 5 GB of storage for the Plus plan, 5 GB per user for each user (up to 5,000 users) for the Professional plan, and 20 GB of storage for the Visionary plan. ProtonMail also limits attachments to 25 MB.

Tutanota vs ProtonMail: ease-of-use

Both Tutanota and ProtonMail are reasonably easy to use. The winner, however, is ProtonMail. We were impressed by its ease of setup, useful settings, and third-party integrations.

TutanotaProtonMail
SetupThree steps, TOS acceptance, 64-digit recovery codeTwo steps, verification
InterfaceResponsiveFeature-rich
Performance and speedFast and strongFast and strong
App integrationsNative desktop app, no integrationsMany popular integrations

Winner: ProtonMail

Setup

Setting up a Tutanota starts by clicking the “Sign Up” button in the upper right-hand corner of every page. You will be presented with an assortment of plans to choose from. If you select the “Free” plan, a window pops up notifying you that Tutanota limits users to one free plan each.

The next page asks you to create your username (i.e. your email address) and create and confirm your password. Two checkboxes verify your age (16+ per German law) and your acceptance of the terms of service.

The next page takes you to your recovery code, a 64-digit code that authorizes you to change your password and second factor. Save it carefully, or the loss of your credentials could lock you out of your account, permanently! You’re then taken into a login page and can access your new inbox.

Tutanota recovery code
Tutanota recovery code

The ProtonMail setup process is lightning-quick and easy. Upon clicking the “Sign Up” button, on every page next to the “Sign In” button, you will be taken to a page with dropdown menus from which to select your plan. The “Plus” plan is automatically unfurled, but you can easily select “Free” above it, “Professional” or “Visionary” below it.

Once you select your plan, you will be directed to a simple, one-page setup screen, asking for your new username, password with dual confirmation, and recovery email. Click “Create Account,” and you will be taken to a verification page, where you can choose Captcha, SMS, email, or phone verification. Captcha is probably the quickest. Verify your account, and that’s it! You’re ready to start customizing your inbox.

User-friendliness

Tutanota is remarkably easy to use. It resembles many other email inboxes, making it intuitive and easy to navigate. The interface is also elegant – it’s responsive and fun to use.

ProtonMail doesn’t lose out on this front – it’s also very user-friendly and intuitive. It loses some points, however, from a home screen that includes a huge prompt to upgrade your account. ProtonMail has a lot more settings, though, including custom CSS import.

ProtonMail custom filters
ProtonMail custom filters

Performance and speed

Tutanota sends and delivers mail quickly and reliably. Service was interrupted during a 2020 DDoS attack, but overall performance is excellent.

ProtonMail also exhibits excellent speed and performance, with no noticeable delays or interruptions in service. ProtonMail also offers excellent attachment upload speed and transfer. However, the Preview Panel is a little slow to load, since this is the step at which the message gets decrypted in ProtonMail.

App integrations

Tutanota’s proprietary encryption has the side-effect of negating the ability to integrate it with third-party email clients. This may not matter to many users, since Tutanota includes a native desktop app, but people who love Microsoft Outlook or Apple Mail may be disappointed.

ProtonMail integrates with the most popular third-party email clients, including Microsoft Outlook, Apple Mail, and Mozilla Thunderbird.

ProtonMail import option
ProtonMail integrations

Tutanota vs ProtonMail: customer support

ProtonMail is the clear winner. By offering a larger subreddit, a more useful knowledge base, and direct email support even to free users, it far surpasses Tutanota in terms of user support.

TutanotaProtonMail
Knowledge baseDecentExcellent
SubredditBigMassive
Email supportPaid plans onlyAll plans (escalated service with paid plans)

Winner: ProtonMail

Knowledbases and email support

Tutanota offers a Subreddit and a user knowledge base. It also has direct email support, but only for paid users.

ProtonMail offers direct email support, even for free users. Free accounts supposedly have “limited support,” meaning longer wait times can probably be expected, but it’s better than nothing. It also has a larger Subreddit, as well as a knowledge base that is much easier to search and navigate.

