mike-cardwell

Loads external images. By Default. With no option to turn off.

Not a viable webmail client for anyone who expects privacy.

[edit] The email that it sends to external addresses does not have a text/plain part, only html

[edit] Stores your email address in session storage and then pre-fills next time you log in. Does not let you opt in or out and doesn't warn you that this will happen. Unsuitable for a "public" machine.

[edit] Nice, they support DANE. When I email a Tutanota user, or a Tutanota user emails me (@grepular.com), SMTP is forced to use SSL or fail, and the certificate is forced to verify with the fingerprint published in our DNSSEC secured DNS zones. No SMTP MITM's here.

darklajid
I'd say these things are fixable so far [1].

- Image loading: I'd assume that this is possible to implement, given the current implementation?

- text/plain & multipart mails: I'd expect the same, really. Doesn't sound too bad to build it.

- same for session storage

I agree with all your points, but these are things that are conceptually quite viable, imo. I'd expect these to be valid issues on Github [1] and reasonably easy fixes, no?

1: https://github.com/tutao/tutanota