Tutanota vs. Proton Mail: which is the better secure email service?
For those in the know and protective of their privacy, Tutanota and Proton Mail are the industry leaders in “secure email”. Both have an excellent reputation built on guarding user emails from prying eyes – even their own eyes.
So which one is better? Let’s take a side-by-side look at Tutanota vs. Proton Mail to see which one is better in general – or better for you.
Tutanota vs Proton Mail: security and privacy
Both services offer excellent security and privacy – it’s their entire selling point. Both offer end-to-end encryption that even they don’t have the keys to decrypt.
Tutanota encrypts more spaces within its ecosystem, but we give a slight edge to Proton Mail. Proton Mail has a restrictive spam filter, complete anonymity, and RSA 256-bit encryption compared to Tutanota’s 128-bit protocol. Proton Mail also benefits from Switzerland’s excellent attention to privacy.
| Proton Mail | Tutanota | |
| Rating | ||
| Encryption | RSA 2048-bit, AES 256-bit, OpenPGP | RSA 2048-bit, AES 128-bit, no PGP, encrypted subject lines, calendars, and address books, perfect forward secrecy |
| Anonymity | No IP address stored | IP addresses stored, but hidden |
| Privacy | Protected by Swiss law, company commitment | Protected by German law, 14 Eyes,company commitment |
| Spam Filtering | Permissive | Restrictive |
| Website | Protonmail.com | Tutanota.com |
Winner:
Encryption
Tutanota offers end-to-end symmetrical encryption – RSA 2048-bit for user-to-user emails, AES 128-bit for user-to-non-user emails. The service uses the same algorithms as PGP, but encrypts subject lines as well as the email body above that. Even Tutanota can’t decrypt your messages. It also offers perfect forward secrecy, meaning hacking a past session doesn’t give a cybercriminal access to future sessions. Tutanota also encrypts your address book and your calendar.
Proton Mail also uses end-to-end symmetrical encryption – RSA 2048-bit for user-to-user emails, AES 256-bit for user-to-non-user emails. It uses OpenPGP, an industry-standard email encryption algorithm that has several weaknesses mentioned above – no encryption of subject lines, and no perfect forward secrecy. Like Tutanota, Proton Mail’s encryption prevents even Proton Mail itself from decrypting it and reading your messages.
Anonymity
Tutanota strips IP address information from its messages, making it impossible for anyone to trace the message back to the user, at least using the IP.
Meanwhile, Proton Mail offers complete anonymity to its users, too. In addition to end-to-end encryption, it also strips messages of IP addresses. However, there was a case when they logged an IP address of their user after the Swiss government request – to avoid that and ensure anonymity on all of your mails, we suggest combining an email service together with a good VPN.
Privacy
Tutanota is a German company. Germany is one of the “Fourteen Eyes” alliance intelligence-sharing countries, but emails that pass through Tutanota are protected by the German Federal Data Protection Act, which prohibits the use or collection of personal data without express permission or a law that specifically allows it.
Proton Mail is headquartered in Switzerland, with servers hidden under a kilometer of granite, safe even from a nuclear blast. Famously neutral and independent, Switzerland has some of the best privacy laws in the world, and Proton Mail’s parent company is very privacy-focused.
Spam filtering
Tutanota offers an intelligent spam filter with parameters users can use to identify spam and filter out unwanted messages. While they are constantly making improvements, user feedback tends to identify Tutanota’s spam filter as too restrictive.
Meanwhile, Proton Mail uses a smart spam detection system that automatically puts your incoming messages in an inbox or spam folder. Sometimes it’s bound to misplace your emails, so you can use a whitelister as a method to bypass the blocks if they seem too strict for you.
Tutanota vs Proton Mail: features
Different features will be valuable to different users. Even though both providers offer encrypted calendars including with the free plans, Proton Mail has the advantage of ProtonVPN. Thus, we’re giving this close race to Proton Mail thanks to the availability of both encrypted calendars and VPN services in every plan, even the free plan.
| Feature | Tutanota | Proton Mail |
| AutoResponder | ✔️ (paid plan) | ✔️ (paid plan) |
| Custom Domains | ✔️ (paid plan) | ✔️ (paid plan) |
| Secure Form Code | ✔️ (pricey add-on) | ❌ |
| VPN Subscription | ❌ | ✔️ (free and paid plan) |
| Custom CSS | ❌ | ✔️ |
| Secure Calendar | ✔️ (free) | ✔️ (free and paid plan) |
Winner:
Features that both secure emails have
For paying users, both Tutanota and ProtonMail offer an autoresponder and custom domain aliases. When it comes to secure calendars, both providers give it for free. Therefore, this micro-battle ends with a draw.
