© 2021 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Tutanota vs. ProtonMail: which is the better secure email service?

22

For those in the know and protective of their privacy, Tutanota and ProtonMail are the industry leaders in “secure email”. Both have an excellent reputation built on guarding user emails from prying eyes – even their own eyes.

So which one is better. Let’s take a side-by-side look at Tutanota vs. ProtonMail to see which one is better in general—or better for you.

Tutanota vs ProtonMail: security and privacy

Both services offer excellent security and privacy – it’s their entire selling point. Both offer end-to-end encryption that even they don’t have the keys to decrypt.

Tutanota encrypts more spaces within its ecosystem, but we give a slight edge to ProtonMail. ProtonMail has a restrictive spam filter, complete anonymity, and RSA 256-bit encryption compared to Tutanota’s 128-bit protocol. ProtonMail also benefits from Switzerland’s excellent attention to privacy.

ProtonMailTutanota
Rating
4.9
4.6
EncryptionRSA 2048-bit, AES 256-bit, OpenPGPRSA 2048-bit, AES 128-bit, no PGP, encrypted subject lines, calendars, and address books, perfect forward security
AnonymityNo IP address storedIP addresses stored, but hidden
PrivacyProtected by Swiss law, company commitmentProtected by German law, 14 Eyes,company commitment
Spam FilteringPermissiveRestrictive
WebsiteProtonmail.comTutanota.com

Winner:

ProtonMail winner logo

Encryption

Tutanota offers end-to-end symmetrical encryption—RSA 2048-bit for user-to-user emails, AES 128-bit for user-to-non-user emails. The service uses the same algorithms as PGP, but encrypts subject lines as well as the email body above that. Even Tutanota can’t decrypt your messages. It also offers perfect forward security, meaning hacking a past session doesn’t give a cybercriminal access to future sessions. Tutanota also encrypts your address book and your calendar.

ProtonMail also uses end-to-end symmetrical encryption—RSA 2048-bit for user-to-user emails, AES 256-bit for user-to-non-user emails. It uses OpenPGP, an industry-standard email encryption algorithm that has several weaknesses mentioned above—no encryption of subject lines, and no perfect forward security. Like Tutanota, ProtonMail’s encryption prevents even ProtonMail itself from decrypting it and reading your messages.

ProtonMail OpenPGP settings

Anonymity

Tutanota strips IP address information from its messages, making it impossible for anyone to trace the message back to the user, at least using the IP.

Meanwhile, ProtonMail offers complete anonymity to its users, too. In addition to end-to-end encryption, it also strips messages of IP addresses. However, there was a case when they logged an IP address of their user after the Swiss government request – to avoid that and unsure anonymity on all of your mails, we suggest combining an email service together with a good VPN.

ProtonMail vs. Tutanota: the ultimate secure email comparison
video screenshot

Privacy

Tutanota is a German company. Germany is one of the “Fourteen Eyes” alliance of intelligence-sharing countries, but emails that pass through Tutanota are protected by the German Federal Data Protection Act, which prohibits the use or collection of personal data without express permission or a law that specifically allows it.

ProtonMail is headquartered in Switzerland, with servers hidden under a kilometer of granite, safe even from a nuclear blast. Famously neutral and independent, Switzerland has some of the best privacy laws in the world, and ProtonMail’s parent company is very privacy-focused.

Spam filtering

Tutanota offers an intelligent spam filter with parameters users can use to identify spam and filter out unwanted messages. While they are constantly making improvements, user feedback tends to identify Tutanota’s spam filter as too restrictive.

Global settings on Tutanota
Tutanota settings

Meanwhile, ProtonMail uses a smart spam detection system that automatically puts your incoming messages in an inbox or spam folder. Sometimes it’s bound to misplace your emails, so you can use a whitelister as a method to bypass the blocks if they seem too strict for you.

Tutanota vs ProtonMail: features

Different features will be valuable to different users. ProtonMail has the advantage of ProtonVPN in its priciest plan, but we’re giving this close race to Tutanota thanks to the availability of encrypted calendars in every plan, even the free plan.

