Tutanota vs. ProtonMail: which is the better secure email service?
For those in the know and protective of their privacy, Tutanota and ProtonMail are the industry leaders in “secure email”. Both have an excellent reputation built on guarding user emails from prying eyes – even their own eyes.
So which one is better. Let’s take a side-by-side look at Tutanota vs. ProtonMail to see which one is better in general—or better for you.
Tutanota vs ProtonMail: security and privacy
Both services offer excellent security and privacy – it’s their entire selling point. Both offer end-to-end encryption that even they don’t have the keys to decrypt.
Tutanota encrypts more spaces within its ecosystem, but we give a slight edge to ProtonMail. ProtonMail has a restrictive spam filter, complete anonymity, and RSA 256-bit encryption compared to Tutanota’s 128-bit protocol. ProtonMail also benefits from Switzerland’s excellent attention to privacy.
| ProtonMail | Tutanota | |
| Rating | ||
| Encryption | RSA 2048-bit, AES 256-bit, OpenPGP | RSA 2048-bit, AES 128-bit, no PGP, encrypted subject lines, calendars, and address books, perfect forward security |
| Anonymity | No IP address stored | IP addresses stored, but hidden |
| Privacy | Protected by Swiss law, company commitment | Protected by German law, 14 Eyes,company commitment |
| Spam Filtering | Permissive | Restrictive |
| Website | Protonmail.com | Tutanota.com |
Winner:
Encryption
Tutanota offers end-to-end symmetrical encryption—RSA 2048-bit for user-to-user emails, AES 128-bit for user-to-non-user emails. The service uses the same algorithms as PGP, but encrypts subject lines as well as the email body above that. Even Tutanota can’t decrypt your messages. It also offers perfect forward security, meaning hacking a past session doesn’t give a cybercriminal access to future sessions. Tutanota also encrypts your address book and your calendar.
ProtonMail also uses end-to-end symmetrical encryption—RSA 2048-bit for user-to-user emails, AES 256-bit for user-to-non-user emails. It uses OpenPGP, an industry-standard email encryption algorithm that has several weaknesses mentioned above—no encryption of subject lines, and no perfect forward security. Like Tutanota, ProtonMail’s encryption prevents even ProtonMail itself from decrypting it and reading your messages.
Anonymity
Tutanota strips IP address information from its messages, making it impossible for anyone to trace the message back to the user, at least using the IP.
Meanwhile, ProtonMail offers complete anonymity to its users, too. In addition to end-to-end encryption, it also strips messages of IP addresses. However, there was a case when they logged an IP address of their user after the Swiss government request – to avoid that and unsure anonymity on all of your mails, we suggest combining an email service together with a good VPN.
Privacy
Tutanota is a German company. Germany is one of the “Fourteen Eyes” alliance of intelligence-sharing countries, but emails that pass through Tutanota are protected by the German Federal Data Protection Act, which prohibits the use or collection of personal data without express permission or a law that specifically allows it.
ProtonMail is headquartered in Switzerland, with servers hidden under a kilometer of granite, safe even from a nuclear blast. Famously neutral and independent, Switzerland has some of the best privacy laws in the world, and ProtonMail’s parent company is very privacy-focused.
Spam filtering
Tutanota offers an intelligent spam filter with parameters users can use to identify spam and filter out unwanted messages. While they are constantly making improvements, user feedback tends to identify Tutanota’s spam filter as too restrictive.
Meanwhile, ProtonMail uses a smart spam detection system that automatically puts your incoming messages in an inbox or spam folder. Sometimes it’s bound to misplace your emails, so you can use a whitelister as a method to bypass the blocks if they seem too strict for you.
