{{Short description|Free and open-source end-to-end encrypted email software and host}} {{Infobox website | name = Tuta | logo = Tuta logo.svg | logo_alt = | screenshot = Tutanota screenshot.png | screenshot_size = | caption = Screenshot of Tutanota | collapsible = | commercial = Yes | type = Webmail | registration = Required | language = Multilingual | country = Germany | url = {{URL|https://tuta.com}} | num_users = Over 10 million | programming language = | employees = 14 (Nov. 2020)<ref>{{Cite web|url=https://tutanota.com/blog/posts/new-team-member|title=Huge community support enabled us to employ our 14th team member: Welcome Jonas!|date=18 November 2020|publisher=Tutanota|access-date=28 December 2020}}</ref> | owner = Tutao GmbH | author = | launch_date = 2011 | current_status = Online }} {{infobox software | name = Tutanota client app | programming language = TypeScript and JavaScript | operating system = Microsoft Windows, macOS, Linux, iOS, Android | platform = x86-64, iOS, Android | repo = {{URL|https://github.com/tutao/tutanota/}} | license = GNU GPL v3 | developer = Tutao GmbH | ver layout = stacked | latest release version = {{Multiple releases |branch1=Linux |version1={{wikidata|property|preferred|references|edit@end|P348|P400=Q388|P548=Q2804309}} |date1={{wikidata|qualifier|preferred|single|P348|P400=Q388|P548=Q2804309|P577}} |branch2=Windows |version2={{wikidata|property|preferred|references|edit@end|P348|P400=Q1406|P548=Q2804309}} |date2={{wikidata|qualifier|preferred|single|P348|P400=Q1406|P548=Q2804309|P577}} |branch3=macOS |version3={{wikidata|property|preferred|references|edit@end|P348|P400=Q14116|P548=Q2804309}} |date3={{wikidata|qualifier|preferred|single|P348|P400=Q14116|P548=Q2804309|P577}} |branch4=Android |version4={{wikidata|property|preferred|references|edit@end|P348|P400=Q94|P548=Q2804309}} |date4={{wikidata|qualifier|preferred|single|P348|P400=Q94|P548=Q2804309|P577}} |branch5=iOS |version5={{wikidata|property|preferred|references|edit@end|P348|P400=Q48493|P548=Q2804309}} |date5={{wikidata|qualifier|preferred|single|P348|P400=Q48493|P548=Q2804309|P577}} }} }}
'''Tuta''', formerly '''Tutanota''',<ref name="itsfoss-2023-11-07">{{Cite web |last=Rudra |first=Sourav |date=2023-11-07 |title=Tutanota Rebranding as 'Tuta': What You Need to Know |url=https://news.itsfoss.com/tutanota-rebranding/ |access-date=2023-11-07 |website=It's FOSS}}</ref> is an end-to-end encrypted email and calendar app and a freemium secure email service run by Tutao GmbH, a German company established in 2011. In June 2023, the company said there were over 10 million users of the product.<ref>{{Cite web |last=published |first=Chiara Castro |date=2023-06-07 |title=Tutanota: what is the encrypted email service that just reached 10 million users |url=https://www.techradar.com/features/tutanota-what-is-the-encrypted-email-service-that-just-reached-10-million-users |access-date=2026-05-18 |website=TechRadar |language=en}}</ref>
==History== thumb|Tutanota logo from 2014 to 2024 Tutanota is derived from Latin and contains the words "tuta" and "nota" which means "secure message".<ref>{{Cite web |title=Tutanota Logo and symbol, meaning, history, PNG, brand |url=https://logos-world.net/tutanota-logo/ |access-date=2026-05-18 |language=en-US}}</ref> Tutao GmbH was founded in 2011 in Hanover, Germany.<ref>{{Cite web|url=https://www.maketecheasier.com/secure-email-services|title=5 of the Best Secure Email Services for Better Privacy|date=23 October 2015|publisher=maketecheasier|access-date=13 March 2017}}</ref><ref>{{Cite web |date=18 January 2012 |title=Amtsgericht Hannover Aktenzeichen: HRB 208014 |url=https://www.unternehmensregister.de/ureg/result.html;jsessionid=BD504882DD9AA2B27BDDDEEDC883AE27.web01-1?submitaction=showPrintDoc&id=8561326&pid=0 |archive-url=https://web.archive.org/web/20220922211947/https://www.unternehmensregister.de/ureg/result.html;jsessionid=BD504882DD9AA2B27BDDDEEDC883AE27.web01-1?submitaction=showPrintDoc&id=8561326&pid=0 |archive-date=22 September 2022 |access-date=22 September 2022 |publisher=German Company Register |language=de |quote=Gesellschaftsvertrag vom 25.11.2011 |url-status=dead }}</ref>
