I have experienced that if I receive an eSignature mail requesting my signature, I can forward that mail to another person (not any delegation, just forwarding the mail) and this person can expand the eSignature link, get my signature fields displayed and completed with “click-to-sign”. When the document is completed it is my signature that will appear in the document, despite the fact that I have not signed it, but the person I forwarded the mail to. There is no trace anywhere that someone else than I have signed. Can this be correct?
That is expected behavior as the signingUrl has a signing token that is generated for you. It is your responsibility to keep track of the signing process if you forwarded the email.
If someone else needs to validate the package with you, he can be added as a reviewer on the package.
If you would like to assign signing responsibilities for someone else, you should use the change signer feature.
If your concern is about security, and if someone else can listen to your emails, the solution will be:
_ Either use 2 factor authentication like SMS or Q&A
_ Or disable eSignLive emails, get the signingUrl through integration, and deliver it through your email system to your signers.
Yes, my concern is about security and I see that SMS will solve the authentication. But how can I disable eSignLive emails and use my own eMail distribution? What is to get the signingUrl through integration