Tutanota vs ProtonMail: features
Different features will be valuable to different users. ProtonMail has the advantage of ProtonVPN in its priciest plan, but we’re giving this close race to Tutanota thanks to the availability of encrypted calendars in every plan, even the free plan.
| Feature | Tutanota | ProtonMail |
| AutoResponder | ✔️ (paid plan) | ✔️ (paid plan) |
| Custom Domains | ✔️ (paid plan) | ✔️ (paid plan) |
| Secure Form Code | ✔️ (pricey add-on) | ❌ |
| VPN Subscription | ❌ | ✔️ (highest plan only) |
| Custom CSS | ❌ | ✔️ |
| Secure Calendar | ✔️ (free) | Beta only |
Winner:
Features that both secure emails have
For paying users, both Tutanota and ProtonMail offer an autoresponder and custom domain aliases. When it comes to secure calendars, Tutanota gives it for free while ProtonMail is still in the beta stage of this solution. Therefore, this micro-battle goes to the former secure email.
Unique features
The most interesting feature is Tutanota's SecureConnect. It allows you to implant Tutanota code into your website to create a contact form with the same security and privacy as Tutanota itself. This is a niche feature, and an expensive add-on not included in any plan. Companies that want to receive secure messages from their website visitors, however, may find SecureConnect invaluable.
What separates ProtonMail from Tutanota is its VPN subscription. It's becoming more common to see secure email providers offer other online security solutions, such as password managers or file encryptors. In this case, ProtonMail's Visionary plan includes a subscription to ProtonVPN, which privacy-minded users should consider anyway.
Some of ProtonMail's paid plans also include ProtonMail Bridge, an app that runs in the background and automatically encrypts or decrypts messages in applications that support IMAP or SMTP. This is probably of limited use to most users, just like the CSS customization functionality.
Getting back to more widely-used features, we find that Tutanota has a native desktop application. In contrast, ProtonMail can only be accessed by webmail or using a third-party email client.
Tutanota vs ProtonMail: pricing
While the free plan is more restrictive and the packages more expensive, we still give this one to ProtonMail. The a la carte model of Tutanota leads to sticker shock and analysis paralysis – once you start adding features, your plan gets complicated and pricey. Despite the higher price tags, ProtonMail offers valuable features within each package that more than justifies the cost.
| Version | Tutanota | ProtonMail |
| Free | $0.00 | $0.00 |
| Premium | $14.10/year | $48.00/year |
| Teams | $56.40/year | $75.00/year |
| Check Pricing | Check Pricing |
Winner:
Value for the price
Tutanota offers a free plan with 1 GB of storage. It also offers a €1.20/month Premium plan, a €4.80/month Teams plan, and a €7.20/month Pro plan. Slight discounts are available for annual plans. It is worth noting, however, that Tutanota uses an a la carte approach, with services able to be added. This allows the users to customize their plan, but popular features can quickly erase the savings enjoyed by Tutanota users.
ProtonMail offers a free plan with 500 MB of storage and a limit of 150 emails per day. The paid plans range from €5/month for Plus, €8/month per user (up to 5,000 users) for Professional, and €30/month for Visionary. While these prices are higher and the menus fixed, both the Professional and Visionary plans offer powerful and comprehensive feature packages. Visionary, for example, includes a free subscription to ProtonVPN. Tutanota doesn’t offer anything close to this value, even in the Pro plan.
Tutanota vs ProtonMail: storage and attachments
With no advantage in attachment size, this match goes to ProtonMail based on storage. Yes, the free plan offers less data, but the data offered to the paid plans run circles around Tutanota’s data allowance.
| Tutanota | ProtonMail | |
| Free Storage | 1 GB | 500 MB |
| Paid Storage | Up to 10 GB | Up to 20 GB |
| Attachment Limit | 25 MB | 25 MB |
Winner:
Data allowances
Tutanota offers 1 GB of storage for the Free and Premium plans, 10 GB of storage for the Teams and Professional plans. Tutanota limits attachments to 25 MB.
ProtonMail offers 500 MB of storage for their Free plan, 5 GB of storage for the Plus plan, 5 GB per user for each user (up to 5,000 users) for the Professional plan, and 20 GB of storage for the Visionary plan. ProtonMail also limits attachments to 25 MB.
