What is the best secure email provider?
When it comes to secure and private messaging services, two big names stand out: ProtonMail and Tutanota. Both services offer a free account so you can try them out, but what do each do differently?
In this section:
What makes ProtonMail and Tutanota different?
ProtonMail and Tutanota are two secure email providers that put security and privacy above all else. This includes supporting end-to-end encryption to make interception nearly impossible, protecting your identity by not keeping logs or requiring tons of personal information during registration, and providing secure methods of communicating with people who use "regular" email providers such as Gmail or Outlook.
This increased security comes at the expense of convenience and functionality. You may need to use a dedicated mobile app to access your email, for example (as opposed to your smartphone's default email app). With Gmail, the Google Assistant can help bring up relevant information by scanning the contents of your Gmail inbox, but secure email services can't because the data is encrypted.
Since secure email is a niche, free accounts aren't as generous as with Google and Microsoft's offerings (ProtonMail offers 500MB versus Tutanota's 1GB.) Secure providers lack features like an app from integrated chat or a powerful search engine, but these losses often apply to those who value privacy and enhanced security.
Both vendors support advanced encryption
Of course, ProtonMail and Tutanota support Basic Transport Layer Security (TLS), which is used by all major email providers. This provides a basic layer of security between your computer or smartphone and the server responsible for storing and sending emails. These are table stakes for any courier.
Plus, your inbox content is end-to-end encrypted on the server, meaning only you can read it. In the event of a data breach, your data would be virtually useless, as it is encrypted with a key that will (currently) take forever to break. This is something that Gmail, Outlook.com, and regular email services don't offer.
ProtonMail and Tutanota support simple end-to-end encryption between users of the same service. If you send an email from your ProtonMail account to another user of the same service, it will be automatically secured and signed with a key that only the recipient has. There is no need to configure anything else when communicating with someone who uses the same service. In addition to this, ProtonMail also supports PGP.
Pretty Good Privacy (PGP) is an additional layer of security for sending emails to virtually any email address in an encrypted format. Messages are locked with the recipient's public key and can then be decrypted with a private key known only to the recipient. With ProtonMail, this can be configured to work "automatically" with designated contacts, taking care of the encryption / decryption process for you.
Tutanota does not explicitly support PGP, although you can still encrypt and decrypt your mail manually if you wish.
Both allow secure messaging with "normal" messaging providers
If you can't convince your contacts to switch to a secure email provider or adopt PGP, ProtonMail and Tutanota are here for you. Each provider has the option to send an encrypted message to any email address. The process is virtually identical for both:
- Compose an email and choose to password protect it, then tap send.
- The recipient receives notification of a new message, but the message does not appear in the body of the email.
- Instead, the email contains a link to the ProtonMail or Tutanota servers with a password field.
- The recipient enters the password in the field and reads the message.
It works pretty much the same between the two providers, except that Tutanota encrypts both the message body et subject line, while ProtonMail only encrypts the body of the message. It doesn't present a huge risk if you are using the old service. Just make sure your subject lines don't contain any sensitive information.
Messages sent this way via ProtonMail expire in 28 days or less (with an option to specify less time), while Tutanota messages are only available until another email is sent to the same recipient. .
ProtonMail is in Switzerland and Tutanota is in Germany
The country in which your data is stored is important. Germany and Switzerland both have strict privacy laws, with Germany currently considered one of the toughest privacy advocates among EU countries. Switzerland is considered neutral (and is not part of the EU).
Tutanota wrote a blog post explaining why the company is located in Germany, citing laws like the Federal Data Protection Act, which prohibits data collection and backdoor access to encrypted data. ProtonMail also wrote a blog post about its decision to host data in Switzerland, which recognizes the changing nature of privacy laws in the country while noting that ProtonMail cannot be forced to spy on its users. .
It is difficult to say which is the safest jurisdiction in terms of data privacy. While Germany has stricter laws, the country is also part of the Fourteen Eyes, an international intelligence-sharing community.