Since 2014, the software has been open-sourced and can be reviewed by outsiders on GitHub.<ref>{{Cite web|url=https://tutanota.com/blog/posts/secure-email-open-source|title=Secure Mail Service Tutanota Celebrates One Year Open Source|date=2 September 2015|publisher=Tutanota|access-date=13 March 2017}}</ref><ref>{{Cite web|title=Tutao GmbH|url=https://github.com/tutao|access-date=2020-07-17|website=GitHub|language=en}}</ref> The software completed a phase in beta status in 2015.<ref>{{cite web|last1=Natasha|first1=Lomas|title=Tutanota, An Open Source Encrypted Gmail Alternative, Heads Out Of Beta|url=https://techcrunch.com/2015/03/18/tutanota-exits-beta/|date=18 March 2015|website=techcrunch.com|publisher=TechCrunch|access-date=4 November 2015}}</ref>
In August 2018, Tuta became the first email service provider to release their app on F-Droid, removing all dependence on proprietary code. This was part of a full remake of the app, which removed dependence on GCM for notifications by replacing it with SSE. The new app also enabled search, 2FA and got a new reworked user interface.<ref>{{Cite web|url=https://f-droid.org/en/2018/09/03/replacing-gcm-in-tutanota.html|title=How Tutanota replaced Google's FCM with their own notification system|author=Ivan|date=3 September 2018|website=F-Droid|access-date=28 November 2018}}</ref><ref>{{Cite web |title=FOSS Project Spotlight: Tutanota, the First Encrypted Email Service with an App on F-Droid {{!}} Linux Journal |url=https://www.linuxjournal.com/content/foss-project-spotlight-tutanota-first-encrypted-email-service-app-f-droid |access-date=2026-05-18 |website=www.linuxjournal.com}}</ref>
The company announced a transition to 100% renewable electricity in March 2019.<ref>{{Cite web |date=2021-12-29 |title=Tutanota Secure Email Review - Privacy and Extra Features |url=https://cybernews.com/secure-email-providers/tutanota-review/ |access-date=2026-05-18 |website=Cybernews |language=en-US}}</ref> This decision coincided with employee participation in Fridays for Future protests.<ref>{{Cite web |title=Fridays for Future: Tutanota joins the climate demonstrations. |url=https://tuta.com/blog/join-climate-strike-fridays-for-future |access-date=2026-05-18 |website=Tuta |language=en-US}}</ref>
In November 2020, the Cologne court ordered monitoring of a single Tuta account that had been used for an extortion attempt. The monitoring function should only apply to future unencrypted emails this account receives and it will not affect emails previously received.<ref>{{Cite web|url=https://www.msn.com/en-us/news/technology/german-secure-email-provider-tutanota-forced-to-monitor-an-account-after-regional-court-ruling/ar-BB1bJDxx|title=German secure email provider Tutanota forced to monitor an account, after regional court ruling|date=8 December 2020|website=msn.com|language=en-US|access-date=19 January 2021}}</ref><ref name="TD9Dec20">{{cite news |last1=Moody |first1=Glyn |title=German Court Orders Encrypted Email Service Tutanota To Backdoor One Account |url=https://www.techdirt.com/articles/20201209/03061645849/german-court-orders-encrypted-email-service-tutanota-to-backdoor-one-account.shtml |access-date=6 September 2021 |publisher=techdirt |date=9 Dec 2020}}</ref>
On 7 November 2023, Tutanota announced it was rebranded to simply 'Tuta'. The former domain name tutanota.com now redirects to the shorter tuta.com.<ref name="itsfoss-2023-11-07" />
