Microsoft quarantining "dangerous" emails from docusign.net
I am a security admin for our Microsoft 365 account. Today all emails from dse_na4@docusign.net are being stripped and held due to “containing malicious URL”. These emails appear to be legit. They are related to envelopes actively in the signing process, and we have verified that the document activity attached matches what we see when logging directly in via DocuSign.com. When browsing directly to www.docusign.net, our browsers are also flagging docusign.net as a dangerous/malicious website. The combination of MS and browsers flagging as dangerous has us concerned, and we have asked our users to pause use of DocuSign momentarily until we can confirm.
Is there any currently known active threat that is being managed on the docusign.net domain?
Thanks!
Page 1 / 1
@NorCalTim There are a few URLs I would recommend to lookup current Instance issues and overall Security type concerns:
On the Alerts site there is some indication that a new SSL Cert is available for NA4 but not sure that would cause issues unless the Cert had expired on your side.
Last I would suggest creating a DocuSign case to determine if there are any other concerns that might indicate an issue either internally or on the DocuSign side.
Thank you, that makes sense. I did also create a support ticket and they have offered advice regarding MS Defender settings. I appreciate the quick reply!
Same issue affecting our organization. What settings did they offer for Defender?
@NorCalTim
Can you post the details they sent you Sir?
This has been occurring for us as of 5/13/24 for DSE-NA3 and NA4 and has significantly affected our normal operation. Will be taking this up with them, for now I have had to create manual entries to allow these.
Hello @NorCalTim, @ScoutClinical, @ColinGray and @Michael Minnis
Welcome to the Docusign Community and thank you for posting your concerns!
I’m sorry to hear all of your unfortunate experience regarding the URLs being received. I understand that due to this, it is flagging the emails as dangerous.
At Docusign, we take security seriously, and we value our user community's role in helping us maintain the highest standards. To ensure a secure experience for all, we encourage our users to learn how to identify and report potential security concerns effectively. Visit this support article (https://www.docusign.com/trust/security/incident-reporting) to discover the best practices for spotting potential vulnerabilities and reporting them to our dedicated security team. By working together, we can ensure the ongoing safety and reliability of Docusign for everyone.
Let us know if you need further assistance with this.
Best regards,
Nathaly | Docusign Community Moderator "Select as Best" below if you find the answer a valid solution to your issue!
Hi Team,
We have received an email from dse_NA3@docusign.net which contains a malicious url which redirecting to fake Microsoft page and asking for credentials, I feeling like it's a credential harvesting. Kindly let us know whether the sender address is legit and official email address of docusign or not.
You can login or register as either a Docusign customer or developer. If you don’t already have a Docusign customer or developer account, you can create one for free when registering.
You can login or register as either a Docusign customer or developer. If you don’t already have a Docusign customer or developer account, you can create one for free when registering.