tutanova review 2024 banner

I spend a lot of time in airports and public places and I’ve quickly learned the art of multitasking. That is, doing things while always keeping an eye on my essential devices and tools. One can never be too careful these days, after all. As a digital nomad constantly on the go, this security mindset applies to my online activities too.
Email security, for example, is a huge thing for me. I often travel through restrictive countries and being able to send secure emails gives me peace of mind. Having tried multiple secure email services in the last 5 years, I’ve seen many of them make bold claims. Not all can follow through with their promises. But for those who can deliver, it’s worth every penny and more. In this TutaNota review, you get to find out if this secure email provider gets a yay or nay from me.

Tutanota Rapid Rundown Rapid Rundown

Tutanota is one of my top picks for a secure email service. It's got all the essential features like end-to-end encryption and multi-device support. But in addition, it also comes with innovative, game-changing capabilities. For instance, it can run searches against encrypted messages and encrypted contacts.

Tutanota data centers are based in Germany. That puts Tutanota in one of the most privacy-conscious countries in the world. Not only that, those data centers are ISO 27001-certified. That means they meet global standards for information security. I typically trust a provider more if that provider's claims have been verified by a third party. That's why Tutanota's ISO certification is a big plus for me.

If I had to identify one deficiency in Tutanota, that would be its user interface. It's not as inspiring to use as, say, Proton Mail. It also lacks certain features, like labels, that improve efficiency and productivity. These may not be top priority features in a tool that focuses on security and privacy. However, they will be considered when buyers compare Tutanota with other similar solutions. 

Highly recommended

Notable features

  1. End-to-end encryption: This doesn't cover just email. Even your calendar and address book is encrypted. 
  2. Full-text search on encrypted data: This is no easy feat. In fact, Tutanota is the first encrypted email provider to develop this feature. 
  3. Encrypted messages to anyone: You don't have to limit your secure emails to Tunanota users. Even non-users can use end-to-end encryption.

Pros and Cons

Before we proceed to the full review, here’s a snapshot of the pros and cons of this email service.

  • Provides end to end encrypted email service
  • Encrypts subject lines
  • Allows full-text search on encrypted mailbox
  • Sends secure email to non-Tutanota users
  • Large storage support
  • Offers an encrypted calendar
  • Custom domain support isn’t available in free
  • Minimal customer support in free

The Full Review

Let's now dive deeper into this Tutanota review. We'll discuss Tutanota's price offerings, security and privacy features, and other capabilities. We'll also explore its user interface and its overall ease of use. We'll even tackle how it stacks up against other players in the secure email service space. The goal is to provide you with an in-depth evaluation, which you can use in your buying decision. 

Ready? Let's start with pricing.

Quick Tutanota Review
Overall rank4 out of 7
Starting Price€3.00/month when billed annually
Money-Back GuaranteeNone
Biometric logins
Encrypted email to non-subscribers
Storage limit for individuals500GB per user

Tutanota Pricing Pricing

Tutanota pricing comes in the form of 3 personal plans and 3 business plans. The personal plans include Tutanota Free. A free account already gets end-to-end encryption, 1GB of storage, and one calendar. Higher plans get more storage and more features. 

The business plans are built to handle all your business emails. As such, they include more robust security and organizational features. They also include administrative capabilities. The pricing for the business plans is based on the number of users that will be using it. In the table below, you'll find Tutanota's pricing options along with certain details. You can use that table to compare the different plans under Tutanota. 

Monthly Per-User Pricing if billed annually and converted to USD$0.00$3.22$8.58$6.44$8.58$12.88
End to end encryption
Two Factor Authentication
Send secure email to non-Tutanota users
Web, mobile and desktop clients
Encrypted calendar and address book
Unlimited calendars
Unlimited inbox rules
Email aliases01530153030
Storage per user1 GB20 GB500 GB50 GB500 GB1000 GB
Supported custom domains0310310Unlimited
Admin console

Tutanota Security and Privacy Security and Privacy

Tutanota is undoubtedly one of the best secure email service providers in the planet. It's not only because it's loaded with security features. Another reason is because it's ISO 27001-certified. That means ISO auditors have actually audited its security practices. The auditors confirm that Tutanota's security is up to international standards. Let's have a closer look at some of those features now. 