In November 2023, it was alleged that Tuta was being used as a honeypot for criminals with a backdoor from authorities. An ex-RCMP officer, Cameron Ortis, testified that the service was used as a storefront to lure criminals in and gain information on those who fell for it. He stated authorities were monitoring the whole service, feeding it to Five Eyes, which would disperse it back to the RCMP in order to gain more knowledge about the criminal underground. However, no evidence was presented to back up this statement, and Tuta repudiated the claim.<ref>{{Cite web |last=Tunney |first=Catharine |date=12 Nov 2023 |title=Alleged RCMP leaker says he was tipped off that police targets had 'moles' in law enforcement |url=https://www.cbc.ca/news/politics/ortis-testimony-transcripts-1.7026011 |url-status=live |archive-url=https://web.archive.org/web/20231118161815/https://www.cbc.ca/news/politics/ortis-testimony-transcripts-1.7026011 |archive-date=18 Nov 2023 |access-date=22 Nov 2023 |website=CBC}}</ref><ref>{{Cite web |date=2023-11-15 |title=Encrypted Email Service Tuta Denies It's a 'Honeypot' for Five Eyes Intelligence |url=https://gizmodo.com/tuta-email-denies-connection-to-intelligence-services-1851022465 |access-date=2023-11-22 |website=Gizmodo |language=en}}</ref><ref>{{Cite web |last=Long |first=Heinrich |date=2023-11-13 |title=Tuta Refutes Allegations of it Being a Front for Spy Agencies |url=https://cyberinsider.com/tuta-refutes-allegations-of-it-being-a-front-for-spy-agencies/ |access-date=2026-05-18 |website=CyberInsider |language=en-US}}</ref>
Tuta Mail has integrated post-quantum cryptography features through its protocol, TutaCrypt, replacing standard encryption methods like RSA-2048 and AES-256 for accounts created after March 2024.<ref name="BleepingComputer">{{Cite web |title=Tuta Mail Adds New Quantum-Resistant Encryption to Protect Email |url=https://www.bleepingcomputer.com/news/security/tuta-mail-adds-new-quantum-resistant-encryption-to-protect-email/ |access-date=2024-09-06 |website=Bleeping Computer}}</ref>
In October 2024, Tuta launched its standalone encrypted calendar app.<ref name="published">{{Cite web |last=published |first=Chiara Castro |date=2024-10-01 |title=After email, Tuta has made its calendar quantum-safe |url=https://www.techradar.com/pro/vpn/after-email-tuta-has-made-its-calendar-quantum-safe |access-date=2026-05-18 |website=TechRadar |language=en}}</ref> In 2025 the company confirmed plans to launch a file storage application, known as Tuta Drive, although no release date has been given. Tuta Drive entered closed beta in April 2026.<ref name="published"/>
==Services== ===Tuta Mail=== Tuta Mail is an end-to-end encrypted email service. Tuta Mail client is available for Android, iOS, Linux, MacOS, Windows and as a Web app. In March 2024, Tuta introduced a proprietary quantum-resistant hybrid protocol called ''TutaCrypt'' for its services.<ref>{{Cite web |last=Swayne |first=Matt |date=2024-03-18 |title=Q Got Mail: Tuta Launches Post Quantum Cryptography For Email |url=https://thequantuminsider.com/2024/03/18/q-got-mail-tuta-launches-post-quantum-cryptography-for-email/ |access-date=2026-05-01 |website=The Quantum Insider |language=en-US}}</ref>
===Tuta Calendar=== Tuta Calendar is an end-to-end encrypted calendar app that supports post-quantum cryptography. It was first released as an integrated calendar in Tuta Mail. In October 2024, Tuta released it as a stand-alone calendar app available for iOS and Android. In February 2026, Tuta released an add-on allowing Tuta Calendar to be integrated into Thunderbird.<ref>{{Cite web |last=Lekander |first=Alex |date=2026-02-18 |title=Tuta debuts Thunderbird add-ons to bypass IMAP and CalDAV limitations |url=https://cyberinsider.com/tuta-debuts-thunderbird-add-ons-to-bypass-imap-and-caldav-limitations/ |access-date=2026-05-01 |website=CyberInsider |language=en-US}}</ref>
