Sorry we shut you out, says Tutanota: Encrypted email service weathers latest of ongoing DDoS storms

2020-09-14 14:27

Encrypted email biz Tutanota has apologised for accidentally shutting its own users out while fending off the latest of a series of distributed denial-of-service attacks.

"It is a challenge to protect a privacy-focused service such as Tutanota from DDoS attacks because we need to block high-level application attacks ourselves," co-founder Matthias Pfau told The Register.

In a statement published this morning, the encrypted email provider said: "While we were able to mitigate most of the [latest] DDoS, an overreacting IP-block to fight the attacks led to hundreds of users not being able to access Tutanota for multiple hours this Sunday. We deeply apologize for this mistake; it has now been fixed."

German DDoS mitigation service Link11 is being used by Tutanota to block low-level "Volume" attacks, while high-level attacks continue to cause behind-the-scenes head-scratching.

Pfau highlighted, in the latest Tutanota blog post about the ongoing attacks, that turnkey DDoS mitigation services would require access to Tutanota's SSL certificates, something the firm is not willing to do.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/09/14/tutanota_ddos_storms_ongoing/

#ddos #email #encrypted