Unique features
The most interesting feature is Tutanota's SecureConnect. It allows you to implant Tutanota code into your website to create a contact form with the same security and privacy as Tutanota itself. This is a niche feature, and an expensive add-on not included in any plan. Companies that want to receive secure messages from their website visitors, however, may find SecureConnect invaluable.
What separates Proton Mail from Tutanota is its VPN subscription. It's becoming more common to see secure email providers offer other online security solutions, such as password managers or file encryptors. In this case, all Proton Mail plans include a subscription to ProtonVPN, which privacy-minded users should consider anyway.
Proton Mail paid plans also include Proton Mail Bridge, an app that runs in the background and automatically encrypts or decrypts messages in applications that support IMAP or SMTP. This is probably of limited use to most users, just like the CSS customization functionality.
Getting back to more widely-used features, we find that Tutanota has a native desktop application. In contrast, Proton Mail can only be accessed by webmail or using a third-party email client.
Tutanota vs Proton Mail: pricing
While the packages are more expensive, we still give this one to Proton Mail. The a la carte model of Tutanota leads to sticker shock and analysis paralysis – once you start adding features, your plan gets complicated and pricey. Despite the higher price tags, Proton Mail offers valuable features within each package that more than justifies the cost.
| Version | Tutanota | Proton Mail |
| Free | €0.00 | $0.00 |
| Premium/Plus | €12.00/year | $47.88/year |
| Teams/Unlimited | €48.00/year | $119.88/year |
| Check Pricing | Check Pricing |
Winner:
Value for the price
Tutanota offers a free plan with 1 GB of storage. It also offers a €1/month Premium plan, a €4/month Teams plan, and a €7/month Pro plan. It is worth noting, however, that Tutanota uses an a la carte approach, with services able to be added. This allows the users to customize their plan, but popular features can quickly erase the savings enjoyed by Tutanota users.
Proton Mail offers a free plan with 1 GB of storage, 3 folders and labels, 25 MB attachment size, and a limit of 150 emails per day. However, you also get a free subscription to ProtonVPN (1 connection and 100+ servers in 3 locations) and 1 personal Proton Calendar which is an amazing option to cover the basic needs.
The paid plans range from $3.49/month for Plus and $7.99/month for Unlimited There are also options for companies, including the Essentials plan for $6.49 and the Business plan for $9.99 per user per month.
While these prices are higher and the menu is fixed, these plans offer powerful and comprehensive feature packages. Unlimited, for example, includes a fully-equipped subscription to ProtonVPN – 1800 servers in 66 countries and 10 simultaneous connections. Tutanota doesn’t offer anything close to this value, even in the Pro plan.
Tutanota vs Proton Mail: storage and attachments
With no advantage in attachment size, this match goes to ProtonMail based on storage. Even though the free plans of both providers offer the same amount of data, Tutanota’s Premium plan gives only 1 GB allowance compared to the 15 GB with the Plus plan of Proton Mail.
| Tutanota | Proton Mail | |
| Free Storage | 1 GB | 1 GB |
| Paid Storage | Up to 1 TB | Up to 500 GB |
| Attachment Limit | 25 MB | 25 MB |
Winner:
Data allowances
Tutanota offers 1 GB of storage for the Free and Premium plans, 10 GB of storage for the Teams and Professional plans. Tutanota limits attachments to 25 MB. If you need more space, you can purchase 10 GB for €2/month, 100 GB for €10/month, and 1 TB for €50/month.
Proton Mail offers 1 GB of storage for their Free plan, 15 GB of storage for the Plus plan, and 500 GB of storage for the Unlimited plan. The Essentials plan includes 15 GB and the Business plan 500 GB both per user per month. Proton Mail also limits attachments to 25 MB.