FeatureTutanotaProtonMail
AutoResponder✔️ (paid plan)✔️ (paid plan)
Custom Domains✔️ (paid plan)✔️ (paid plan)
Secure Form Code✔️ (pricey add-on)
VPN Subscription✔️ (highest plan only)
Custom CSS✔️
Secure Calendar✔️ (free)Beta only

Winner:

Tutanota winner logo

Features that both secure emails have

For paying users, both Tutanota and ProtonMail offer an autoresponder and custom domain aliases. When it comes to secure calendars, Tutanota gives it for free while ProtonMail is still in the beta stage of this solution. Therefore, this micro-battle goes to the former secure email.

Tutanota Inbox interface
Tutanota interface

Unique features

The most interesting feature is Tutanota's SecureConnect. It allows you to implant Tutanota code into your website to create a contact form with the same security and privacy as Tutanota itself. This is a niche feature, and an expensive add-on not included in any plan. Companies that want to receive secure messages from their website visitors, however, may find SecureConnect invaluable.

What separates ProtonMail from Tutanota is its VPN subscription. It's becoming more common to see secure email providers offer other online security solutions, such as password managers or file encryptors. In this case, ProtonMail's Visionary plan includes a subscription to ProtonVPN, which privacy-minded users should consider anyway.

Some of ProtonMail's paid plans also include ProtonMail Bridge, an app that runs in the background and automatically encrypts or decrypts messages in applications that support IMAP or SMTP. This is probably of limited use to most users, just like the CSS customization functionality.

Getting back to more widely-used features, we find that Tutanota has a native desktop application. In contrast, ProtonMail can only be accessed by webmail or using a third-party email client.

Tutanota vs ProtonMail: pricing

While the free plan is more restrictive and the packages more expensive, we still give this one to ProtonMail. The a la carte model of Tutanota leads to sticker shock and analysis paralysis – once you start adding features, your plan gets complicated and pricey. Despite the higher price tags, ProtonMail offers valuable features within each package that more than justifies the cost.

VersionTutanotaProtonMail
Free$0.00$0.00
Premium$14.10/year$48.00/year
Teams$56.40/year$75.00/year
Check PricingCheck Pricing

Winner:

ProtonMail winner logo

Value for the price

Tutanota offers a free plan with 1 GB of storage. It also offers a €1.20/month Premium plan, a €4.80/month Teams plan, and a €7.20/month Pro plan. Slight discounts are available for annual plans. It is worth noting, however, that Tutanota uses an a la carte approach, with services able to be added. This allows the users to customize their plan, but popular features can quickly erase the savings enjoyed by Tutanota users.

ProtonMail offers a free plan with 500 MB of storage and a limit of 150 emails per day. The paid plans range from €5/month for Plus, €8/month per user (up to 5,000 users) for Professional, and €30/month for Visionary. While these prices are higher and the menus fixed, both the Professional and Visionary plans offer powerful and comprehensive feature packages. Visionary, for example, includes a free subscription to ProtonVPN. Tutanota doesn’t offer anything close to this value, even in the Pro plan.

Tutanota vs ProtonMail: storage and attachments

With no advantage in attachment size, this match goes to ProtonMail based on storage. Yes, the free plan offers less data, but the data offered to the paid plans run circles around Tutanota’s data allowance.

TutanotaProtonMail
Free Storage1 GB500 MB
Paid StorageUp to 10 GBUp to 20 GB
Attachment Limit25 MB25 MB

Winner:

ProtonMail winner logo

Data allowances

Tutanota offers 1 GB of storage for the Free and Premium plans, 10 GB of storage for the Teams and Professional plans. Tutanota limits attachments to 25 MB.

ProtonMail offers 500 MB of storage for their Free plan, 5 GB of storage for the Plus plan, 5 GB per user for each user (up to 5,000 users) for the Professional plan, and 20 GB of storage for the Visionary plan. ProtonMail also limits attachments to 25 MB.

Tutanota vs ProtonMail: ease-of-use

Both Tutanota and ProtonMail are reasonably easy to use. The winner, however, is ProtonMail. We were impressed by its ease of setup, useful settings, and third-party integrations.