Tutanota vs ProtonMail: ease-of-use
Both Tutanota and ProtonMail are reasonably easy to use. The winner, however, is ProtonMail. We were impressed by its ease of setup, useful settings, and third-party integrations.
| Tutanota | ProtonMail | |
| Setup | Three steps, TOS acceptance, 64-digit recovery code | Two steps, verification |
| Interface | Responsive | Feature-rich |
| Performance and speed | Fast and strong | Fast and strong |
| App integrations | Native desktop app, no integrations | Many popular integrations |
Winner:
Setup
Setting up a Tutanota account starts by clicking the “Sign Up” button in the upper right-hand corner of every page. You will be presented with an assortment of plans to choose from. If you select the “Free” plan, a window pops up notifying you that Tutanota limits users to one free plan each.
The next page asks you to create your username (i.e. your email address) and create and confirm your password. Two checkboxes verify your age (16+ per German law) and your acceptance of the terms of service.
The next page takes you to your recovery code, a 64-digit code that authorizes you to change your password and second factor. Save it carefully, or the loss of your credentials could lock you out of your account, permanently! You’re then taken into a login page and can access your new inbox.
The ProtonMail setup process is lightning-quick and easy. Upon clicking the “Sign Up” button, on every page next to the “Sign In” button, you will be taken to a page with dropdown menus from which to select your plan. The “Plus” plan is automatically unfurled, but you can easily select “Free” above it, “Professional” or “Visionary” below it.
Once you select your plan, you will be directed to a simple, one-page setup screen, asking for your new username, password with dual confirmation, and recovery email. Click “Create Account,” and you will be taken to a verification page, where you can choose Captcha, SMS, email, or phone verification. Captcha is probably the quickest. Verify your account, and that’s it! You’re ready to start customizing your inbox.
User-friendliness
Tutanota is remarkably easy to use. It resembles many other email inboxes, making it intuitive and easy to navigate. The interface is also elegant – it’s responsive and fun to use.
ProtonMail doesn't lose out on this front - it's also very user-friendly and intuitive. It loses some points, however, from a home screen that includes a huge prompt to upgrade your account. ProtonMail has a lot more settings, though, including custom CSS import.
Performance and speed
Tutanota sends and delivers mail quickly and reliably. Service was interrupted during a 2020 DDoS attack, but overall performance is excellent.
ProtonMail also exhibits excellent speed and performance, with no noticeable delays or interruptions in service. ProtonMail also offers excellent attachment upload speed and transfer. However, the Preview Panel is a little slow to load, since this is the step at which the message gets decrypted in ProtonMail.
App integrations
Tutanota’s proprietary encryption has the side-effect of negating the ability to integrate it with third-party email clients. This may not matter to many users, since Tutanota includes a native desktop app, but people who love Microsoft Outlook or Apple Mail may be disappointed.
ProtonMail integrates with the most popular third-party email clients, including Microsoft Outlook, Apple Mail, and Mozilla Thunderbird.
Tutanota vs ProtonMail: customer support
ProtonMail is the clear winner. By offering a larger subreddit, a more useful knowledge base, and direct email support even to free users, it far surpasses Tutanota in terms of user support.
| Tutanota | ProtonMail | |
| Knowledge base | Decent | Excellent |
| Subreddit | Big | Massive |
| Email support | Paid plans only | All plans (escalated service with paid plans) |
Winner:
Knowledbases and email support
Tutanota offers a Subreddit and a user knowledge base. It also has direct email support, but only for paid users.
ProtonMail offers direct email support, even for free users. Free accounts supposedly have “limited support,” meaning longer wait times can probably be expected, but it’s better than nothing. It also has a larger Subreddit, as well as a knowledge base that is much easier to search and navigate.
Verdict
| Category | Tutanota | ProtonMail |
| Privacy and Security | ❌ | ✔️ |
| Features | ✔️ | ❌ |
| Pricing | ❌ | ✔️ |
| Storage and Attachments | ❌ | ✔️ |
| Ease of Use | ❌ | ✔️ |
| Customer Support | ❌ | ✔️ |
Winner:
Both Tutanota and ProtonMail are excellent mail applications, but ProtonMail stood out in many categories. While we give Tutanota the slight edge on feature selection, we slightly preferred ProtonMail for security, pricing, storage, attachments, and ease of use. Where ProtonMail really outshines Tutanota is customer support, which matters more than people sometimes give credit for.
