Tutanota — When Email Privacy Needs to Actually Mean Something
There’s encrypted email, and then there’s “we use TLS, probably”. Tutanota doesn’t play those games. It was built from the ground up to actually protect emails — content, subject lines, attachments — all of it. No plugins, no copy-pasting PGP keys from one window to another. Just a secure mailbox that encrypts everything before it even leaves the device.
It’s open-source, based in Germany, and doesn’t rely on advertising, analytics, or “anonymous” telemetry. It also doesn’t assume everyone’s running a Google Workspace empire.
What It Does (And Doesn’t Do)
| Feature | Why It’s There |
| Full End-to-End Encryption | Encrypts email contents, subject lines, and attachments — not just the transport. |
| Built-In Secure Calendar | Encrypted events, reminders, metadata. Nothing exposed, not even to the host. |
| Encrypted Address Book | Contacts are stored encrypted. Tutanota can’t read them, even if it wanted to. |
| Custom Domain Support | Works with own domain names — not just @tutanota.com. |
| No Ads, No Tracking | There’s no ad system, no profiling — mailbox is sealed off from monetization. |
| Native Apps | Desktop and mobile apps exist and they actually work. No browser needed. |
| Secure External Sharing | Sends encrypted emails to non-users via passphrase-protected browser link. |
| Open Source Codebase | GitHub is public, audits are welcomed — this isn’t a black box with a logo. |
Where It’s Actually Useful
- Internal comms in law firms, NGOs, or media groups where “confidential” means something real.
- Teams looking to drop Gmail but still need encrypted, searchable mail — without running their own server.
- Doctors, therapists, or HR departments who don’t want to spend a week configuring PGP.
- Anyone who doesn’t want Google or Microsoft holding the encryption keys — or reading the metadata.
- Environments where GDPR or HIPAA is more than a compliance line on a spreadsheet.
Setup (Nothing Fancy Here)
- Create a Tutanota Business Account
Pick a plan. Even the cheapest one has full encryption. No trials, no freemium gotchas. - Connect Custom Domain
DNS setup is typical: SPF, DKIM, DMARC. Takes 15–30 minutes to propagate. After that, mail flows securely. - Add Mailboxes
Accounts are created in the admin panel. Each has its own keys. No shared encryption = no shared exposure. - Configure Mail Rules
Filters, auto-replies, spam settings — it’s all in the UI. Plus, external recipients get an invite to a secure webmail portal. - Install the Apps
The mobile and desktop clients are built by the same team — not outsourced, not white-labeled Electron shells. - Done
Once it’s running, it just… runs. No alerts. No nagging updates. Just mail, locked down and searchable.
Final Thoughts
Tutanota is quiet software. It doesn’t try to be a replacement for everything — no task managers, no shared inbox workflows, no calendars full of sticky notes. It just encrypts email properly and gets out of the way.
It’s not for enterprises obsessed with integrations. It’s for organizations that care about privacy enough to actually act on it — and don’t want to cobble together half-broken encryption with ten browser extensions.
Tutanota won’t win awards for complexity. But it wins where it matters: nobody else reads the mail. Period.