Verdict

CategoryTutanotaProtonMail
Privacy and Security
Features
Pricing
Storage and Attachments
Ease of Use
Customer Support

Winner:

Both Tutanota and ProtonMail are excellent mail applications, but ProtonMail stood out in many categories. While we give Tutanota the slight edge on feature selection, we slightly preferred ProtonMail for privacy, security, pricing, storage, attachments, and ease of use. Where ProtonMail really outshines Tutanota is customer support, which matters more than people sometimes give credit for.

It was a close race, but our pick in the Tutanota vs. ProtonMail side-by-side comparison sweepstakes: ProtonMail!

FAQ

Is Tutanota better than ProtonMail?

Tutanota is dead set focused on maintaining your privacy, while ProtonMail is more interested in private email service. It means that they’re trying to be easy to use and comfortable services, while Tutanota sacrifices convenience for anonymity.

Can ProtonMail be traced?

For people on the outside, there’s no way to track ProtonMail. However, if you get in trouble with law enforcement, they will cooperate. ProtonMail is not a neutral service. The service developers clearly state that they do not want to be a criminal’s email provider. Which means that you can potentially become traced.

Is Tutanota open-source?

Tutanota doesn’t use third-party code on the principle that it would be hard to make sure the privacy claims. Their source code is fully documented on GitHub, so if you want to make sure how some elements work, you can do it.

Which service is better supported: Tutanota or ProtonMail?

Tutanota developers used their own encryption, while ProtonMail uses OpenPGP. So, interaction with other clients should be more comfortable with ProtonMail. Meaning that it smoothly works with other non-ProtonMail accounts. With Tutanota, both users will have the easiest time only with other Tutanota users.

Related articles:
Comments 17
  1. toquinho cerezo says:

    Forget about Swiss laws etc.. in my opinion the biggest concern about ProtonMail is the request for a phone number to create the account. What is really fishy is that although they say they don’t link the phone with the account, you have to take that for granted, and I frankly don’t like it. Seems like a trap. I tried to use temp phone sms services, and surprise!!! A nice mssg telling me that those phones were already used. So they are actually storing (don’t matter if hashed or not) phone numbers. So I think trust anonymity with ProtonMail is an act of faith.

  2. Oppa Kruse says:

    ProtonMail is doing some clever marketing with its location in Switzerland and its data center. However, the truth is that Switzerland is not 100% neutral and that requests for information from authorities are also possible there, forcing providers to cooperate.

    In the case of web-based clients, which also store users’ private keys and are primarily based on JavaScript, there are also a lot of starting points here. On the one hand, JavaScript is vulnerable to timing attacks. On the other hand, malicious / manipulated browser plug-ins can also be abused (regardless of this, they always read along anyway). Finally, the provider itself can be forced to deliver manipulated code to users to be monitored. This does not make the services insecure per se – but they offer little real protection against actors with great power (states, their intelligence services, etc.).

    But the truth is also that a data center in a first-strike-proof data center offers good protection against a nuclear attack and hardware theft – but adds no value in terms of cybersecurity. Today, such attacks typically occur from the outside by attackers or from the inside by “agents” at the software level.

    Putting all the facts on the table, ProtonMail still currently offers the better deal compared to Tutanota. In my opinion, however, there is only one reason for this: ProtonMail offers the possibility to import existing mailboxes. This possibility does not yet exist with Tutanota. For anyone who wants to change, but exactly that – an import of existing mails – is enormously important.

    In my opinion, all other facts speak against Protonmail. Even if you take into account the cooperation of Germany with foreign intelligence services and the increasing surveillance mentality. But this is only my personal opinion.

  3. Bob says:

    I’m looking at Tutanota’s site right now, and it clearly has an option for storage all the way up to 1TB, and it’s cheaper than Proton.

    Don’t get me wrong, Proton is a good service, but the comparisons between these services I’m seeing done make much sense. Tutanota clearly wins from a pricing standpoint. I can have two users with 5GB of storage for literally half the cost of Proton Mail. Granted, I do think Protonmail has the better UI, but they also lack a calendar for the free tier. How in the world did it win on pricing and storage?