TutanotaProtonMail
SetupThree steps, TOS acceptance, 64-digit recovery codeTwo steps, verification
InterfaceResponsiveFeature-rich
Performance and speedFast and strongFast and strong
App integrationsNative desktop app, no integrationsMany popular integrations

Winner:

ProtonMail winner logo

Setup

Setting up a Tutanota account starts by clicking the “Sign Up” button in the upper right-hand corner of every page. You will be presented with an assortment of plans to choose from. If you select the “Free” plan, a window pops up notifying you that Tutanota limits users to one free plan each.

The next page asks you to create your username (i.e. your email address) and create and confirm your password. Two checkboxes verify your age (16+ per German law) and your acceptance of the terms of service.

The next page takes you to your recovery code, a 64-digit code that authorizes you to change your password and second factor. Save it carefully, or the loss of your credentials could lock you out of your account, permanently! You’re then taken into a login page and can access your new inbox.

Tutanota recovery code
Tutanota recovery code

The ProtonMail setup process is lightning-quick and easy. Upon clicking the “Sign Up” button, on every page next to the “Sign In” button, you will be taken to a page with dropdown menus from which to select your plan. The “Plus” plan is automatically unfurled, but you can easily select “Free” above it, “Professional” or “Visionary” below it.

Once you select your plan, you will be directed to a simple, one-page setup screen, asking for your new username, password with dual confirmation, and recovery email. Click “Create Account,” and you will be taken to a verification page, where you can choose Captcha, SMS, email, or phone verification. Captcha is probably the quickest. Verify your account, and that’s it! You’re ready to start customizing your inbox.

User-friendliness

Tutanota is remarkably easy to use. It resembles many other email inboxes, making it intuitive and easy to navigate. The interface is also elegant – it’s responsive and fun to use.

ProtonMail doesn't lose out on this front - it's also very user-friendly and intuitive. It loses some points, however, from a home screen that includes a huge prompt to upgrade your account. ProtonMail has a lot more settings, though, including custom CSS import.

ProtonMail custom filters

Performance and speed

Tutanota sends and delivers mail quickly and reliably. Service was interrupted during a 2020 DDoS attack, but overall performance is excellent.

ProtonMail also exhibits excellent speed and performance, with no noticeable delays or interruptions in service. ProtonMail also offers excellent attachment upload speed and transfer. However, the Preview Panel is a little slow to load, since this is the step at which the message gets decrypted in ProtonMail.

App integrations

Tutanota’s proprietary encryption has the side-effect of negating the ability to integrate it with third-party email clients. This may not matter to many users, since Tutanota includes a native desktop app, but people who love Microsoft Outlook or Apple Mail may be disappointed.

ProtonMail integrates with the most popular third-party email clients, including Microsoft Outlook, Apple Mail, and Mozilla Thunderbird.

protonmail import assistant

Tutanota vs ProtonMail: customer support

ProtonMail is the clear winner. By offering a larger subreddit, a more useful knowledge base, and direct email support even to free users, it far surpasses Tutanota in terms of user support.

TutanotaProtonMail
Knowledge baseDecentExcellent
SubredditBigMassive
Email supportPaid plans onlyAll plans (escalated service with paid plans)

Winner:

ProtonMail winner logo

Knowledbases and email support

Tutanota offers a Subreddit and a user knowledge base. It also has direct email support, but only for paid users.

ProtonMail offers direct email support, even for free users. Free accounts supposedly have “limited support,” meaning longer wait times can probably be expected, but it’s better than nothing. It also has a larger Subreddit, as well as a knowledge base that is much easier to search and navigate.

Verdict

CategoryTutanotaProtonMail
Privacy and Security✔️
Features✔️
Pricing✔️
Storage and Attachments✔️
Ease of Use✔️
Customer Support✔️

Winner:

ProtonMail winner logo

Both Tutanota and ProtonMail are excellent mail applications, but ProtonMail stood out in many categories. While we give Tutanota the slight edge on feature selection, we slightly preferred ProtonMail for security, pricing, storage, attachments, and ease of use. Where ProtonMail really outshines Tutanota is customer support, which matters more than people sometimes give credit for.

It was a close race, but our pick in the Tutanota vs. ProtonMail side-by-side comparison sweepstakes: ProtonMail!