=== Tuta Drive === Tuta Drive is an in-development end-to-end encrypted cloud storage service that will support post-quantum cryptography, like other Tuta services. The company received a €1.5M grant from the German Government to develop this service. An additional €0.6M has been allocated through a partnership with the University of Wuppertal.<ref>{{Cite web |last=Long |first=Heinrich |date=2023-07-04 |title=German State Grants Tutanota €1.5M for Post-Quantum Secure Cloud |url=https://cyberinsider.com/german-state-grants-tutanota-e1-5m-for-post-quantum-secure-cloud/ |access-date=2026-05-01 |website=CyberInsider |language=en-US}}</ref> In April 2026, Tuta launched a closed beta version of Tuta Drive. No public release date has been announced yet.<ref>{{Cite web |date=2026-04-16 |title=Tuta beat America's tech giants to quantum resistant cloud storage |url=https://www.techradar.com/pro/towards-a-full-private-digital-workspace-tuta-debuts-quantum-resistant-cloud-storage-ahead-of-google-drive-onedrive |access-date=2026-05-01 |website=TechRadar |language=en}}</ref>
==Encryption== When a user registers on Tuta, a private and public key is generated locally on their device. The private key is encrypted with the user's password before being sent to Tuta's servers. User passwords are hashed using Argon2 and SHA256.<ref>{{Cite web |title=Best Encryption with KDF |url=https://tuta.com/blog/best-encryption-with-kdf |access-date=2024-09-06 |website=Tuta}}</ref><ref>{{Cite web |title=What is a Password Hash |url=https://tuta.com/blog/what-is-a-password-hash |access-date=2024-09-06 |website=Tuta}}</ref>
Emails between Tuta users are automatically encrypted end-to-end. For emails sent to external recipients, a password must be exchanged for symmetric encryption. Tuta also encrypts subject lines and attachments of emails and calendars with metadata and search indexes.<ref name="x30">{{Cite web |title=Tuta Encryption |url=https://tuta.com/encryption |access-date=2024-09-06|website=Tuta}}</ref> The email addresses of users, as well as those of senders and recipients, are stored in plain text. The timestamps indicating when an email was sent or received are also not encrypted.<ref>{{Cite web |title=Tuta Support General |url=https://tuta.com/support/general |access-date=2024-09-06|website=Tuta}}</ref>{{Unreliable source?|certain=y|date=May 2026}}
Tuta uses a standardized, hybrid method consisting of a symmetrical and an asymmetrical algorithm - AES with a length of 256 bit and RSA with 2048 bit.<ref>{{Cite web |title=Proton Mail vs. Tuta: Who wins the battle for the best secure email? |url=https://privacysavvy.com/email/comparison/protonmail-vs-tutanota/ |access-date=2026-05-18 |website=PrivacySavvy |language=en-US}}</ref> To external recipients who do not use Tuta a notification is sent with a link to a temporary Tuta account. After entering a previously exchanged password, the recipient can read the message and reply end-to-end encrypted.<ref name="x30"/><ref>{{Cite web |title=Tuta |url=https://www.cybersecurityintelligence.com/tuta-8845.html| access-date=2024-09-06|website=Cyber Security Intelligence}}</ref>
Tuta Mail uses post-quantum cryptography features through its new protocol, ''TutaCrypt'' for its newly created accounts after March 2024. TutaCrypt combines traditional encryption methods with quantum-resistant algorithms to secure communications. It replaces the previous RSA-2048 keys with two new key pairs: * Elliptic Curve Key Pair: utilizes the X25519 curve for the Elliptic Curve Diffie-Hellman(ECDH) key exchange. * Kyber-1024 Key Pair: implements post-quantum key encapsulation using the CRYSTALS-Kyber algorithm.