Encrypted mailbox

A big part of Tutanota security is its encrypted mailbox. Everything in this mailbox is stored in encrypted form. This includes not only emails, but also your calendar and address book. Your search index, which we'll talk about later, is encrypted as well. 

As a Tutanota user, you're given a public key and private key upon sign up. Even free users are provided with their own keys. Tutanota uses the public key to encrypt your data and the private key to decrypt it. Your private key is stored in your device and encrypted with your password. So as long as you keep your password secure, no one can decrypt and view the contents of your mailbox but you. 

Your decryption key is in your sole possession. Unlike other email providers, Tutanota doesn't store a copy of that key in their servers. Your data is stored there, but not your decryption key. For this reason, even Tutanota staff can't decrypt your data. Similarly, even if a hacker manages to break into Tutanota servers, your data will remain safe. 

End to end encryption

Tutanota doesn't just encrypt your data while stored. Tutanota also keeps it encrypted while it's being sent across the Internet. The data is only decrypted once it reaches your device. This is called end-to-end encryption. Tutanota provides end-to-end encryption even when you email non-Tutanota users. We'll talk about that later. 

Keeping data encrypted while being sent is a crucial part of end-to-end encryption. It prevents hackers from intercepting and viewing our data when we use public wifi. It also prevents Internet Service Providers (ISPs) from viewing as well. Tutanota emails will still pass through ISP servers. But since they're encrypted, ISPs can't view them.

Diagram illustrating Tutanota end-to-end encryption

Tutanota end-to-end encryption includes subject lines. That gives Tutanota an edge over other encrypted email services. Proton Mail, for instance, doesn't have that capability. Subject lines are just short pieces of information. But they can give clues about an email's contents. That might be enough to reveal certain secrets. So this capability is certainly a plus for privacy protection. End-to-end encryption is supported in all plans. So even free users have the capability to send encrypted emails. 

Send encrypted messages to non-Tutanota users

When I test secure email services, one of the features I first examine is the ability to send to external users. I prefer services that can send encrypted mails even to non-users. I find this important because most of our contacts will likely be using other email services. It would be useless to pay for a service that can only protect a small fraction of your email exchanges. 

Tutanota passes this test with flying colors. You can use it to send end-to-end encrypted messages to non-Tutanota users. Not only that, the process is also simple. I demonstrate how easy it is in the “Ease of Use and Setup” section. Do check it out!

Encrypted contact form

Tutanota's dedication to privacy extends beyond email. This provider also offers a way to place an encrypted contact form on websites. It's called Secure Connect. It allows site visitors to post an encrypted message through a secure form. That message will be end-to-end encrypted and delivered to the website owner's mailbox. Thus, only the website owner and the person who posted the message will know the message contents.

Image illustrating Tutanota Secure Connect, an encrypted contact form service

This feature is particularly beneficial for journalist and news sites. Secure Connect enables them to get information from whistleblowers in a secure manner. The secure contact form can be used for submitting confidential information. What's more, journalist and news sites can get it for free. How awesome is that? It's a testament of Tutanota's commitment to privacy. 

Tutanota is one of the few secure email services that has a feature like this. Hushmail also offers secure web forms, but they're more suited for healthcare organizations. However, compared to Secure Connect, Hushmail's secure web forms are much easier to set up. I tried looking for set-up instructions on the Tutanota website. I was probably looking in the wrong place, but I couldn't find any. 

Two factor authentication

With Tutanota, it's possible to strengthen your account logins some more. You can add a second factor of authentication to your password-based login. This will make it more difficult for attackers to break into your account. Tutanota supports several options for two factor authentication (2FA). You can use a U2F device, an authenticator app, or an SMS code. 

