Is docusign.my.salesforce.com legit or a scam?
A verified Salesforce infrastructure domain used for official DocuSign integration and secure document workflows.
Analysis Summary
No threats detected
All checks passed. This site appears legitimate — but always stay alert for phishing even on trusted domains.
Website Preview

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.
MT Intelligence
The domain is a legitimate part of the Salesforce ecosystem, specifically a 'My Domain' subdomain used for the official DocuSign integration. Our analysis confirms the parent domain has been registered for over 27 years and is operated by a major publicly traded company. Technical scans show a valid SSL certificate and zero flags from our antivirus network. While some sandbox reports mention this URL, it is typically due to legitimate OAuth redirect flows during document signing processes. There are no credible scam reports or phishing indicators associated with this specific address.
Web Research Findings
Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for docusign.my.salesforce.com, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.
- docusign.my.salesforce.com is a legitimate subdomain under the salesforce.com domain infrastructure, used for customer-specific My Domain setups, API endpoints, and DocuSign for Salesforce integration redirects and OAuth flows.
- Salesforce and DocuSign maintain an official, long-standing integration (available on AppExchange) that involves connecting accounts, with documentation on support.docusign.com and salesforce.com.
- The domain appears in multiple Joe Sandbox malware analysis reports as a contacted URL during execution of samples (some classified malicious/phishing), typically in legitimate OAuth redirects (e.g., to account.docusign.com) or as part of b
- No dedicated scam reports, Trustpilot/ScamAdviser entries, or Reddit complaints specifically targeting docusign.my.salesforce.com were found; general Salesforce subdomain phishing exists but does not implicate this domain.
- Domain age of over 27 years (10074 days) aligns with Salesforce's established infrastructure; my.salesforce.com is documented in Salesforce Help as part of My Domain for login, Visualforce, and Lightning Experience.
- Phishing campaigns sometimes abuse Salesforce infrastructure (e.g., PhishForce vulnerability for emails), but this specific subdomain is not flagged as a typosquat or clone in available sources.
- Joe Sandboxopen
"docusign.my.salesforce.com unknown unknown"
Subdomain of salesforce.com (publicly traded company); used for official DocuSign-Salesforce integration and customer orgs
Antivirus Engines
Security Scans
Checked against the major public blocklists used by browsers and security tools — no hits.
Domain & Encryption
Server Reputation
Still, stay alert
No major threat indicators — but a clean scan does not guarantee every page is safe, and phishing emails routinely spoof real domains.
- Double-check the exact URL in your address bar
Confirm you are actually on docusign.my.salesforce.com and not a lookalike like d-ocusign.my.salesforce.com.com or an IDN homoglyph.
- Use a password manager
Password managers only auto-fill on the exact domain they were saved for — they refuse to fill lookalike domains, which is the single best phishing defence.
- OpenDiscuss this site on the forum
If you have first-hand experience with this site — good or bad — share it with the MalwareTips community.
Reputation Sources
How this domain rates across independent threat-intelligence and blocklist providers.
Safety FAQ
Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.
- Our automated security review found no threat indicators on docusign.my.salesforce.com. The site appears legitimate based on the signals we checked, but always stay alert for phishing emails that spoof real domains.
- docusign.my.salesforce.com passed our automated security checks with a trust score of 95/100. No antivirus engines or major blacklists flagged the site at the time of the last scan.
- Yes. docusign.my.salesforce.com presents a valid TLSv1.3 certificate issued by DigiCert Inc · DigiCert Global G2 TLS RSA SHA256 2020 CA1, expiring in 71 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
- docusign.my.salesforce.com is 27.6 years old, registered on 12/2/1998 through MarkMonitor Inc.. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
- No. All 0 antivirus engines in our malware network report docusign.my.salesforce.com as clean.
- No. docusign.my.salesforce.com is not currently listed on the major browser blocklist feeds that modern browsers use.
- docusign.my.salesforce.com resolves to an IP operated by Amazon Technologies Inc. in US (usage type: Data Center/Web Hosting/Transit). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
- This is a permanent record of the scan run on July 2, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around docusign.my.salesforce.com have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.
User reviews & comments(0)
Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.