    Fixed:
    Privacy and Security ✘ ✔
    Features ✔ ✘
    Pricing ✔ ✘
    Storage and Attachments ✔ ✘
    Ease of Use ✘ ✔
    Customer Support ✘ ✔

  4. Patrick says:

    I use both Protonmail and Tutanota. One feature Protonmail outshines Tutanota is that it has the disappearing email function. For communication nowadays, we don’t need to keep all content. So, Protonmail is better in this race.

  5. Monero says:

    In my opinion this article is lacking comparison of two very important things:

    1) Two-factor authentication
    Tutanota supports U2F (Security Key) and TOTP (authenticator app). ProtonMail supports only TOTP.
    A U2F key is a true physical factor. As long as you keep them physically secure, they can’t be digitally intercepted or redirected. And unlike most two-factor methods, U2F keys are phishing-proof because they only work once you’ve registered them with a site. This is very important because phishing is one of the biggest threat. Additionally the U2F implementation by Tutanota is very good – you have to touch the security key every time you log in.

    2) Password reset procedure, which is a very popular attack vector.
    Tutanota has better password reset procedure than ProtonMail.
    Tutanota comes with a 64-digit recovery code that enables you to reset your password yourself making sure that no one can abuse the password reset feature to gain access to your email account. (You can’t recover the password by email or by sms.)
    https://tutanota.com/blog/posts/secure-password-reset
    In ProtonMail the user decides about password reset options. User can add a recovery email or in ProtonMail V4 in beta a recovery phone number. This mens that you don’t have a password reset option or your ProtonMail email is as safe as your recovery email or you are at risk of sim swap.
    https://protonmail.com/support/knowledge-base/reset-password/

    Because of the above for people who want a very secure email account Tutanota with U2F key is an obvious choice. In my opinion security of an email account depends more on 2FA options and password recovery procedure than on other factors.
    Tutanota is also an excellent choice as an recovery email for important online accounts. If online accounts which you have are very important you should choose Tutanota Premium account so you can activate notification emails about new messages in your Tutanota inbox. It is also a good idea not to share your recovery email with anybody.

  6. Monero says:

    Hi Paul, Can you please have a look at the below? It doesn’t make any sense to me.
    Tutanota ProtonMail
    Spam Filtering Permissive Restrictive
    Tutanota offers an intelligent spam filter with parameters users can use to identify spam and filter out unwanted messages. While they are constantly making improvements, user feedback tends to identify Tutanota’s spam filter as too restrictive.
    ProtonMail offers an intelligent spam filter with parameters users can use to identify spam and filter out unwanted messages. While they are constantly making improvements, user feedback tends to identify Tutanota’s spam filter as too restrictive. Users may have to whitelist emails they do want to see.

    • CyberNews Team says:

      Hi, thank you for your comment. We’ve revisited these findings.

  7. Misti Cleveland says:

    I am wanting to leave Gmail and Yahoo for security/privacy reasons. I have Verizon/AOL email. It is sometimes “down” – fails to load my emails. But I get no spam, and storage is huge. (I’m not tech savvy, so I can’t tell you what the error is when it won’t load. Sorry about that.) I want email that works, is secure, and won’t allow lots of spam. Gmail puts a couple ads at the top, which is no big deal. It’s Tutanota what you would recommend?

    • CyberNews Team says:

      Both ProtonMail and Tutanota have excellent measures against spam. So, if you’re worried about that the most, you’ll have comparable experience, whichever you pick.

  8. blitzfick says:

    In a recent support go-round with protonmail I found out that they machine read incoming emails and attachments from non-secure email sources and will blacklist an email despite the sender’s email address being on the receiver’s white list. They completely ignore the receiver’s white list.

  9. Mauricio Rubio says:

    The only and enough dissadvantage Protonmail has for me is that there are many chineses inside. That fact is enough for me to dispose its service.

  10. John says:

    Protonmail free is very restricted. They only allow you to send to 10 recipients/day. And one cc or bcc mail counts as 10 unique messages. So not very suited if you email to a lot of people. They have a secret formula to boost your reputation, so you can send more, which is basically: pay.

    • CyberNews Team says:

      Hi, John. This is incorrect. Yes, they limit bulk sending, but the cap doesn’t disappear when you opt-in for paid plans. It’s in their terms of service.

