
Tutanota aknowledge being under attack - 8jef
https://www.facebook.com/tutanota/posts/4666783140013399?__tn__=-R
======
thaniri
I'm actually a customer of Tutanota, and their product has been pretty good in
the last ~2 years I've used it.

Short of hosting your own email, I can't think of other email providers as
secure as tutanota. They tick off a lot of boxes: open source, hosted in
Germany, encrypted mailboxes, DKIM/DMARC support...

The only feature that might give people pause is that their search
functionality isn't great. I have pretty low volume of emails to my personal
inbox so it doesn't matter, but it might be frustrating to use as a work
inbox.

~~~
vin047
How does it compare to ProtonMail?

~~~
vinay427
I like Tutanota much more (except for the last week) for a few reasons. The
ones that come to mind include email search, more affordable pricing, and more
flexible domain allowances. Also, they tend to roll out new features on a
faster timeline, such as the recent addition of a new domain verification
method that few providers currently support (that I forgot the name of?) and
an in-app calendar.

------
tedunangst
Their blog post contains this interesting note:
[https://tutanota.com/blog/posts/ddos-attack-
tutanota/](https://tutanota.com/blog/posts/ddos-attack-tutanota/)

> We have long wanted to publish a status page. However, as a privacy-first
> email service, we cannot use Google services to host a status page (like
> most services do).

I guess Facebook doesn't count though.

~~~
perardi
I can’t get to their status page, which would seem to defeat the purpose of a
status page.

I wonder if a static page on Netlify would comply with their privacy stance.

~~~
userbinator
The fact that a status page is not reachable would itself imply the status of
the service whose status it reports, no? Especially since visiting the status
page is not normally done unless someone is having problems with the service.

~~~
lmm
Not really; part of the point of a status page is that it lets you distinguish
between "their service is down" and "the route between me and their service is
down".

------
perardi
If you prefer something that’s not Facebook:

[https://twitter.com/TutanotaTeam/status/1306344728745644033](https://twitter.com/TutanotaTeam/status/1306344728745644033)

I don’t know if we will get a report as to what happened, but Tutanota is
frequently used for…perhaps not entirely legal transactions. _(Not that I
would ever do such a thing, perish the thought.)_ I wonder if they made the
wrong person/drug syndicate angry…

~~~
ttul
They supply a steady stream of spammers and phishing gangs with email
addresses to use when signing up for email sending services. We blocked their
domains entirely because it is all garbage.

~~~
perardi
Huh, the email service that everyone uses to buy “research chemicals” via
Bitcoin attracts a shady audience? Shocking.

~~~
0xdeadb00f
FWIW, I find those types tend to recommend ProtonMail more than Tutonota

------
forgotmypw17
>Tutanota

>3:09 PM (Sep 20 2020)

>We are very sorry about this ongoing outage. We are working on fixing this.
While someone wants to stop you from using encrypted emails, we are committed
to not let that happen. Thank you very much for your patience and for
weathering this storm with us.

------
RandomWorker
Weird fb quirk that I never noticed, if you click on the link it goes to the
post. Then if I click ‘go back’ it doesn’t go back here, it opens the fb front
page. Then I click ‘go back’ again and I’m here. They somehow Load the front
page and then direct me to the post so quickly I don’t notice it when I’m
going to the post. I’m on iOS Safari...

~~~
spsful
Might be a mobile quirk? I tried it on Mac Safari and it went back like
normal.

~~~
RandomWorker
Given how spotty it is, it might be some weird A/B testing. I’m also logged in
to Facebook which might make a difference.

------
netsharc
If like me you never heard of them before:

Tutanota is an end-to-end encrypted email software and freemium hosted secure
email service.

------
armSixtyFour
They've been down most of the day in North America. I've been using the
service for about a year or so, without any problems but they have had at
least some down time almost every day for the last few weeks. How common is it
for botnet attacks like this to last so long?

------
rbecker
"You must log in to continue."

One would hope encrypted email providers would know better than to force
logging in to facebook to read their posts.

~~~
sincerely
I don't think that's up to the page owner. And you still have the option of
selecting [Not Now] and reading the post

~~~
macintux
I have often found that organizations (government or private) have no idea how
to configure privacy for their FB announcements so there is no way to view
public content without logging in, even if it is ordinarily available to
anyone with a FB account.

------
dapakaza
They don’t use DNSSEC, which means they can’t support DKIM.

They’ve given control of their DNS to NSA linked Amazon.

They’ll probably move their webmail to FBI linked Cloudflare next.

~~~
tptacek
Virtually no DKIM zones are DNSSEC signed.

DNSSEC itself is linked to the NSA.

------
UnnoTed
I tried their service 3 years ago, i couldn't receive emails and had to
contact them through reddit... at least i got a refund.