FAQ


Tutanota review: private email service with a no-nonsense approach

ProtonMail Review: one of the most discrete email providers

Fastmail Review: the private email service that started the trend


Comments
Kremmen
Kremmen
prefix 1 month ago
You might want to check Steve Gibson's Secury Now or Protonmail's website about tracking users' IP addresses.
DsS
DsS
prefix 1 month ago
It's better not to choose ProtonMail anymore. The email service ProtonMail has transferred the data of several users to the Swiss authorities. Read the news. So, for your money, your data is also transferred to the right place.
Hola
Hola
prefix 1 month ago
I tested myself Proton's ability to track users by creating multiple accounts and deleting them sequentially, my ability to create accounts from any device under the same network was restricted. I submitted an inquiry through a provided link and I was later told this was in violation terms and conditions of use. This led me to select Tutanota since the same exercise was performed and no inquiries whatsoever over this matter were made by Tutanota's team... Which made me have second thoughts about ProtonMail's policies and procedures.
Markus
Markus
prefix 4 months ago
A big disadvantage of Protonmail is that push notification don’t work if you don’t use Google Play Services (e.g. on Volla Phone). How does this fit to a provider who is committed to security when he uses services of the biggest data kraken? And you cannot even auto forward messages from Protonmail (for example to Tutanota) so I didn’t find a solution yet how to get Protonmail notification on my Volla Phone.
Push works for Tutanota, even on Phone without Google Play Services. See: tutanota.com/blog/posts/open-source-email-fdroid/
toquinho cerezo
toquinho cerezo
prefix 5 months ago
Forget about Swiss laws etc.. in my opinion the biggest concern about ProtonMail is the request for a phone number to create the account. What is really fishy is that although they say they don’t link the phone with the account, you have to take that for granted, and I frankly don’t like it. Seems like a trap. I tried to use temp phone sms services, and surprise!!! A nice mssg telling me that those phones were already used. So they are actually storing (don’t matter if hashed or not) phone numbers. So I think trust anonymity with ProtonMail is an act of faith.
Ray
Ray
prefix 1 month ago
When you created your account? Mine was created last year and did not require a phone number. 'Til now everything is fine. Only using Authenticator to receive the code.
Oppa Kruse
Oppa Kruse
prefix 6 months ago
ProtonMail is doing some clever marketing with its location in Switzerland and its data center. However, the truth is that Switzerland is not 100% neutral and that requests for information from authorities are also possible there, forcing providers to cooperate.

In the case of web-based clients, which also store users’ private keys and are primarily based on JavaScript, there are also a lot of starting points here. On the one hand, JavaScript is vulnerable to timing attacks. On the other hand, malicious / manipulated browser plug-ins can also be abused (regardless of this, they always read along anyway). Finally, the provider itself can be forced to deliver manipulated code to users to be monitored. This does not make the services insecure per se – but they offer little real protection against actors with great power (states, their intelligence services, etc.).

But the truth is also that a data center in a first-strike-proof data center offers good protection against a nuclear attack and hardware theft – but adds no value in terms of cybersecurity. Today, such attacks typically occur from the outside by attackers or from the inside by “agents” at the software level.

Putting all the facts on the table, ProtonMail still currently offers the better deal compared to Tutanota. In my opinion, however, there is only one reason for this: ProtonMail offers the possibility to import existing mailboxes. This possibility does not yet exist with Tutanota. For anyone who wants to change, but exactly that – an import of existing mails – is enormously important.

In my opinion, all other facts speak against Protonmail. Even if you take into account the cooperation of Germany with foreign intelligence services and the increasing surveillance mentality. But this is only my personal opinion.
Bob
Bob
prefix 6 months ago
I’m looking at Tutanota’s site right now, and it clearly has an option for storage all the way up to 1TB, and it’s cheaper than Proton.

Don’t get me wrong, Proton is a good service, but the comparisons between these services I’m seeing done make much sense. Tutanota clearly wins from a pricing standpoint. I can have two users with 5GB of storage for literally half the cost of Proton Mail. Granted, I do think Protonmail has the better UI, but they also lack a calendar for the free tier. How in the world did it win on pricing and storage?