Since both providers use end-to-end encryption to secure the content of their servers, data is likely to remain secure even if German or Swiss authorities demand its transfer.
Both services rely heavily on open source code
Making the source code accessible to everyone is important to a service that sells itself on privacy and security. If your code is open source, it can be audited by anyone. The more transparent a supplier is, the more you should be able to be confident that they keep their promises.
That being said, neither service is fully open source. In the case of Tutanota, server-side software has not yet been made fully open source. The client-side web interface and mobile apps are already open source, and Tutanota admits, "The only problem left for us is to open the server part of Tutanota as well."
ProtonMail has a similar commitment to be open source. ProtonMail's web interface has been fully open source since version 2.0, the iPhone app was open-source in 2019, and the Android app followed a year later. The company said it has no plans to release the source code for its main server component because it will provide "information on how we are doing anti spam and anti abuse."
Most of the technologies that go into the two packages, including encryption protocols and ProtonMail's implementation of OpenPGP, are already open source.
Tutanota offers a more attractive free option
For private use, Tutanota provides 1 GB of storage for a single user, limited search capabilities, and a single calendar. There is no restriction on the number of messages you can send or receive in a day or on the way you organize your mail.
ProtonMail offers 500MB for a single user, a limit of 150 messages per day and three labels with which to organize your mail. This makes ProtonMail more limited for free users than Tutanota.
No service is "complete" without upgrading to access features like custom domains, inbox rules, email aliases, autoresponders, and better support. This is another area where secure email providers are forging a different path from their free webmail rivals. If you want a reliable and secure email address, you will have to pay for it.
ProtonMail is more expensive
A direct price comparison is difficult, as the two services have different plans and different offers. If you plan to pay for a courier service, however, ProtonMail is the most expensive, with its cheapest plan starting at $ 48 / year or € 48 / year, with monthly plans also available.
For that, you'll get a whopping 5GB of space, up to five email addresses (aliases), support for a single custom domain, and access to filters and an autoresponder. ProtonMail always sets a limit of 1 outgoing messages per day, although this is a “soft limit” based on how you use your account. You get a maximum of 000 labels for organization purposes.
Tutanota starts at just € 12 / year (around $ 14), but you'll still only get 1GB of storage in total. You also get a unique custom domain, five email aliases, full search access, and the ability to create inbox rules. There is also no limit on daily messages or labels.
While Tutanota is cheaper, it also allows you to build your ideal messaging plan. You can add users, aliases, storage, and additional services like a secure contact form for your website, then pay a single monthly subscription for it all. ProtonMail takes more of an all-or-nothing approach.
Tutanota supports search for email body
Being able to search your inbox is a feature you probably take for granted, but with secure messaging, it's not that simple. Due to the way emails are end-to-end encrypted, searching your inbox is not possible with ProtonMail. You can only search by subject lines, senders, recipients, and time. This is because ProtonMail's servers cannot decrypt your email.
By comparison, Tutanota also encrypts your email on the server. In 2017, the service announced that searching the body of an email would now be possible. This takes place locally on the user's device and can be done either in a browser or using a dedicated mobile app. This happens without sacrificing privacy, since the search tasks are performed by your local machine instead of the server.
If research is a big deal for you, Tutanota has the edge here.
Both services require dedicated mobile applications
Neither ProtonMail nor Tutanota are compatible with “ordinary” out-of-the-box email clients. ProtonMail paid accounts have access to ProtonMail Bridge, which extends service support to popular email clients such as Outlook, Thunderbird, and Apple Mail on Windows, Mac, and Linux workstations. Tutanota instead relies on dedicated desktop clients for Windows, Mac, and Linux.
To access either service on a smartphone, you will need to use the dedicated ProtonMail (iPhone, Android) or Tutanota (iPhone, Android, F-Droid) applications. There is no support for basic email clients due to the way data is encrypted on the server.
Has secure email piqued your interest? Protect your privacy while browsing the web with a VPN.