Tutanota vs Proton Mail: ease-of-use
Both Tutanota and Proton Mail are reasonably easy to use. The winner, however, is Proton Mail. We were impressed by its ease of setup, useful settings, and third-party integrations.
| Tutanota | Proton Mail | |
| Setup | Three steps, TOS acceptance, 64-digit recovery code | Two steps, verification |
| Interface | Responsive | Feature-rich |
| Performance and speed | Fast and strong | Fast and strong |
| App integrations | Native desktop app, no integrations | Many popular integrations |
Winner:
Setup
Setting up a Tutanota account starts by clicking the “Sign Up” button in the upper right-hand corner of every page. You will be presented with an assortment of plans to choose from. If you select the “Free” plan, a window pops up notifying you that Tutanota limits users to one free plan each.
The next page asks you to create your username (i.e. your email address) and create and confirm your password. Two checkboxes verify your age (16+ per German law) and your acceptance of the terms of service.
The next page takes you to your recovery code, a 64-digit code that authorizes you to change your password and second factor. Save it carefully, or the loss of your credentials could lock you out of your account, permanently! You’re then taken into a login page and can access your new inbox.
The Proton Mail setup process is lightning-quick and easy. Upon clicking the “Sign Up” button, on every page next to the “Sign In” button, you will be taken to a page with dropdown menus from which to select your plan.
Once you select your plan, you will be directed to a simple, one-page setup screen, asking for your new username, password with dual confirmation, and recovery email. Click “Create Account,” and you will be taken to a verification page, where you can choose Captcha, SMS, email, or phone verification. Captcha is probably the quickest. Verify your account, and that’s it! You’re ready to start customizing your inbox.
User-friendliness
Tutanota is remarkably easy to use. It resembles many other email inboxes, making it intuitive and easy to navigate. The interface is also elegant – it’s responsive and fun to use.
Proton Mail doesn't lose out on this front – it's also very user-friendly and intuitive. It loses some points, however, from a home screen that includes a huge prompt to upgrade your account. Proton Mail has a lot more settings, though, including custom CSS import.
Performance and speed
Tutanota sends and delivers mail quickly and reliably. Service was interrupted during a 2020 DDoS attack, but overall performance is excellent.
Proton Mail also exhibits excellent speed and performance, with no noticeable delays or interruptions in service. Proton Mail also offers excellent attachment upload speed and transfer. However, the Preview Panel is a little slow to load, since this is the step at which the message gets decrypted in Proton Mail.
App integrations
Tutanota’s proprietary encryption has the side-effect of negating the ability to integrate it with third-party email clients. This may not matter to many users, since Tutanota includes a native desktop app, but people who love Microsoft Outlook or Apple Mail may be disappointed.
Proton Mail integrates with the most popular third-party email clients, including Microsoft Outlook, Apple Mail, and Mozilla Thunderbird.
Tutanota vs Proton Mail: customer support
Proton Mail is the clear winner. By offering a larger subreddit, a more useful knowledge base, and direct email support even to free users, it far surpasses Tutanota in terms of user support.
| Tutanota | Proton Mail | |
| Knowledge base | Decent | Excellent |
| Subreddit | Big | Massive |
| Email support | Paid plans only | All plans (escalated service with paid plans) |
Winner:
Knowledge bases and email support
Tutanota offers a Subreddit and a user knowledge base. It also has direct email support, but only for paid users.
Proton Mail offers direct email support, even for free users. Free accounts supposedly have “limited support,” meaning longer wait times can probably be expected, but it’s better than nothing. It also has a larger Subreddit, as well as a knowledge base that is much easier to search and navigate.
Verdict
| Category | Tutanota | Proton Mail |
| Privacy and Security | ❌ | ✔️ |
| Features | ❌ | ✔️ |
| Pricing | ❌ | ✔️ |
| Storage and Attachments | ❌ | ✔️ |
| Ease of Use | ❌ | ✔️ |
| Customer Support | ❌ | ✔️ |
Winner:
Both Tutanota and Proton Mail are excellent mail applications, but Proton Mail stood out in many categories – security, pricing, storage, attachments, and ease of use. Where Proton Mail really outshines Tutanota is customer support, which matters more than people sometimes give credit for.
