Skip to main content

Dear DocuSign community,


we have noticed the following point, which could lead to forgery of the signature: If a signatory does not open the document, but only forwards the mail itself to a person who is not stored as a signatory in the entire workflow, this recipient can open the document and sign on behalf of the person originally stored. How can this be prevented? 
In our opinion, this is not possible by adding a code, as this code is contained in the mail that is forwarded.
Creating the highest security level when sending would be too much effort for what is in this case a simple signature process.

Thank you very much in adcanve for your reply!

Katrin

@Katrin

Not forwarding the email that contains the personal link to DocuSign eSignature for signing is most important and this is also emphasised in the “Do Not Share This Email” section. This is how it can be prevented. This not forgery of a signature but a user error in sharing the access with someone else by forwarding the email. It is like giving that person the car keys. If they want and there is no additional security in place they are able to open the car and perform actions afterwards, in this case signing the documents.

This DocuSign Support article will give you more details on forwarding signing invitations.

For internal signers you can enforce a login into the DocuSign eSignature account to prevent this when you claim the domain and configure the settings accordingly. If you set up an Access Code, this needs to be shared by you with the recipient. It should not be included in the DocuSign email body and be communicated on a different way, so not via email.


Hello, @Katrin 

 

Welcome to the DocuSign Community!

 

There are some options depending on your account plan.

 

  1. Add an Identity verification
    SMS - the recipient who must sign provide to you his/her mobile number so when the notification email arrives, clicking in the Review button will make a pop-up windows shows up to send a security token to the mobile phone, only who is the owner of that number will get the token, he/she needs to type the security token in a pop-up window to get access to the envelope, that will be recorded in the Audit trail document.
     
  2. Add an Identity Verification 
    IDV - you can select one of the IDV verification accordingly available for your country to check a Driver License or Passport document, thus the recipient must have the Driver License or Passport to confirm his identity. 
     

I hope that helps!

Alexandre


Many thanks for your replies!

Unfortunately, it will be difficult to prevent forwarding by all of our suppliers and customers no matter what the guidelines say. They often have little digital maturity and would hand out their car keys as well ;-) 

SMS verification or other validation is not always possible as we do not have the mobile numbers of all potential recipients (or do not even know them by name) or the recipients don´t have a mobile phone for business purposes.

This means that we will have to check more closely whether we can use docusign for our simple standard cases where we cannot or do not want to carry out any additional verification.


Hello @Katrin , 

 

Thank you for reaching back and sharing your concerns.

 

We apologize for any inconvenience this may have caused you, however, any feedback that can improve our users’ experience is always more than welcome. 

 

If you’re a DocuSign Administrator for a corporate plan, you have the additional option of filing your request directly when you’re logged into your account. You’ll be able to click the “Give Feedback” button at the bottom of the screen to submit your idea.

 

If you found our response to be a useful solution to your question, please mark it as the best answer by clicking “Select as Best” to make it easier for other users to find.

 

Let us know if you need further assistance with this.

 

Best regards, 

Nathaly | DocuSign Community Moderator 

"Select as Best" below if you find the answer a valid solution to your issue!

 


Reply