Quick summary
A legitimate DocuSign email always comes from a verified @docusign.com sender address and includes a security code you can validate directly on DocuSign.com. Knowing how to spot the difference between a real DocuSign notification and a phishing email protects you from fraud and document signing scams.
Steps
- Open the email and check the sender's email address and the URL used in the message.
- Confirm the email originates from a DocuSign domain, typically ending in @docusign.com, and watch for slight variations or misspellings that signal a fake.
- Review the email content to ensure it addresses you by name, uses professional language, and includes specific details such as the sender's name, email, and document title.
- Check that the email contains a link to view or sign the document that directs you to a secure DocuSign site.
- Locate the security footer in the email, then go to DocuSign.com and click Access Documents to enter the security code.
- Click Go to submit the security code and proceed with verification.
- Confirm the document loads correctly through the security code lookup, which proves the email is legitimate.
- Check that the email contains no attachments — genuine DocuSign emails link to documents rather than attaching them, so any attachment is a red flag.
- If still uncertain, visit the DocuSign Trust Center for additional guidance on identifying fraudulent emails.
