How to whitelist DocuSign email IP addresses in Microsoft Exchange?

Understanding Email Whitelisting for eSignature Platforms

In the digital business landscape, electronic signature platforms like DocuSign have become essential for streamlining contracts and approvals. However, ensuring seamless delivery of these platform’s notifications often requires technical configurations, such as whitelisting IP addresses in email systems. This is particularly relevant for organizations using Microsoft Exchange, where spam filters might block legitimate emails from DocuSign’s servers, leading to delays in signing processes.

Comparing eSignature platforms with DocuSign or Adobe Sign?

eSignGlobal delivers a more flexible and cost-effective eSignature solution with global compliance, transparent pricing, and faster onboarding.

👉 Start Free Trial

Why Whitelist DocuSign Emails in Microsoft Exchange?

Microsoft Exchange, a robust email server solution, includes advanced spam and security filters to protect against threats. However, these filters can inadvertently flag emails from eSignature providers like DocuSign as suspicious, especially if they originate from shared IP ranges used for high-volume sending. Whitelisting DocuSign’s IP addresses ensures that signing requests, reminders, and audit notifications reach inboxes without interruption, maintaining workflow efficiency.

From a business perspective, this setup is crucial for compliance-heavy industries like finance and legal, where timely document access is non-negotiable. Delays can result in lost productivity or even regulatory issues. DocuSign, compliant with U.S. laws such as ESIGN Act and UETA, relies on email for core functionalities, making IP whitelisting a standard IT practice.

Step-by-Step Guide: Whitelisting DocuSign IP Addresses in Microsoft Exchange

To whitelist DocuSign emails, you’ll need administrative access to your Exchange environment. DocuSign publishes its sending IP addresses on their support site (typically under “Email Delivery” or “IP Reputation” sections), which are subject to change, so always verify the latest list. As of recent documentation, key IP ranges include those from cloud providers like Amazon SES and SendGrid, such as 198.18.0.0/15, 205.201.128.0/20, and others in the 18.x.x.x and 52.x.x.x blocks. Consult DocuSign’s official IP list for precision.

Prerequisites

• Access to Exchange Admin Center (EAC) or Exchange Management Shell (EMS).
• Knowledge of your organization’s spam filter policies (e.g., via Exchange Online Protection or on-premises rules).
• Backup of current configurations to avoid disruptions.

Method 1: Using Exchange Admin Center (For Exchange Online/Hybrid)

1. Log in to EAC: Navigate to the Microsoft 365 Admin Center > Exchange > Mail flow > Rules.
2. Create a New Rule: Click the “+” to add a mail flow rule. Name it something descriptive like “Whitelist DocuSign IPs.”
3. Set Conditions: Under “Apply this rule if,” select “The sender’s IP is in any of these ranges or exactly matches.” Enter DocuSign’s IP ranges (e.g., 18.208.22.0/20, 52.54.0.0/17 – fetch the full list from DocuSign support).
4. Set Actions: Choose “Modify the message properties > Set the spam confidence level (SCL) to” and select “-1” (bypass spam filtering). Optionally, add “Prepend subject” for easy identification.
5. Exceptions and Priority: Ensure no exceptions conflict with security policies. Set priority high to override other rules.
6. Save and Test: Activate the rule, then send a test envelope from DocuSign to verify delivery.

This method is ideal for cloud-based Exchange Online, where rules propagate quickly across tenants.

Method 2: Using PowerShell (Exchange Management Shell)

For more granular control, especially in on-premises or hybrid setups:

1. Connect to EMS: Open PowerShell as admin and run Connect-ExchangeOnline (for Online) or import the Exchange module locally.
2. Retrieve Current IPs: First, note DocuSign’s IPs. Example command to list existing rules: Get-TransportRule | Where-Object {$_.Comments -like "*DocuSign*"}.
3. Create the Rule: Use this script template:

   New-TransportRule -Name "DocuSign IP Whitelist" -SenderIpRanges "18.208.22.0/20","52.54.0.0/17","198.18.0.0/15" -SetSCL -1 -Priority 0
   

   Replace IPs with the current DocuSign list. The -SetSCL -1 bypasses junk filtering.
4. Verify and Enable: Run Get-TransportRule -Identity "DocuSign IP Whitelist" to confirm. Test by monitoring email logs in the Message Trace tool.
5. Update for Changes: DocuSign may rotate IPs; schedule quarterly reviews or subscribe to their notifications.