I normally use authenticator apps from Google or Microsoft for two factor authentication. I already use them on my favorite VPNs and password managers, so it's great to know that I can use them on Tutanota as well. Whenever I need to login, I just enter my password, launch the authenticator app, and enter the code shown. It's a simple process. But it boosts security substantially. 

Partial screenshot of Google and Microsoft authenticator apps

Google and Microsoft authenticator apps

Even if you only sign up for a free account, you can still take advantage of two factor authentication. If you register for an account, make sure you enable 2FA. This is a great security feature. It will keep your email account safe even if your password is stolen. Whoever steals your password will still need that second factor to login to your email. 

If you lose your second factor, you won't be able to login to your account. That can be a big problem. Fortunately, Tutanota has provided a workaround in the form of a recovery code. As long as you have your recovery code, you can reset your 2FA. You can read about this ‘recovery code’ in the ‘Tutanota account creation' section below. 

No logging of IP addresses

In the spirit of privacy, Tutanota doesn't record IP addresses. They don't log your IP address when you sign up. And then when you send or receive emails, they strip IP addresses off of them. So why is that a good thing? Well, your IP address can provide hints to your location. It's what many advertisers, cybercriminals, and surveillance states use to track individuals. Thus, no-log policies like this can prevent your email activities from being tracked. 

This no-log policy does have exceptions. Tutanota will log IP addresses of users who are involved in serious criminal acts. But as long as you don't do anything wrong, Tutanota will keep their hands off your IP address. 

Features and Capabilities

Tutanota stands out for its focus on privacy and easy-to-use features. These qualities make it a better alternative compared to other email platforms. After all, who doesn't like a user-friendly app? We already discussed security. It's time to talk about Tutanota's features for convenience and productivity. 

Built-in calendar

Tutanota doesn't just offer email security, but also an encrypted calendar. The calendar is built into the email client and protected with end-to-end encryption. This ensures only you can access your events and appointments. Even the Tutanota team can't view them. Furthermore, the calendar has offline support in mobile and desktop clients. This is a plus as you can check your schedules even when you're not connected to the internet.

Screenshot of the Tutanota encrypted calendar

I prefer using the calendar on Windows, macOS, and Linux than on Android and iOS due to the larger screen. Regardless, the functionality remains excellent across all platforms. It is however essential to note that only a paid account can do calendar sharing. If you often need to share your schedule with others, consider upgrading to a paid account. The cost is a small price to pay for the added convenience and security. 

Desktop apps

I absolutely like that Tutanota's desktop apps are very similar to its web app. Having the same features, user interface, look, and feel make it easy to switch between apps. You'll know exactly where to go if you need to perform a particular function. Tutanota has desktop clients for Windows, macOS, and Linux. Every major OS user base is covered.

Screenshot of the Tutanota desktop app user interface

While Tutanota comes with apps for mobile devices, I found myself using the desktop clients more often. The larger screen real estate makes it much easier to compose or reply to messages. Moreover, the full-size keyboard support speeds up email compositions even more. It's also infinitely easier to set up calendar events and appointments on the desktop. Come to think if it, I never set those up on a mobile app. 

All Tutanota apps—be it desktop, web, or mobile—are available in the free or paid subscriptions. This means you can send secure messages from any device you prefer. The mobile app can come in quite handy when you're always on the go. But I, for one, will probably stick with the desktop client whenever possible.

Custom domains

Being a Tutanota premium user has many perks. Some of those perks can be quite useful in a professional or business setting. One example is the ability to use custom email domains. This means, for example, replacing bob@tutanota.com with bob@somecompany.com. Replacing the standard domain with your custom domain improves brand recall. Every time your recipient receives or sends you an email, that recipient will see your brand. 

The number of custom domains you can use largely depends on your subscription plan. Free users can't use custom domains. Revolutionary personal plan users can use 3 and Legend personal plan users can use 10. Essential business plan users can use 3 and Advanced business plan users can use 10. But if you're on an Unlimited business plan, you can use an unlimited number of custom domains!