It was a close race, but our pick in the Tutanota vs. Proton Mail side-by-side comparison sweepstakes: Proton Mail!
Related secure emails guides from Cybernews:
Tutanota review: private email service with a no-nonsense approach
Proton Mail Review: one of the most discrete email providers
Fastmail Review: the private email service that started the trend
FAQ
Is Tutanota better than Proton Mail?
Tutanota is dead set focused on maintaining your privacy, while Proton Mail is more interested in private email service. It means that they're trying to be easy to use and comfortable services, while Tutanota sacrifices convenience for anonymity.
Can Proton Mail be traced?
For people on the outside, there's no way to track Proton Mail. However, if you get in trouble with law enforcement, they will cooperate. Proton Mail is not a neutral service. The service developers clearly state that they do not want to be a criminal's email provider. Which means that you can potentially become traced.
Is Tutanota open-source?
For the most part. While their Linux, iOS, Android, and web client code is open-source, they do not publish the source code for the Windows and macOS versions of their app. However, they claim it is the same as the one used for the Linux app and just uses Electron to make it work on Windows and macOS.
Which service is better supported: Tutanota or Proton Mail?
Tutanota developers used their own encryption, while Proton Mail uses OpenPGP. So, interaction with other clients should be more comfortable with Proton Mail. Meaning that it smoothly works with other non-Proton Mail accounts. With Tutanota, both users will have the easiest time only with other Tutanota users.
Comments
You can create multiple addresses on the same account (domain) but you can not access them individually unless you buy into their business plan which is very expensive.
ProtonMail doesn't support U2F, they support only TOTP.
It should be mentioned in the review as this is a very important security feature.
Push works for Tutanota, even on Phone without Google Play Services. See: tutanota.com/blog/posts/open-source-email-fdroid/
In the case of web-based clients, which also store users’ private keys and are primarily based on JavaScript, there are also a lot of starting points here. On the one hand, JavaScript is vulnerable to timing attacks. On the other hand, malicious / manipulated browser plug-ins can also be abused (regardless of this, they always read along anyway). Finally, the provider itself can be forced to deliver manipulated code to users to be monitored. This does not make the services insecure per se – but they offer little real protection against actors with great power (states, their intelligence services, etc.).
But the truth is also that a data center in a first-strike-proof data center offers good protection against a nuclear attack and hardware theft – but adds no value in terms of cybersecurity. Today, such attacks typically occur from the outside by attackers or from the inside by “agents” at the software level.
Putting all the facts on the table, ProtonMail still currently offers the better deal compared to Tutanota. In my opinion, however, there is only one reason for this: ProtonMail offers the possibility to import existing mailboxes. This possibility does not yet exist with Tutanota. For anyone who wants to change, but exactly that – an import of existing mails – is enormously important.
In my opinion, all other facts speak against Protonmail. Even if you take into account the cooperation of Germany with foreign intelligence services and the increasing surveillance mentality. But this is only my personal opinion.
Don’t get me wrong, Proton is a good service, but the comparisons between these services I’m seeing done make much sense. Tutanota clearly wins from a pricing standpoint. I can have two users with 5GB of storage for literally half the cost of Proton Mail. Granted, I do think Protonmail has the better UI, but they also lack a calendar for the free tier. How in the world did it win on pricing and storage?
Fixed:
Privacy and Security ✘ ✔
Features ✔ ✘
Pricing ✔ ✘
Storage and Attachments ✔ ✘
Ease of Use ✘ ✔
Customer Support ✘ ✔
1) Two-factor authentication
Tutanota supports U2F (Security Key) and TOTP (authenticator app). ProtonMail supports only TOTP.
A U2F key is a true physical factor. As long as you keep them physically secure, they can’t be digitally intercepted or redirected. And unlike most two-factor methods, U2F keys are phishing-proof because they only work once you’ve registered them with a site. This is very important because phishing is one of the biggest threat. Additionally the U2F implementation by Tutanota is very good – you have to touch the security key every time you log in.
2) Password reset procedure, which is a very popular attack vector.
Tutanota has better password reset procedure than ProtonMail.
