ProtonMail vs. Tutanota: Who wins the battle for the best secure email?

Abeerah Hashim Last updated: September 21, 2022 Read time: 13 minutes Disclosure

Tutanota and ProtonMail are the leading email services for privacy enthusiasts. In this article, we compare them head to head to see which one is the best.

Email is the original Internet killer app, and it remains the crucial token of digital identity. But the service has changed over the last three decades. Even Hotmail email accounts do not resemble the functionality they offered in their early days, not to mention new services that forever changed the industry, such as Yahoo or Gmail.

But not only providers have changed. Users have changed as well, demanding new features in email services and thus pushing the industry forward. For example, the latest feature required by a new group of users is privacy. In this regard, the leaders in the secure email field are ProtonMail and Tutanota. Both vendors enjoy an immaculate reputation earned by showing a commitment to user privacy by protecting their emails from third-party snoopers, even when the snooper is the vendor itself.

So which one is the better email service? In this guide, we’ll have a look at both Tutanota and ProtonMail, show you all the relevant information to make an informed choice, and decide which is the best for you.

Overall winner: ProtonMail

Privacy and security in ProtonMail and Tutanota

Neither ProtonMail nor Tutanota has the size to compete with Gmail, Microsoft, Yahoo, or any of the other email big boys. They know that. That’s why they sell their services in terms that those industry leaders can’t match — security and privacy. And both vendors provide excellent services in that regard. For example, end-to-end encryption is available in both, which is uncrackable even by the provider unless they have the decryption keys.

The Tutanota environment encrypts more spaces than ProtonMail. But ProtonMail’s features are still better because of its restrictive spam filter, complete anonymity policy, and 256bit encryption (it’s 128 bit in Tutanota, which is inferior if still uncrackable). Also, ProtonMail is headquartered in Switzerland, whose laws are privacy-friendly, which also counts in favor of user privacy –Tutanota answers to the German law, which means that it’s beneath the rule of the 14 Eyes association.

Other differences include the IP address storage policy: ProtonMail stores none while Tutanota does keep them but hides them. Let’s examine both services in more detail.

Read also: Our comprehensive guide on how to use Tutanota secure email

Encryption

ProtonMail

User-to-user emails encryption is RSA 2048-bit; AES 256-bit for user-to-non-user emails. It uses OpenPGP. That is an industry-standard for email encryption that suffers from many shortcomings (it doesn’t encrypt subject lines or have perfect forward security). The encryption in ProtonMail ensures that the provider itself can’t decrypt or read your emails.


Tutanota

Encryption in Tutanota is almost the same as in ProtonMail except that the RSA 256-bit is 128-bit instead. Tutanota uses an improved OpenPGP protocol that encrypts subject lines and the plain text above the email body. It also improves over the original OpenPGP with perfect forward security –which means that hacking any given session won’t render any future session vulnerable. Your calendar and address book get the full encryption with Tutanota as well.

Related: How to encrypt your emails


Anonymity

Tutanota removes IP address information from every email. Thus you can’t trace any email to its originator, at least in terms of their IP address.

ProtonMail has the same feature, so your IP address will be safe from email recipients. That being said, a legal case prompted the Swiss government to request ProtonMail to log the IP address of a user.