Inbox rules

Another nifty feature you’ll only find in premium is the ability to add Inbox Rules. Inbox rules are certain rules that you can apply to specific email addresses or domains. The rules allow you to specify the target folder for an incoming email. Each time an email arrives, Tutanotal will check if an inbox rule exists for it. If there is one, the email will be automatically forwarded to the folder you’ve set it to go. This will help keep your inbox organized. 

Screenshot of the Tutanota inbox rules menu

Tutanota mobile apps

Tutanota's mobile apps for Android and iOS offer an excellent option for users on the go. These apps integrate all the vital features that make Tutanota shine. For instance, the ability to send encrypted messages and schedule events or appointments. Not all email platforms can do this.

The Android and iOS apps have similarities with the interface in the desktop clients. So it doesn't matter if you use a Mac, Windows, or Linux computer, or a mobile device. The consistent design helps users with a seamless transition from desktop to mobile.

Screenshot of the Tutanota iOS mobile app

Both free and paid subscriptions offer the mobile apps. Thus, all users can enjoy the same functionality on their mobile devices as on their desktop. Now it's a given that mobile apps offer convenience and portability. But many Tutanota users still prefer the desktop app due to the larger screen size and full keyboard support.

Email aliases

Tutanota offers a noteworthy feature – email aliases. These are alternative email addresses linked to your primary account. An email alias is quite beneficial if you want to categorize your emails or maintain separate email identities while using the same inbox. But it's worth noting that free accounts don’t have access to this feature. It’s exclusive to premium or business users.

Email aliases can help reduce spam. You can create aliases for different purposes like work and online shopping. You can also use an email alias when signing up for social networks or newsletters. This allows you to keep your primary email private. It reduces exposure to potential spam sources and minimizes the risk of having your main address sold to advertisers. 

Screenshot of the dialog box where you select an email alias on Tutanota

It's possible for an email alias to receive a lot of spam. The good thing is that you can deactivate it right away without affecting the primary email. As you can see, Tutanota's email alias feature offers a great strategy for maintaining a clean, organized, and spam-free inbox.

Keep in mind that email aliases are different from custom domains, another Tutanota feature. Yes, both allow for unique email identities. But custom domains take it a step further—it enables you to personalize your email address. This is useful to reflect business or brand identity. Take the custom email joesmith@smithfoods, for example. A user can create this with custom domains; not with email aliases.

Full-Text Search on encrypted data

Tutanota is the first email provider to offer a text search feature on an encrypted mailbox. Tutanota makes this possible by building an encrypted search index of your emails on your device. It then runs searches against that index also on your device. This has huge implications from a privacy standpoint. It means even Tutanota doesn’t have access to your index or your searches. 

Screenshot of the Tutanota user interface with the search box highlighted

Ease of Use and Setup

Highly recommended

Tutanota account creation

The Tutanota sign up process is quick and easy. You can do it in just 4 general steps.

1. Go to the Tutanota Pricing page and select a Personal or Business plan. Unless you go for the Free plan, you can choose to pay on either a Monthly or Yearly basis. You can choose Monthly first if you just want to give it a test run. That way, you can just cancel after 1 month if you don't like it.

2. Enter your desired Tutanota email address and enter a strong password.

3. Enter payment details.

4. Save the recovery code.

Screenshot of the screen that shows your Tutanota recovery code

That's it!

Your recovery code is very important. You'll need it to reset your password or second factor in case you somehow forget or lose them. Copy, paste, and save your recovery code in a safe place. A password manager with a secure notes feature is a good place to put it in. Don't know which password manager to choose? Check out these three password manager reviews. 

Using the Tutanota web client

Like all Tutanota clients, the web client isn't one of the sexiest email clients out there. It's designed more for function than form. It's got all the essential elements of a mail client. If you're familiar with the Gmail or Yahoo Mail web client, you should have no problem using it. 