Tutanota comes with a 64-digit recovery code that enables you to reset your password yourself making sure that no one can abuse the password reset feature to gain access to your email account. (You can’t recover the password by email or by sms.)
https://tutanota.com/blog/posts/secure-password-reset
In ProtonMail the user decides about password reset options. User can add a recovery email or in ProtonMail V4 in beta a recovery phone number. This mens that you don’t have a password reset option or your ProtonMail email is as safe as your recovery email or you are at risk of sim swap.
https://protonmail.com/support/knowledge-base/reset-password/
Because of the above for people who want a very secure email account Tutanota with U2F key is an obvious choice. In my opinion security of an email account depends more on 2FA options and password recovery procedure than on other factors.
Tutanota is also an excellent choice as an recovery email for important online accounts. If online accounts which you have are very important you should choose Tutanota Premium account so you can activate notification emails about new messages in your Tutanota inbox. It is also a good idea not to share your recovery email with anybody.
Tutanota ProtonMail
Spam Filtering Permissive Restrictive
Tutanota offers an intelligent spam filter with parameters users can use to identify spam and filter out unwanted messages. While they are constantly making improvements, user feedback tends to identify Tutanota’s spam filter as too restrictive.
ProtonMail offers an intelligent spam filter with parameters users can use to identify spam and filter out unwanted messages. While they are constantly making improvements, user feedback tends to identify Tutanota’s spam filter as too restrictive. Users may have to whitelist emails they do want to see.
Tutanota is 1/4 the price of ProtonMail, but the verdict is that ProtonMail wins on Pricing?
The article clearly discusses how Tutanota is more privacy focused and makes better use of encryption, but the verdict is that ProtonMail wins on Privacy and Security?
Something seems fishy.
The article states “The Swiss government will then direct UBS to initiate procedures which could result in the turning over of information on thousands of accounts to the IRS.” The article also states “In addition, the Swiss Government has agreed to review and process additional requests for information from other banks regarding their account holders”. The DOJ website also has individual case resolutions published. Several US citizens were sentenced to Federal Prison because of these actions.
Swiss privacy is nice, but it works better when it is financially beneficial.
This article under the heading “Anonymity”, states “Tutanota stores IP address information with its messages”. In the cybernews article “Tutanota review: when privacy is a must”, it states “Tutanota strips the IP address from your email header, hiding your location. The whole inbox is encrypted, and the service provider does not log the IP’s of its users.” Are both of these statements accurate, and if so what is being stored?
You concluded Protonmail was the pricing leader, but with Tutanota’s premium plan costing €1.20/month and Protonmail’s Plus Plan costing €5/month, it is difficult to see how you came to this conclusion. While additional features might cost more, this is true for both providers. The top Protonmail plan comes in at €30/month which is far more than Tutanota email with 3rd party VPN.
Proton paid accounts support contact groups, so you can send email to a preconfigured contact group. Tutanota does not have this feature.
Both providers have an “encrypt for outside” capability allowing you to compose a message and deliver it as a hyperlink that can be opened / exposed with a password. This prevents the recipient’s email provider, google, yahoo, etc. from reading your message. The difference is Protonmail’s implementation requires a ‘password per message’ while Tutanota’s implementation supports ‘passwords by contact’. The difference has a huge impact on usability. Protonmail’s implementation requires you to communicate the password to the recipient, manually record the password in some sort of journal, and enter this password every time you send an encrypt for outside message. Tutanota’s implementation requires you to communicate the password to the recipient, but it records that password with the contact information which you can use for all future emails until you change the password.
Tutanota’s ‘password per contact’ is also more flexible. If you have a contact ‘Ben’ whose password is ‘chocolate’ and a contact ‘Jerry’ whose password is ‘vanilla’ you can send an “encrypt for outside” with Tutanota to Ben and Jerry and they each open the message with their own passwords. With Protonmail you would have no password that would work with both recipients, so you can only send separate messages or use the same password for everyone.
Tutanota’s “encrypt for outside” could use some improvement (allowing the recipients to choose their own passwords and store them on the Tutanota server would be an obvious improvement), but even with its flaws it is usable. The usability of Protonmail’s “encrypt for outside” is fatally flawed.
Your email address will not be published. Required fields are marked