@Tutanota Time to look into a better DDos mitigation solution like @Cloudflare , seeing as all your traffic is encrypted anyways 
@Tutanota They do offer keyless SSL, though I'm sure they can still get their tentacles in. https://www.cloudflare.com/ssl/keyless-ssl/
@Tutanota Although... Note: Keyless SSL requires that Cloudflare decrypt, inspect and re-encrypt traffic for transmission back to a customer’s origin.
I'd stick with your original thoughts 👍
@meatstheanswer I'm not a developer, but as far as I know cloudflare needs the SSL keys to execute this service - keep in mind that not *all* emails in Tutanota are sent end-to-end encrypted.