SMTPTransport Layer Security (TLS)
Change Request Questionnaire
ABusiness Partner Contact Information
CompanyCompany Name*
Address*
Technical Contact 1
Name*
Email address*
Phone / Mobile number * / Phone: / Mobile:
Technical Contact 2
Name*
Email address*
Phone / Mobile number * / Phone: / Mobile:
BDaimler contact information
SupportContactTeam / Email Encryption Support
email address /
Phone number / +49 711 17 20170
Fax number / +49 711 17 20171
CChange Request
Change Request InformationRequested by *
Date of request *
Dateof implementation *
DTLS from Business Partner to Daimler
All Daimler SMTP inbound gateways are configured to accept TLS connections by default (opportunistic TLS).Thereby a sender (business partner) may send mails to Daimler over SMTP by using TLS (STARTTLS command) without extra configuration.
To enforce (and ensure) that all mails to Daimler are sent encrypted, the business partner has to configure its own gateway to enforce TLS over SMTP when sending mails for at least the following domains:
Daimler TLS informationDomain list for TLS /
- daimler.com
- mercedes-benz.com
- mercedes-benz-bank.com
- mbusa.com
- smart.com
- freightliner.com
- detroitdiesel.com
- mdc-power.com
Gateways / mail-in.daimler.com:25
TLS certificate CN / mail-in.daimler.com
TLS certificate issuer CA / Intermediate:VeriSign Class 3 Secure Server CA – G3
VeriSign Class 3 Public Primary Certification Authority - G5
Root: Class 3 Public Primary Certification Authority
ETLS from Daimler to Business Partner
To configure enforced SMTP for mails send from Daimler to the business partner, Daimler requires some information such as used domains and TLS configuration on business partner’s side.
Requirements:
- All mail gateways listed as the domains’ MX records must support STARTTLS.
- All mail gateways mustauthenticate themselveswith certificates issued by official CAs that havegood reputation. All mail gateways must provide the full certificate chain.
- The CN or Subject Alternative Name fields of the certificate must contain the FQDN hostname as returned by the MX records. Wildcard certificates only work for one level of the FQDN, not for subdomains.
- Self-signed certificates and custom CAs are not accepted.
- If you are using an email provider, it must be ensured that mails are neverexchanged over unencrypted channels between the provider and the MTA on your end. As the requester, you are responsible for making an appropriate agreement with your provider before submitting this request to Daimler.
Recommendation:
Prior to submitting this form, please check your servers e.g. by using The result should be “OK” for all fields and all servers. See the following example fordaimler.com:
Please provide this information by filling out all fields here:
Business Partner TLS informationDomain list for TLS (max. 10 domains) *
TLS certificate CN(s) *
TLS certificate issuer CA * / Daimler only supports official CAs. Please ensure that the full chain of intermediate certificates is provided by the mail gateways, as trust is only available for Root certificates.
Please provide Root CA name and URL to Root CA public key download:
Name:
URL:
Warning:
Daimler configures its mailservers to enforce TLS for the provided domains and mailservers. Please inform Daimler in advance you are planning to change your setup.
Unannounced changes might result in a permanent failure of mail delivery between Daimler and the provided domains and hence might have serious impact on our and your business processes.
FComments
If you want to provide Daimler with some comments, please add them here.
Your comments **GLegend
* / Mandatory fields** / Optional fields
Page 1 of 3Daimler SMTP TLS Version 1.08