Proton vs Tuta vs Self-Hosted: Email Privacy, Practically Assessed

“Private email” is one of those phrases that sounds like a single product and is in fact three completely different bargains. You can pay an encrypted provider to hold your mailbox in a way they can’t read. You can pay a different encrypted provider with a different idea of how that should work. Or you can host the lot yourself and own the whole problem. I’ve run all three at various points, and the right answer depends entirely on which trade-off you can live with — so let’s be specific about what each one actually costs you.

1 The fundamental limit nobody can sell their way around

Before comparing anyone, accept the uncomfortable truth: SMTP — the protocol that moves mail between providers — is plain text by design. The moment you email someone on Gmail, the content of that message lands on Google’s servers in a form Google can read. No provider can encrypt mail you send to people who aren’t using their encryption. So “encrypted email” really means: encrypted at rest in your mailbox, and end-to-end only between users of the same scheme or those exchanging PGP keys. Keep that in mind, because the marketing blurs it relentlessly.

2 Proton Mail

Proton encrypts your mailbox with your password so they can’t read stored mail, supports PGP for end-to-end with other PGP users, and has built out a wider ecosystem — VPN, calendar, drive, a password manager. It’s in Switzerland, which buys a reasonable jurisdiction story.

The practical catches: because of the encryption model, you can’t use a normal IMAP client directly — you run Proton Bridge, a local app that decrypts and re-serves your mail over localhost to Thunderbird or mutt:

# Proton Bridge exposes a local IMAP/SMTP endpoint after login:
IMAP:  127.0.0.1:1143  (STARTTLS, password from Bridge)
SMTP:  127.0.0.1:1025  (STARTTLS, password from Bridge)

Bridge is paid-tier only, and it’s a process that must be running for desktop mail to work. Search is also limited because the server can’t read your messages to index them — you get client-side search instead, which is slower over a big archive.

3 Tuta

Tuta (formerly Tutanota) takes encryption further: it encrypts the subject lines and metadata too, not just bodies, and even the address book. That’s a stronger at-rest story than Proton’s. The price is that Tuta does not speak standard PGP and does not offer an IMAP bridge at all — you use their apps, full stop. Mail to non-Tuta users is sent either as a normal (unencrypted-in-transit-only) message or via a password-protected link the recipient opens in a browser.

So Tuta is more private in storage but more isolated in practice. If you live in their app and mostly email other privacy-minded people, it’s excellent. If you need IMAP, a desktop client of your choice, or PGP interop, it will frustrate you fast. It’s German-jurisdiction and notably cheaper than Proton at the low tiers.

4 Self-hosting

Now the masochist’s option, which I say with affection because I do it. You own a domain, run a mail server, and nobody but you holds the mailbox. Mailcow or Mail-in-a-Box bundle the painful parts — Postfix, Dovecot, antispam, webmail — into something installable:

# Mailcow, roughly:
git clone https://github.com/mailcow/mailcow-dockerized && cd mailcow-dockerized
./generate_config.sh        # asks for your mail hostname
docker compose up -d
# Then the real work: SPF, DKIM, DMARC, PTR (reverse DNS), and TLS.

The software is the easy 20%. The hard 80% is deliverability. You need correct SPF, DKIM and DMARC records, a clean static IP with matching reverse DNS, and a residential ISP that doesn’t block port 25 — and even then, Gmail and Outlook may shunt you to spam for months while your domain earns reputation. Self-hosting gives you maximum ownership and maximum at-rest privacy (it’s your disk), but the encryption-at-rest is only as good as your own disk encryption, and you are now personally responsible for security patches, backups, and the spam war.

5 So which one?

• Proton if you want strong privacy, PGP interop, a desktop client via Bridge, and a tidy ecosystem — and you’ll pay for it.
• Tuta if you want the strongest at-rest encryption including metadata, are happy living in their apps, and want it cheap. Skip it if you need IMAP or PGP.
• Self-hosted if ownership is the whole point and deliverability headaches sound like a fun weekend rather than a nightmare.

6 The verdict

For almost everyone who just wants out of Gmail, Proton is the pragmatic pick: it gives real at-rest privacy without forcing you to abandon standard clients. Tuta is the better privacy answer on paper and the worse interoperability answer in daily life. Self-hosting is the only option that truly removes the third party — but you become the third party, with all the duties that implies, and your mail’s privacy-in-transit is no better than anyone else’s because SMTP is SMTP. Whichever you choose, buy your own domain. It’s the one decision that makes the next migration a DNS change instead of a divorce.