Composing, sending, receiving, and organizing emails on this web client is straightforward. The interface is not exactly blazing fast. But it's not slow either. It's just what you'd expect from an electronic mail service that focuses on security. You'll experience similar speeds in Hushmail and Proton Mail. Other key features like the calendar, search, and contacts are easily accessible. You can find them at the top of the screen. 

Screenshot of the Tutanota user interface with the search box as well as the Emails, Contacts, and Calendar buttons enclosed in a box.

Tutanota enables you to organize emails through folders. While folders do help bring down inbox clutter, I wish Tutanota would also support labels. When you place emails in folders, they disappear from the inbox. You have to navigate into their respective folders to view them. Labels, on the other hand, allow you to classify emails without taking them out of the inbox. That makes emails much easier to find. Both Gmail and ProtonMail support labels, and I find them really useful. 

creenshot of the Tutanota mailbox with a folder highlighted.

Sending an encrypted email to a non-Tutanota user

It's easy to send encrypted emails with a Tutanota email account. First off, if the recipient is a Tutanota user, you don't have to do anything different. You just compose and send as you would with any common mail client. It's when you send to non-Tutanota users when you'll have to perform an additional step. Let me elaborate on that a bit. 

As soon as you enter an email address into the TO field, Tutanota will see if it belongs to a Tutanota email account. If it's not, a password field will automatically pop-up below the SENDER field. You're supposed to enter a password there before sending. As soon as you click send, Tutanota will store your message encrypted in its servers.

Screenshot of the Tutanota email sending dialog when the recipient is not a Tutanota user

Once you've sent your encrypted emails, your external recipients will receive an email. However, that email won't contain your message yet. Rather, it will contain a link that will direct your recipients to the Tutanota site. There, they'll be asked to enter the password you specified earlier. 

Screenshot of the screen that a non-Tutanota user recipient will see upon receiving a password-protected email from a Tutanota user

Any browser connecting to the Tutanota site will be forced to use TLS encryption. That includes your email recipients' browsers. As I said earlier, your email is likewise stored in encrypted form. That means you and your recipients will be performing end-to-end encryption. 

A diagram illustrating an email being sent to a non-Tutanota user

Customer support

Customer support is perhaps the weakest link in the Tutanota email service. They don't offer 24/7 or live chat support, two support services that can make a big difference when you need help. If customer support is an important requirement for you, check out Proton Mail. 

Premium accounts do get priority support via email. You can also reach them on social media. Tutanota is on Twitter, Facebook, and Mastodon, but they're most responsive on Reddit. I suggest you post your concerns there. Other members of the community reply from time to time. 

Screenshot of the Tutanota subreddit

Tutanota Mail FAQ FAQ

In this section, we delve into the frequently asked questions about Tutanota. We hope our answers can clear any cobwebs you might have about this online mail service. Let's proceed! 

Regular email services aren't very good at protecting user data. Your data can be easily compromised on their servers or in their email clients. Your data can also be at risk while being sent over the internet. You'll be easy prey to hackers, authoritarian governments, and other shady characters. If you're concerned about data privacy, you should use a secure email service instead. 

A diagram illustrating the dangers of sending unencrypted email

A secure email service has features for preventing data loss or data leaks. Also, the people running them are more likely to exercise security practices. This makes secure email perfect for handling private or sensitive data. For example, businesses use them to send personally identifiable information or PII. This is crucial if you don't want to fall victim to a data breach. 

A huge part of secure mail is the ability to apply message encryption. When your email message is encrypted with your private key, no one can read that message but you. Top secure mail providers take encryption to the next level. They apply what you call end-to-end encryption. This keeps emails encrypted from your device all the way to your recipient. No one can access your emails, not even the providers themselves. 

There a number of Tutanota alternatives that offer end-to-end encryption. Two email providers stand out: Proton Mail and Hushmail. Both offer robust privacy features that many users find valuable. In the secure email sector, these two would be good options.