TutaCrypt employs AES-256 in CBC mode alongside HMAC-SHA-256 for authenticated symmetric encryption. A transition to TutaCrypt for old existing user accounts created before March 2024 occurred in December 2024.<ref name="BleepingComputer"/><ref>{{Cite web |title=Tuta Mail Adds Quantum-Resistant Encryption via TutaCrypt |url=https://restoreprivacy.com/tuta-mail-adds-quantum-resistant-encryption-via-tutacrypt/ |access-date=2024-09-06 |website=Restore Privacy|date=11 March 2024 }}</ref> Tuta also stated that it does not use PGP due to its limitations in encrypting subject lines and lack of flexibility for algorithm updates. S/MIME is also avoided due to critical vulnerabilities identified in 2018.<ref name=":0" />
==Reception== Reviews by technology websites were generally positive for Tuta. In July 2023, TechRadar praised Tuta Mail as an "Excellent encrypted email platform" focusing on its broad features and intuitive design. However, it criticized the limitations in customer support and the cost of additional storage.<ref name=":0">{{Cite web |title=Tutanota secure email review|url=https://www.techradar.com/reviews/tutanota-secure-email|access-date=2024-09-06|website=TechRadar|date=21 July 2021 |language=en}}</ref> In June 2024, PCMag highlighted Tuta for its strong encryption and user-friendly interface with a rating of 4 out 5.<ref>{{Cite web |title=Tuta Mail Review|url=https://www.pcmag.com/reviews/tuta-mail|access-date=2024-09-06|website=PCMag|date=25 June 2024 |language=en}}</ref> CyberNews rated 4.6 overall, but criticized Tuta for its lack of PGP and IMAP support. It also pointed out Tuta's headquarters, Germany as a drawback for being a part in Fourteen Eyes Alliance.<ref>{{Cite web |title=Tutanota review: when privacy is a must |url=https://cybernews.com/secure-email-providers/tutanota-review/|access-date=2024-09-06|website=cybernews|date=29 December 2021 |language=en}}</ref>
== Account deletion == Tuta deletes free accounts that have not been logged into for six months. According to Tuta, this happens for security reasons and to help keep the service free.<ref>{{Cite web |title=Tutanota FAQ Inactive-accounts |url=https://tutanota.com/faq#inactive-accounts |access-date=2022-09-06 |website=Tutanota |language=en}}</ref>
Tuta has also been GDPR compliant since 2018.<ref>{{Cite web |last=Bratic |first=Vildana |date=2026-05-11 |title=Tutanota Review 2026 [Features, Pricing, Security & More] |url=https://www.cloudwards.net/tutanota-review/ |access-date=2026-05-18 |website=Cloudwards |language=en}}</ref>
== Censorship == Tuta has been blocked in Egypt since October 2019, and blocked in Russia since February 2020 for unknown reasons (although believed to be tied to actions against services operating outside of the country, especially those that involve encrypted communications).<ref>{{Cite web|url=https://www.techradar.com/news/tutanota-secure-email-service-blocked-in-russia|title=Tutanota secure email service blocked in Russia|last=Spadafora |first=Anthony|website=TechRadar|date=18 February 2020|language=en|access-date=2020-02-22}}</ref>
==See also== {{Portal|Free and open-source software}} * Comparison of mail servers * Comparison of webmail providers
==References== {{Reflist}}
==External links== * {{Official website}}
Category:Cross-platform software Category:Free security software Category:Free software webmail Category:Internet properties established in 2011 Category:Secure communication Category:Software using the GNU General Public License Category:Free software programmed in TypeScript Category:Free software programmed in JavaScript