Fixed:
Privacy and Security ✘ ✔
Features ✔ ✘
Pricing ✔ ✘
Storage and Attachments ✔ ✘
Ease of Use ✘ ✔
Customer Support ✘ ✔
Patrick
Patrick
prefix 7 months ago
I use both Protonmail and Tutanota. One feature Protonmail outshines Tutanota is that it has the disappearing email function. For communication nowadays, we don’t need to keep all content. So, Protonmail is better in this race.
Monero
Monero
prefix 8 months ago
In my opinion this article is lacking comparison of two very important things:

1) Two-factor authentication
Tutanota supports U2F (Security Key) and TOTP (authenticator app). ProtonMail supports only TOTP.
A U2F key is a true physical factor. As long as you keep them physically secure, they can’t be digitally intercepted or redirected. And unlike most two-factor methods, U2F keys are phishing-proof because they only work once you’ve registered them with a site. This is very important because phishing is one of the biggest threat. Additionally the U2F implementation by Tutanota is very good – you have to touch the security key every time you log in.

2) Password reset procedure, which is a very popular attack vector.
Tutanota has better password reset procedure than ProtonMail.
Tutanota comes with a 64-digit recovery code that enables you to reset your password yourself making sure that no one can abuse the password reset feature to gain access to your email account. (You can’t recover the password by email or by sms.)
https://tutanota.com/blog/posts/secure-password-reset
In ProtonMail the user decides about password reset options. User can add a recovery email or in ProtonMail V4 in beta a recovery phone number. This mens that you don’t have a password reset option or your ProtonMail email is as safe as your recovery email or you are at risk of sim swap.
https://protonmail.com/support/knowledge-base/reset-password/

Because of the above for people who want a very secure email account Tutanota with U2F key is an obvious choice. In my opinion security of an email account depends more on 2FA options and password recovery procedure than on other factors.
Tutanota is also an excellent choice as an recovery email for important online accounts. If online accounts which you have are very important you should choose Tutanota Premium account so you can activate notification emails about new messages in your Tutanota inbox. It is also a good idea not to share your recovery email with anybody.
Monero
Monero
prefix 8 months ago
Hi Paul, Can you please have a look at the below? It doesn’t make any sense to me.
Tutanota ProtonMail
Spam Filtering Permissive Restrictive
Tutanota offers an intelligent spam filter with parameters users can use to identify spam and filter out unwanted messages. While they are constantly making improvements, user feedback tends to identify Tutanota’s spam filter as too restrictive.
ProtonMail offers an intelligent spam filter with parameters users can use to identify spam and filter out unwanted messages. While they are constantly making improvements, user feedback tends to identify Tutanota’s spam filter as too restrictive. Users may have to whitelist emails they do want to see.
CyberNews Team
CyberNews Team
prefix 8 months ago
Hi, thank you for your comment. We’ve revisited these findings.
Misti Cleveland
Misti Cleveland
prefix 8 months ago
I am wanting to leave Gmail and Yahoo for security/privacy reasons. I have Verizon/AOL email. It is sometimes “down” – fails to load my emails. But I get no spam, and storage is huge. (I’m not tech savvy, so I can’t tell you what the error is when it won’t load. Sorry about that.) I want email that works, is secure, and won’t allow lots of spam. Gmail puts a couple ads at the top, which is no big deal. It’s Tutanota what you would recommend?
CyberNews Team
CyberNews Team
prefix 8 months ago
Both ProtonMail and Tutanota have excellent measures against spam. So, if you’re worried about that the most, you’ll have comparable experience, whichever you pick.
blitzfick
blitzfick
prefix 8 months ago
In a recent support go-round with protonmail I found out that they machine read incoming emails and attachments from non-secure email sources and will blacklist an email despite the sender’s email address being on the receiver’s white list. They completely ignore the receiver’s white list.
Mauricio Rubio
Mauricio Rubio
prefix 9 months ago
The only and enough dissadvantage Protonmail has for me is that there are many chineses inside. That fact is enough for me to dispose its service.
John
John
prefix 9 months ago
Protonmail free is very restricted. They only allow you to send to 10 recipients/day. And one cc or bcc mail counts as 10 unique messages. So not very suited if you email to a lot of people. They have a secret formula to boost your reputation, so you can send more, which is basically: pay.
CyberNews Team
CyberNews Team
prefix 8 months ago
Hi, John. This is incorrect. Yes, they limit bulk sending, but the cap doesn’t disappear when you opt-in for paid plans. It’s in their terms of service.
Bill
Bill
prefix 10 months ago
This article seems to skip over a lot of ProtonMail’s flaws while being very critical about small issues with Tutanota. The conclusions drawn also don’t seem to line up with the data presented in the article.