It was a close race, but our pick in the Tutanota vs. ProtonMail side-by-side comparison sweepstakes: ProtonMail!
Related secure emails guides from CyberNews:
Tutanota review: private email service with a no-nonsense approach
ProtonMail Review: one of the most discrete email providers
Fastmail Review: the private email service that started the trend
FAQ
Is Tutanota better than ProtonMail?
Tutanota is dead set focused on maintaining your privacy, while ProtonMail is more interested in private email service. It means that they're trying to be easy to use and comfortable services, while Tutanota sacrifices convenience for anonymity.
Can ProtonMail be traced?
For people on the outside, there's no way to track ProtonMail. However, if you get in trouble with law enforcement, they will cooperate. ProtonMail is not a neutral service. The service developers clearly state that they do not want to be a criminal's email provider. Which means that you can potentially become traced.
Is Tutanota open-source?
For the most part. While their Linux, iOS, Android, and web client code is open-source, they do not publish the source code for the Windows and macOS versions of their app. However, they claim it is the same as the one used for the Linux app and just uses Electron to make it work on Windows and macOS.
Which service is better supported: Tutanota or ProtonMail?
Tutanota developers used their own encryption, while ProtonMail uses OpenPGP. So, interaction with other clients should be more comfortable with ProtonMail. Meaning that it smoothly works with other non-ProtonMail accounts. With Tutanota, both users will have the easiest time only with other Tutanota users.
Comments
ProtonMail doesn't support U2F, they support only TOTP.
It should be mentioned in the review as this is a very important security feature.
Push works for Tutanota, even on Phone without Google Play Services. See: tutanota.com/blog/posts/open-source-email-fdroid/
In the case of web-based clients, which also store users’ private keys and are primarily based on JavaScript, there are also a lot of starting points here. On the one hand, JavaScript is vulnerable to timing attacks. On the other hand, malicious / manipulated browser plug-ins can also be abused (regardless of this, they always read along anyway). Finally, the provider itself can be forced to deliver manipulated code to users to be monitored. This does not make the services insecure per se – but they offer little real protection against actors with great power (states, their intelligence services, etc.).
But the truth is also that a data center in a first-strike-proof data center offers good protection against a nuclear attack and hardware theft – but adds no value in terms of cybersecurity. Today, such attacks typically occur from the outside by attackers or from the inside by “agents” at the software level.
Putting all the facts on the table, ProtonMail still currently offers the better deal compared to Tutanota. In my opinion, however, there is only one reason for this: ProtonMail offers the possibility to import existing mailboxes. This possibility does not yet exist with Tutanota. For anyone who wants to change, but exactly that – an import of existing mails – is enormously important.
In my opinion, all other facts speak against Protonmail. Even if you take into account the cooperation of Germany with foreign intelligence services and the increasing surveillance mentality. But this is only my personal opinion.
Don’t get me wrong, Proton is a good service, but the comparisons between these services I’m seeing done make much sense. Tutanota clearly wins from a pricing standpoint. I can have two users with 5GB of storage for literally half the cost of Proton Mail. Granted, I do think Protonmail has the better UI, but they also lack a calendar for the free tier. How in the world did it win on pricing and storage?
Fixed:
Privacy and Security ✘ ✔
Features ✔ ✘
Pricing ✔ ✘
Storage and Attachments ✔ ✘
Ease of Use ✘ ✔
Customer Support ✘ ✔
1) Two-factor authentication
Tutanota supports U2F (Security Key) and TOTP (authenticator app). ProtonMail supports only TOTP.
A U2F key is a true physical factor. As long as you keep them physically secure, they can’t be digitally intercepted or redirected. And unlike most two-factor methods, U2F keys are phishing-proof because they only work once you’ve registered them with a site. This is very important because phishing is one of the biggest threat. Additionally the U2F implementation by Tutanota is very good – you have to touch the security key every time you log in.
2) Password reset procedure, which is a very popular attack vector.
Tutanota has better password reset procedure than ProtonMail.
