on a sidenote:
Interesting comment on one of our other pages:
https://forum.bitcoin.com/dash/are-you-using-tutanota-email-t5548.html
Email services like Tutanota may be convenient but you need to be aware of the security tradeoffs. Tutanota only uses 2048 bit encryption while experts like Snowden recommend 4096. You can easily use 4096 bit PGP yourself with a utility like gpg4usb.
As important as the strength of your encryption is metadata in email headers. Three letter agencies love collecting metadata which can often help identity the sender of an email. If you want to eliminate metadata you need to look into a provider like sigaint which strips metadata from your email headers and sends your email over the Tor network.
To reiterate that services using 2048 RSA encryption are no longer secure see the
FAQ recently published by the NSA.
According to the NSA the following are no longer secure:
ECDH and ECDSA with NIST P-256
Diffie-Hellman with 2048-bit keys
All the popular auto PGP email providers like Tutanota and ProtonMail still use 2048 bit RSA and should be avoided. Use PGP yourself with a key strength of 4096 (stronger keys are possible to create but commercial PGP clients have trouble handling.)
I do not know of any free email services using automatic PGP encryption at 4096 strength yet. I also have some concerns storing private keys in the browser. Really, gpg4usb is pretty simple to use, just check their
online manual. Because gpg4usb is portable you can take it with you on a flash drive or store it in a Veracrypt container to protect your private key from snoopers.
While it is a good idea to use an email provider that does not log your IP and minimizes metadata you would be better off just using local PGP with Gmail than one of those email providers who encrypt and decrypt in your browser.
For a good comparison list of free and paid email providers check out
privacy conscious email services one should work for you. One thing everyone agrees on is to stay away from Safe-Mail and Hushmail.