With end-to-end email encryption, an email is encrypted on the sender’s system and only the intended recipient can decrypt the email. Nobody in between can read or tamper with the email or its content. End-to-end encryption can be combined with digital signing. A digitally signed and encrypted email proves that indeed the email came from the declared sender and therefore validates his or her identity.
Secure Email communication with the BMW Group.
End-to-end email encryption.
Options for encrypted email communication with the BMW Group.
- S/MIME
- PGP
Registration process for external partners.
You must register with the BMW Group SecureMail Gateway in order to be able to send or receive encrypted emails from the BMW Group. You need to have your PGP key or S/MIME certificate issued for your email address.
To register, request your BMW Group contact person to send you an encrypted email. If your key is already known, then the encrypted email will be delivered to you. If your key is not known then this email will be retained at our SecureMail Gateway and an automatically generated registration email will be sent to your mailbox from securemail.gateway@bmwgroup.com with further information on the registration process.
Registration is not required if your organization owns a domain key. Please send your domain key to Securemail.gateway@bmwgroup.com in a zipped file format. In case your organization uses a S/MIME domain key, please ensure to send the issuer certificate as well or else the email signature will be marked invalid.
Encrypted email communication using S/MIME.
Reply to the registration email by signing the email with your S/MIME certificate. Once the email is delivered to securemail.gateway@bmwgroup.com, your S/MIME certificate will be stored on the BMW Group SecureMail Gateway.
If your S/MIME certificate is issued by a well-known provider, it will be automatically trusted, and the encrypted email will be delivered to you.
Encrypted Email communication using PGP.
Reply to the registration email by sending your PGP key (.asc file) as an attachment. Once the email is delivered to securemail.gateway@bmwgroup.com, your PGP key will be stored on the BMW Group SecureMail Gateway.
The encrypted email from your BMW Group contact person will be delivered to you upon successful validation of your PGP key.
Domain Certificates.
Download the domain certificates.
Valid from: July 08, 2024 to July 08, 2026
Thumbprint: c47939593c2bb131d30cb01c00472b31849343ba
FAQ.
For a BMW Group employee, in order to be able to send an encrypted email to you, it is necessary to have your encryption public key. You can then decrypt the encrypted email intended to you using your private key.
The encrypted email will be delivered once your PGP key or S/MIME certificate has been validated. There is nothing to do on your side.
No, you must use PGP or S/MIME in order to communicate securely with a BMW Group employee. You can purchase S/MIME certificates from certificate authorities like GlobalSign, Verisign, SwissSign, Entrust, DigiCert or others.
Domain certificate is also known as gateway or organization certificate, which is issued to a company or organization. Emails can be encrypted with the domain certificate instead of asking for the individual user certificate. This simplifies the process when many individuals from two organizations need to communicate in a secure and encrypted way via email.
This can happen when you haven’t stored the recipient’s certificate in your Outlook contact or the recipient’s certificate is not valid (anymore). Open the signed email from your BMW Group contact person and right click on the email address then click on Add to Outlook Contacts.