Proton Mail, based in Switzerland, provides a comprehensive level of security. It offers end-to-end encryption and zero-access encryption. What does this mean? Well for one, it guarantees that your emails always remain private. This also means that even Proton Mail cannot decrypt and read your mails. 

Then there's also Hushmail. Hushmail is a Canada-based service that's been providing secure email solutions since 1999. It stands out with its user-friendly features. One such feature is automatic encryption that doesn't need complex setup. On the downside, they don't offer a free version. 

Here's a table comparing the features of these secure email providers. This should help you have a better understanding of their services.

Individual plan monthly cost if billed annually$3.30/month / User€3.99/month / User€3.00/month / User
Storage per user10 GB15 GB20 GB
Attachment size20 MB25 MB25 MB
Encrypted email
Encrypted email to non-subscribers
OpenPGP encryption
Unlimited email alias
Electronic signatures
Web forms
Free Version
Two-factor Authentication

Yes, a Tutanota free account is worth it. If you're looking for a basic level of secure, end-to end-encryption, this is all you would need. However, certain benefits are exclusive to the premium account. Premium users for instance, gain access to features like custom domains. This is a necessary tool for businesses aiming to maintain their brand image. 

A screenshot of the Tutanota pricing page with the Free version highlighted

Premium account holders also enjoy priority customer support. This means they get faster responses to their needs and concerns. An added perk of a premium subscriber is the ability to use an unlimited number of calendars. Lastly, premium users have the advantage of being able to set up inbox rules. This is a handy feature for organizing one's inbox and simplifying email management. 

So the bottom line is that the free account offers good security and that's about it. But the premium account, with its enhanced features, elevates the user experience. It's up to you to decide based on your requirements.

One big advantage of emailing another Tutanota user is the seamless end-to-end encryption. All components are tightly integrated. The sending and receiving email clients as well as the servers are built and managed by one entity. Thus, you can be 100% sure that your email will be encrypted all the way. 

​​Yes, Tutanota does encrypt your email subject lines. This can further enhance the security of your already-secure message. Many email services that offer end-to-end encryption don't encrypt subject lines. Tutanota is an exception. While a subject line may not provide a lot of information, it can give clues about an email's contents. That may be enough to get you in trouble or tracked. 

Tutanota servers are based in Germany. This has huge implications from a privacy standpoint. The European Union (EU) itself has some of the strictest data privacy laws on the planet. And of all EU member states, Germany is among the top when it comes to privacy protection. With all your data stored in Germany, you'll by covered by two stringent data protection laws. One is the EU General Data Protection Regulation (GDPR). The other is Germany's own Federal Data Protection Act. 

To comply with these laws, Tutanota must ensure the privacy and protection of user data. Failure to do so may result in severe penalties, which can run up to millions of euros. In 2021, for instance H&M Hennes & Mauritz Online Shop A.B. & Co KG was fined 35.3 million Euros for violating the GDPR.

Tutanota isn't a self-proclaimed secure email provider. Tutanota data centers are actually ISO 27001-certified. ISO 27001 certification is a globally recognized standard. To be certified, data centers have to undergo rigorous third party audits. Auditors verify if the data centers provide secure environments for user data. This certification makes me feel safer. I know that my data is in good hands.

How useful was this post?

Click on a star to rate it!

Average rating 4.5 / 5. Vote count: 431

No votes so far! Be the first to rate this post.

As you found this post useful...

Share this on your social media!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?


Full Time Digital Nomad

About The Author

Hi! I’m Trevor James, a Canadian YouTuber who travels the world full-time. I make videos about food, travel, and cybersecurity. I have been traveling the world and making videos for over 10 years. You can read more about me here.


Get Now

How useful was this post?

Click on a star to rate it!

Average rating 4.5 / 5. Vote count: 431

No votes so far! Be the first to rate this post.

As you found this post useful...

Share this on your social media!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?