Threat actors are abusing DocuSign's Envelopes API to create and mass-distribute ... standard reporting email addresses like abuse@ or admin@ work," a customer posted to the DocuSign forums.