  11. Bill says:

    This article seems to skip over a lot of ProtonMail’s flaws while being very critical about small issues with Tutanota. The conclusions drawn also don’t seem to line up with the data presented in the article.

    Tutanota is 1/4 the price of ProtonMail, but the verdict is that ProtonMail wins on Pricing?
    The article clearly discusses how Tutanota is more privacy focused and makes better use of encryption, but the verdict is that ProtonMail wins on Privacy and Security?

    Something seems fishy.

  12. Stephen says:

    Email providers based in Switzerland tend to make Swiss privacy sound like a big deal. Swiss privacy is not a feature that you should count upon. During the 2009 financial crisis Swiss banks wanted bail out protection and the US government wanted information about citizens with offshore accounts. They both got what they wanted. The US Department of Justice website details this arraignment in the article “U.S. Discloses Terms of Agreement with Swiss Government Regarding UBS”, August 19, 2009. The article is at https://www.justice.gov/opa/pr/us-discloses-terms-agreement-swiss-government-regarding-ubs.

    The article states “The Swiss government will then direct UBS to initiate procedures which could result in the turning over of information on thousands of accounts to the IRS.” The article also states “In addition, the Swiss Government has agreed to review and process additional requests for information from other banks regarding their account holders”. The DOJ website also has individual case resolutions published. Several US citizens were sentenced to Federal Prison because of these actions.

    Swiss privacy is nice, but it works better when it is financially beneficial.

  13. Stephen says:

    In this article, under the heading “Spam Filtering” there are the statements: “user feedback tends to identify Tutanota’s spam filter as not restrictive enough”, AND “user feedback tends to identify Tutanota’s spam filter as too restrictive”.

    This article under the heading “Anonymity”, states “Tutanota stores IP address information with its messages”. In the cybernews article “Tutanota review: when privacy is a must”, it states “Tutanota strips the IP address from your email header, hiding your location. The whole inbox is encrypted, and the service provider does not log the IP’s of its users.” Are both of these statements accurate, and if so what is being stored?

    You concluded Protonmail was the pricing leader, but with Tutanota’s premium plan costing €1.20/month and Protonmail’s Plus Plan costing €5/month, it is difficult to see how you came to this conclusion. While additional features might cost more, this is true for both providers. The top Protonmail plan comes in at €30/month which is far more than Tutanota email with 3rd party VPN.

  14. Stephen says:

    I have a paid Protonmail account and a free Tutanota account. Two differences that seem different to me are the support for contact groups, and support for encrypted email to outside (non-encrypted email accounts).

    Proton paid accounts support contact groups, so you can send email to a preconfigured contact group. Tutanota does not have this feature.

    Both providers have an “encrypt for outside” capability allowing you to compose a message and deliver it as a hyperlink that can be opened / exposed with a password. This prevents the recipient’s email provider, google, yahoo, etc. from reading your message. The difference is Protonmail’s implementation requires a ‘password per message’ while Tutanota’s implementation supports ‘passwords by contact’. The difference has a huge impact on usability. Protonmail’s implementation requires you to communicate the password to the recipient, manually record the password in some sort of journal, and enter this password every time you send an encrypt for outside message. Tutanota’s implementation requires you to communicate the password to the recipient, but it records that password with the contact information which you can use for all future emails until you change the password.

    Tutanota’s ‘password per contact’ is also more flexible. If you have a contact ‘Ben’ whose password is ‘chocolate’ and a contact ‘Jerry’ whose password is ‘vanilla’ you can send an “encrypt for outside” with Tutanota to Ben and Jerry and they each open the message with their own passwords. With Protonmail you would have no password that would work with both recipients, so you can only send separate messages or use the same password for everyone.

    Tutanota’s “encrypt for outside” could use some improvement (allowing the recipients to choose their own passwords and store them on the Tutanota server would be an obvious improvement), but even with its flaws it is usable. The usability of Protonmail’s “encrypt for outside” is fatally flawed.

Leave a Reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Subscribe for security tips and CyberNews updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!

© 2020 CyberNews – Latest tech news, product reviews, and analyses.