Tutanota comes with a 64-digit recovery code that enables you to reset your password yourself making sure that no one can abuse the password reset feature to gain access to your email account. (You can’t recover the password by email or by sms.)
https://tutanota.com/blog/posts/secure-password-reset
In ProtonMail the user decides about password reset options. User can add a recovery email or in ProtonMail V4 in beta a recovery phone number. This mens that you don’t have a password reset option or your ProtonMail email is as safe as your recovery email or you are at risk of sim swap.
https://protonmail.com/support/knowledge-base/reset-password/
Because of the above for people who want a very secure email account Tutanota with U2F key is an obvious choice. In my opinion security of an email account depends more on 2FA options and password recovery procedure than on other factors.
Tutanota is also an excellent choice as an recovery email for important online accounts. If online accounts which you have are very important you should choose Tutanota Premium account so you can activate notification emails about new messages in your Tutanota inbox. It is also a good idea not to share your recovery email with anybody.
Tutanota ProtonMail
Spam Filtering Permissive Restrictive
Tutanota offers an intelligent spam filter with parameters users can use to identify spam and filter out unwanted messages. While they are constantly making improvements, user feedback tends to identify Tutanota’s spam filter as too restrictive.
ProtonMail offers an intelligent spam filter with parameters users can use to identify spam and filter out unwanted messages. While they are constantly making improvements, user feedback tends to identify Tutanota’s spam filter as too restrictive. Users may have to whitelist emails they do want to see.
Tutanota is 1/4 the price of ProtonMail, but the verdict is that ProtonMail wins on Pricing?
The article clearly discusses how Tutanota is more privacy focused and makes better use of encryption, but the verdict is that ProtonMail wins on Privacy and Security?
Something seems fishy.
The article states “The Swiss government will then direct UBS to initiate procedures which could result in the turning over of information on thousands of accounts to the IRS.” The article also states “In addition, the Swiss Government has agreed to review and process additional requests for information from other banks regarding their account holders”. The DOJ website also has individual case resolutions published. Several US citizens were sentenced to Federal Prison because of these actions.
Swiss privacy is nice, but it works better when it is financially beneficial.
This article under the heading “Anonymity”, states “Tutanota stores IP address information with its messages”. In the cybernews article “Tutanota review: when privacy is a must”, it states “Tutanota strips the IP address from your email header, hiding your location. The whole inbox is encrypted, and the service provider does not log the IP’s of its users.” Are both of these statements accurate, and if so what is being stored?
You concluded Protonmail was the pricing leader, but with Tutanota’s premium plan costing €1.20/month and Protonmail’s Plus Plan costing €5/month, it is difficult to see how you came to this conclusion. While additional features might cost more, this is true for both providers. The top Protonmail plan comes in at €30/month which is far more than Tutanota email with 3rd party VPN.
Proton paid accounts support contact groups, so you can send email to a preconfigured contact group. Tutanota does not have this feature.
Both providers have an “encrypt for outside” capability allowing you to compose a message and deliver it as a hyperlink that can be opened / exposed with a password. This prevents the recipient’s email provider, google, yahoo, etc. from reading your message. The difference is Protonmail’s implementation requires a ‘password per message’ while Tutanota’s implementation supports ‘passwords by contact’. The difference has a huge impact on usability. Protonmail’s implementation requires you to communicate the password to the recipient, manually record the password in some sort of journal, and enter this password every time you send an encrypt for outside message. Tutanota’s implementation requires you to communicate the password to the recipient, but it records that password with the contact information which you can use for all future emails until you change the password.
Tutanota’s ‘password per contact’ is also more flexible. If you have a contact ‘Ben’ whose password is ‘chocolate’ and a contact ‘Jerry’ whose password is ‘vanilla’ you can send an “encrypt for outside” with Tutanota to Ben and Jerry and they each open the message with their own passwords. With Protonmail you would have no password that would work with both recipients, so you can only send separate messages or use the same password for everyone.
Tutanota’s “encrypt for outside” could use some improvement (allowing the recipients to choose their own passwords and store them on the Tutanota server would be an obvious improvement), but even with its flaws it is usable. The usability of Protonmail’s “encrypt for outside” is fatally flawed.
Your email address will not be published. Required fields are marked