Tutanota is 1/4 the price of ProtonMail, but the verdict is that ProtonMail wins on Pricing?
The article clearly discusses how Tutanota is more privacy focused and makes better use of encryption, but the verdict is that ProtonMail wins on Privacy and Security?

Something seems fishy.
Stephen
Stephen
prefix 10 months ago
Email providers based in Switzerland tend to make Swiss privacy sound like a big deal. Swiss privacy is not a feature that you should count upon. During the 2009 financial crisis Swiss banks wanted bail out protection and the US government wanted information about citizens with offshore accounts. They both got what they wanted. The US Department of Justice website details this arraignment in the article “U.S. Discloses Terms of Agreement with Swiss Government Regarding UBS”, August 19, 2009. The article is at https://www.justice.gov/opa/pr/us-discloses-terms-agreement-swiss-government-regarding-ubs.

The article states “The Swiss government will then direct UBS to initiate procedures which could result in the turning over of information on thousands of accounts to the IRS.” The article also states “In addition, the Swiss Government has agreed to review and process additional requests for information from other banks regarding their account holders”. The DOJ website also has individual case resolutions published. Several US citizens were sentenced to Federal Prison because of these actions.

Swiss privacy is nice, but it works better when it is financially beneficial.
Stephen
Stephen
prefix 10 months ago
In this article, under the heading “Spam Filtering” there are the statements: “user feedback tends to identify Tutanota’s spam filter as not restrictive enough”, AND “user feedback tends to identify Tutanota’s spam filter as too restrictive”.

This article under the heading “Anonymity”, states “Tutanota stores IP address information with its messages”. In the cybernews article “Tutanota review: when privacy is a must”, it states “Tutanota strips the IP address from your email header, hiding your location. The whole inbox is encrypted, and the service provider does not log the IP’s of its users.” Are both of these statements accurate, and if so what is being stored?

You concluded Protonmail was the pricing leader, but with Tutanota’s premium plan costing €1.20/month and Protonmail’s Plus Plan costing €5/month, it is difficult to see how you came to this conclusion. While additional features might cost more, this is true for both providers. The top Protonmail plan comes in at €30/month which is far more than Tutanota email with 3rd party VPN.
Stephen
Stephen
prefix 10 months ago
I have a paid Protonmail account and a free Tutanota account. Two differences that seem different to me are the support for contact groups, and support for encrypted email to outside (non-encrypted email accounts).

Proton paid accounts support contact groups, so you can send email to a preconfigured contact group. Tutanota does not have this feature.

Both providers have an “encrypt for outside” capability allowing you to compose a message and deliver it as a hyperlink that can be opened / exposed with a password. This prevents the recipient’s email provider, google, yahoo, etc. from reading your message. The difference is Protonmail’s implementation requires a ‘password per message’ while Tutanota’s implementation supports ‘passwords by contact’. The difference has a huge impact on usability. Protonmail’s implementation requires you to communicate the password to the recipient, manually record the password in some sort of journal, and enter this password every time you send an encrypt for outside message. Tutanota’s implementation requires you to communicate the password to the recipient, but it records that password with the contact information which you can use for all future emails until you change the password.

Tutanota’s ‘password per contact’ is also more flexible. If you have a contact ‘Ben’ whose password is ‘chocolate’ and a contact ‘Jerry’ whose password is ‘vanilla’ you can send an “encrypt for outside” with Tutanota to Ben and Jerry and they each open the message with their own passwords. With Protonmail you would have no password that would work with both recipients, so you can only send separate messages or use the same password for everyone.

Tutanota’s “encrypt for outside” could use some improvement (allowing the recipients to choose their own passwords and store them on the Tutanota server would be an obvious improvement), but even with its flaws it is usable. The usability of Protonmail’s “encrypt for outside” is fatally flawed.
Leave a Reply

Your email address will not be published. Required fields are marked