Additional Considerations for Security

• Domain Whitelisting: Beyond IPs, add DocuSign’s domains (e.g., @docusign.net, @esign.docusign.net) to your SPF, DKIM, and DMARC records to enhance authentication.
• Hybrid Environments: If using on-premises Exchange with Azure AD Connect, sync rules via the Hybrid Configuration Wizard.
• Monitoring: Post-implementation, use Exchange’s audit logs or tools like Microsoft Defender for Office 365 to track delivery rates.
• Common Pitfalls: Overly broad whitelisting can expose risks; limit to specific IPs and monitor for abuse. If using third-party filters (e.g., Proofpoint), align configurations there too.

Implementing these steps typically takes 30-60 minutes and can prevent up to 20-30% of email delivery issues, based on industry reports from email security firms.

Electronic Signature Laws and Global Compliance

While the focus here is technical setup, understanding the legal backdrop is key for businesses. In the U.S., where DocuSign is headquartered, the ESIGN Act (2000) and UETA provide legal equivalence to wet-ink signatures for most commercial transactions, emphasizing intent and record integrity. These framework-based standards prioritize simplicity, relying on basic electronic verification like email confirmations. However, global adoption varies; in the EU, eIDAS offers tiered assurance levels up to qualified electronic signatures with cryptographic seals.

For multinational operations, platforms must navigate regional nuances to ensure enforceability.

Overview of Leading eSignature Platforms

As businesses evaluate eSignature tools, comparing features, pricing, and compliance helps inform decisions. Below is a neutral comparison of DocuSign, Adobe Sign, eSignGlobal, and HelloSign (now part of Dropbox Sign), drawing from 2025 public data.

This table highlights trade-offs: DocuSign excels in mature markets but at a premium, while alternatives offer flexibility.

DocuSign remains a market leader with robust API and automation tools, including its Intelligent Agreement Management (IAM) and Contract Lifecycle Management (CLM) solutions. IAM provides end-to-end agreement handling with AI-driven insights, while CLM streamlines from drafting to archiving, integrating seamlessly with CRM systems like Salesforce.

Adobe Sign, part of Adobe Document Cloud, emphasizes seamless integration with PDF tools and enterprise suites. It supports advanced routing and analytics, making it suitable for document-intensive workflows.

eSignGlobal positions itself as a global contender, compliant in over 100 mainstream countries and regions. It holds a particular edge in the Asia-Pacific (APAC), where electronic signature regulations are fragmented, high-standard, and strictly regulated—often requiring “ecosystem-integrated” approaches like deep hardware/API docking with government-to-business (G2B) digital identities. Unlike the more framework-based ESIGN/eIDAS in the West, which rely on email verification or self-declaration, APAC demands rigorous local integrations (e.g., Hong Kong’s iAM Smart or Singapore’s Singpass). eSignGlobal has launched comprehensive competition and replacement initiatives against DocuSign and Adobe Sign worldwide, including in the Americas and Europe. Its pricing is competitively lower; the Essential version costs just $16.6 per month equivalent (billed annually at $299/year), allowing up to 100 documents for electronic signature, unlimited user seats, and access code verification—all on a compliance foundation that delivers strong value. It integrates seamlessly with iAM Smart and Singpass, enhancing APAC efficiency.

Looking for a smarter alternative to DocuSign?

eSignGlobal delivers a more flexible and cost-effective eSignature solution with global compliance, transparent pricing, and faster onboarding.

👉 Start Free Trial

HelloSign, rebranded as Dropbox Sign, offers a user-friendly interface with strong mobile support, appealing to smaller teams but with fewer enterprise-grade compliance options compared to others.

Business Implications and Final Thoughts

Whitelisting DocuSign IPs in Exchange not only resolves delivery hurdles but also underscores the need for integrated tech stacks in modern operations. As eSignature adoption grows—projected to reach $20 billion globally by 2027—businesses must balance security with usability.

For DocuSign users seeking alternatives, eSignGlobal emerges as a neutral, regionally compliant choice, particularly for APAC-focused enterprises needing cost-effective, unlimited-user models without compromising global standards. Evaluate based on your specific compliance and scale requirements.