Country restriction for account
Each individual user account should be able to restrict their account to certain countries. E.g. a user based in Germany, travelling frequently to Switzerland and Norway could restrict his account to those 3 countries. If anyone tries to login from another country, e.g. China then access would be denied even if the passphrase for the account would be correct.
FOR USERS WHO DON'T USE TOR OR ALWAYS VPN
Not so sure about this. I travel quite a bit for work, and the Hotmail "You don't seem to be where you're supposed to be" message (with subsequent blocking access to my messages) is real and genuine pain in the behind. Furthermore, some people, and we're talking privacy and anonymity now, use rotating VPNs and/ or random proxies. These too could be denied access to their messages. And this one also just popped into my mind: why do you/ people use Tutanota? It is very likely that motivation has something to do with privacy and anonymity - so let's register a location beacon so we don't know where you are or go to frequently... Or lock your account on a MAC of your mobile, so we know within a couple of yards whether you had coffee with your neighbor...
I don't think browsers can check for MAC addresses. In general I think it would be much more easy to use IP geolocation features for this. The idea is very good, sure there are some ways around it with VPN however it keeps 99% of the scam away. Many banks use/offer such feature for their Maestro card/CC card usage, e.g. customer can choose within ebanking in which countries his cards will work. It's something like a country whitelisting.
What happens if we limit login to certain MAC addresses? Personal Laptop, mobile/tablet etc. therefore only you can access it (excepting that someone can emulate your MAC addresses). at least it would limit the rest of the world. Thoughts?
Instead of restricting the account, there should be an email alerting the user if the account has been accessed from another country similar to Outlook.com.
It's not about white / blacklisting senders, it's about blacklisting / white listing countries from which the Tutanota server accepts logins. If my account is approved for Luxembourg, I can login to my Tutanota account only from Luxembourg, and not from any other countries. This would keep away most automated login tries, and even if someone managed to steal my passphrase they could not login if they are not based in Luxembourg. Sure they could use a VPN server however for that, they would have no specifically know that my account is only white listed in Luxembourg. Any failed login attempt from a not white listed country should send a security alert with IP, country, timestamp etc. from the login attempt.
Looking at the comments, I wonder if a whitelist might work better.
You then can refuse all mail from anyone, except from a few people who you like to communicate with. Then it doesn't matter from what country they send email to you, and every other crap will bounce back to the sender.
Then you have somekind of a public key. The whitelist is a lock, and the address of a friend is a key.
I don't think it's pointless as most attacks come from specific countries, according to my firewall logs. Sure they could use VPN, but most don't. And if they do, they don't know which country has been approved from this account or not. For sure if you live in the U.S. it's probably not a huge benefit because this is something they'd try first. But I come from a small country they'd probably never guess so I would feel much more safe, at least from generic account attacks. There is a reason why banks use such methods, and also many other providers e.g. LastPass and and and....
This feature would be a serious source of trouble for some people and not much of a benefit for anyone. Hackers from China or Russia (or the USA!) can use a VPN service to access the compromised account from an "approved" country, thus not being blocked at all.
Although it's rare that ISPs report being from a different country than they really are (I've heard of some cases, so it does happen), the issues will occur when the user travels to a different country and forgets to set this as an approved country, or as mentioned access the email via a VPN provider in a different country.
Of course, if default is no restriction, users only get the problems they create themselves, but given the only security benefit can be so easily avoided, I'd say it's rather pointless.
Willy I guess it's not meant that the service should compare your login IP's and when it finds something suspicious it asks for further info. I think it's meant to be some kind of geo-blocking. The user can in his user account open a page and select all countries from which his login will work. For all not selected countries access will be denied in any case. So even if you're using a VPN you can select the countries you are using with your VPN provider. It keeps away China, Russia and other countries where many hacking attacks come from.
I already put up with that nightmare from Gmail and Outlook when using a VPN service. They throw a fit and request a secondary confirmation which is a PIA.
It's funny how Gmail and Outlook are the only email services that have this issue.....none of my other "secure" email services have a problem with my log in IP address.