Why we are using Tutanota

Out of 20+ email providers we’ve tested. Basically it quickly came down to Tutanota vs Protonmail. We use both of them...

To open a link, right click "open link in new tab" otherwise it will open in the same tab.

Our specifications sheet:

End-to-end, zero-knowledge encryption (1).
own business domain (2).
Administration of users (3).
Resistance to state-sponsored criminals (4).
Cost-effective for large user base (5).
Multi-platform (6).
Open-Source (7).
Emergency support by the provider.

From there, it’s easy to get a lot of solutions out of the list. Basically it quickly came down to Tutanota vs Protonmail. We use both of them, but Tutanota is the one supporting our domain name. Interesting fact: The NSA requested a backdoor from them but they refused. We use both of them, but Tutanota is the one supporting our domain name with the Premium package. The main differences between Tutanota and Protonmail are the price and storage capacity (8).

Shared features between Tutanota and Protonmail:

Open source.
End-to-end encryption with keys stored on user’s computer (9).
Android and iOS apps.
Web-based add-ons for desktops.
Password protected emails for external users (10).
No IMAP/POP3 support (16).
Own domain.
No logging of users' data.

Only with Tutanota:

Administration of users.
No recovery (email or SMS). The admin can recover for a user from the admin panel though.
1€/month/user.
1 Go storage.
Two factor authentication to be released in 2017.
Encrypted calendar to be released in 2017.
Servers are located in Germany therefore under German privacy protection laws (11).
Dual encryption mechanism (12).
Local encryption (13).

Only with Protonmail:

Auto-destruct emails between Protonmail users. Possible for external users if you set up a password protected email.
You get a notification on your recovery email when you have a new email.
5€/month/user.
5 Go storage.
Two factor authentication.
Can disable recovery email.
PGP encryption available (11).
Servers are located in Switzerland, therefore under Swiss privacy protection laws (15).

Serious alternatives:

Notes:

(1) In any case, it’s end-to-end encrypted only between users of the same solution. Only PGP is a universal way of sending encrypted emails to anyone, but unfortunately not enough people know how to use this. The encryption key must be stored on the user’s device otherwise it’s not protected against state-sponsored criminals. Of course, this doesn’t mean they couldn’t give the government plain text messages — just that it would require them to actively attack the user in order steal the required password, up to now they haven’t done it, and most probable will not do so in the foreseeable future.

(2) That one may present an attack opportunity to state-sponsored criminals through MX records, so you must host your domain in a place that is going to protect access, not in the same country as your email provider. Look at states that are not part of the fourteen eyes with a record for respecting privacy and democracy.

(3) Multiple Users isn’t multiple aliases. A user has its own access, username, password and mailbox. Aliases are like forwarding emails to/from the original email. For example you would have an original email like [email protected] with aliases like [email protected] [email protected] etc. So if someone is sending an email to any alias it will be forwarded to the main [email protected]. The benefit of that being that you can create/destroy emails easily. But if you’re using aliases, you’d have to give admin access to the account in order to share your inbox, which is impossible in a business environment.

(4) Police, prosecutors etc. Their crimes are “legal” since they’ve corrupted state institutions. They are the most dangerous sort of criminals, to an individual or to a country. If they’ve done something illegal, they can cover it up any ways they like. They can intercept and read IMAP, POP3, TLS, SSL. They can spoof your email provider SSL certificat. They can have access to your SMS, emails, meaning a recovery option is often an easy attack possibility for them. That’s why you should always use encryption software, encrypt your devices, and buy hardware outside the country you operate.

(5) We have hundreds of contractors using our emails as such a synchronized and unified solution is needed so as to minimize possible leakage of information to third parties.

(6) Must be accessible from iOS, Android, Windows, Linux and Mac desktops. We don’t do Windows phones or Blackberry because it would restrict so much the list, it’s almost impossible to find a solution.

(7) Open source doesn’t guarantee someone has actually taken the time to audit the code for backdoors or weaknesses, but it shows a will to be transparent. Tutanota claims to be auditing regularly their codes and was subject to an extensive penetration test by the SySS GmbH.

(8) Tutanota is cheaper than Protonmail but offers less storage space (1 vs 5), in our case we don’t need much storage so pricing was the deciding factor at 12USD/year/user.

(9) It also means the provider is unable to recover (decrypt) data if password is lost.

(10) You need to send the password through another communication channel.

(11) We’re not sure if this is good as Germany is a member of the five eyes. On the one hand we know there is a lot of NSA hardware on German soil, basically this is from where they spy on Europe. On the other hand it means German people are used to fighting back. In any case Tutanota claims they won’t give backdoors to these agencies.

(12) Tutanota uses a dual encryption mechanism private key + password. A private key is generated in the browser upon registration and is used for encryption/decryption. This private key is then encrypted with the login password.

(13) Emails are stored encrypted locally on the devices.

(14) Tutanota is planning to develop an API to allow users to use PGP in a user friendly manner.

(15) By remaining outside of US and EU jurisdictions they provide a safer location to protect confidential data.

(16) IMAP and POP3 are not secure because they download emails locally unencrypted therefore they can be read in transit and/or on the devices.