Page Overview: SecureMail Registration

Secure Email communication with the BMW Group.

End-to-end email encryption.

With end-to-end email encryption, an email is encrypted on the sender’s system and only the intended recipient can decrypt the email. Nobody in between can read or tamper with the email or its content. End-to-end encryption can be combined with digital signing. A digitally signed and encrypted email proves that indeed the email came from the declared sender and therefore validates his or her identity.

Options for encrypted email communication with the BMW Group.

  • S/MIME
  • PGP

 

 

Registration process for external partners.

You must register with the BMW Group SecureMail Gateway in order to be able to send or receive encrypted emails from the BMW Group. You need to have your PGP key or S/MIME certificate issued for your email address.

To register, request your BMW Group contact person to send you an encrypted email. If your key is already known, then the encrypted email will be delivered to you. If your key is not known then this email will be retained at our SecureMail Gateway and an automatically generated registration email will be sent to your mailbox from securemail.gateway@bmwgroup.com with further information on the registration process.

Registration is not required if your organization owns a domain key. Please send your domain key to Securemail.gateway@bmwgroup.com in a zipped file format. In case your organization uses a S/MIME domain key, please ensure to send the issuer certificate as well or else the email signature will be marked invalid.

Encrypted email communication using S/MIME.

Reply to the registration email by signing the email with your S/MIME certificate.  Once the email is delivered to securemail.gateway@bmwgroup.com, your S/MIME certificate will be stored on the BMW Group SecureMail Gateway.

If your S/MIME certificate is issued by a well-known provider, it will be automatically trusted, and the encrypted email will be delivered to you.

Encrypted Email communication using PGP.

Reply to the registration email by sending your PGP key (.asc file) as an attachment. Once the email is delivered to securemail.gateway@bmwgroup.com, your PGP key will be stored on the BMW Group SecureMail Gateway.

The encrypted email from your BMW Group contact person will be delivered to you upon successful validation of your PGP key.

Domain Certificates.

Download the domain certificates.

Valid from: Aug 31, 2020 to Aug 31, 2022
Thumbprint: c5b7db0506951d75f51293d007624649ddacd0a8

FAQ.

For a BMW Group employee, in order to be able to send an encrypted email to you, it is necessary to have your encryption public key. You can then decrypt the encrypted email intended to you using your private key.

The encrypted email will be delivered once your PGP key or S/MIME certificate has been validated. There is nothing to do on your side.

No, you must use PGP or S/MIME in order to communicate securely with a BMW Group employee. You can purchase S/MIME certificates from certificate authorities like GlobalSign, Verisign, SwissSign, Entrust, DigiCert or others.

Domain certificate is also known as gateway or organization certificate, which is issued to a company or organization.  Emails can be encrypted with the domain certificate instead of asking for the individual user certificate. This simplifies the process when many individuals from two organizations need to communicate in a secure and encrypted way via email.

This can happen when you haven’t stored the recipient’s certificate in your Outlook contact or the recipient’s certificate is not valid (anymore). Open the signed email from your BMW Group contact person and right click on the email address then click on Add to Outlook Contacts.

BMW Group headquarters shown from the BMW Welt.

TECHNICAL CONTACT FOR SECUREMAIL.