What is the right and appropriate to sign a document or form?

I often receive documents that has to be filled and signed. These PDF files can be edited via Adobe Acrobat. But I do the filling and signing in the old-fashioned way (I sound as if there is a modern way BTW): first I fill in where I can by typing in the PDF file, then I print the document and then I sign it. I can add a signature in the PDF file by choosing a picture (a scan) of my hand-written signature but I don’t want to do it because one of the organizations in the past rejected it and they asked me to print it out and then sign it and then scan it and then send it. Since then I never put my signature in the PDF file via computer.

But I often feel bad and anxious about sending and receiving this type of forms and documents because I am not sure what they prefer and they are never explicit about what they want. This is very frustrating.

What is the right way to do? Should I keep doing this print-out-sign-and-then-scan routine because it guarantees no one complains?

Signatures are about 90% security theatre. Scanned signatures are 100% security theatre, and not worth the electrons it takes to send them. My frequent practice, when required to email a scanned signed form is to photoshop the scanned copy I have on my computer onto it because I find it easier than elbowing my family off the Computer That Scans, finding paper, making sure there’s toner, and so on. There is absolutely no way that they can tell the difference.

Any application in which the signature is not security theatre will either:

  • Tell you to mail them the original, or
  • Make you sign in front of a witness. Or both.

Which is not to say that you’re all free and clear to scam organisations that you’ve sent scanned forms to, by maintaining that you didn’t sign them/agree to whatever is in them. Mostly they have pretty good evidence that you agreed to whatever’s in the form because you send the forms back from your own email address. But you might as well sign with a big X for all the difference that an actual signature makes.

I just sent a ‘signed’ PDF off relating to a holiday booking. I suppose that adding a scanned signature is a more positive act than ticking a box; we all tick that one that says “I have read and understood… etc” without a second thought. Maybe it’s time someone came up with something better.

I once received a PDF form for signature. I signed it electronically and returned it via email. Their response: we don’t accept electronically signed documents, I had to fax it to them!:dubious:. I forwarded the PDF to my eFax service and all was good.

I sign virtually everything electronically these days either with Adobe or DocuSign. No reason to get anxious over them being arbitrary

My gf frequently forgets her reading glasses, so I wind up signing for her credit card purchases. Although I’m not a forger by trade, I do a reasonable facsimile of her sig. There’s never been a problem.

I’m not sure about right/appropriate, but i often use a .png image of my actual signature, inserted as a picture. It’s blue ink on a transparent background… looks real enough. :slight_smile:

I think there was a similar Dilbert cartoon. “We don’t accept photocopies, only the originals. If you are in a hurry, you can fax them to us instead.”

The purpose of a signature isn’t to prove that you’re really you (there are electronic means of doing that which are much more reliable). The purpose of a signature is to make sure that the person signing it understands that what’s in the document is Serious Business.

I once spent about an hour in Gimp figuring out how to get the scan of my signature just right, for including in electronic forms… before discovering that Preview (the Mac application used for viewing PDFs) could do a better job of it, in about ten seconds.

DocuSign is really good about this, but I’m sure signatures are still basically security theater when signed with nobody watching you do it. Even DocuSign lets you copy-and-paste an old signature instead of going through the motions each time.

On PDFs I use my scanned signature. DocuSign, I don’t even bother with the charade. The upside is that you can actually read my name :grin:

The U.S. has adopted the Electronic Signatures in Global and National Commerce Act (ESIGN) Act which basically says that if the two parties agree to enter a contract electronically, they can. Under the Act, any “electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record” counts as a signature. So if you copied your signature onto a PDF with the intent to sign the document, it counts.


The electronic signature just proves intent to enter a contract. Proving it was you who signed the contract is a different matter but that’s true anytime people enter a contract. Different companies have different ways of establishing who entered a contract. For example, a company may feel fine accepting a contract from me if they know an email is mine (like my work email), and they email me a link to a secure website for uploading the document. Another company might ask questions that presumably only I would know, like confirming addresses I’ve lived at and my mother’s middle name. Another might think a scan of my driver’s license is good enough.

To enforce the contract, the company just needs to prove by the preponderance of the evidence that it was you who entered the contract. In most cases, there are no disputes about contracts. In the minority of cases where there is a dispute about the contract, both parties usually agree that they had a contract but they disagree about what it required the parties to do. Only in a tiny minority of cases does one party say they didn’t have a contract at all. In that case, the company trying to enforce the contract will use the evidence above to prove it was you who agreed to the contract.

Comment here, not a complaint: if there is one universal truth about humans, it’s that no matter what you do, nothing guarantees that no one complains.

In the UK, drivers licences have become defacto ID’s. There is no way I would send a scan of mine to anyone. Same for my passport.

The most common authentication method I see is where they send an email with a link that I have to click.

You left out digital signatures using PKI Securoty certificates. I sign documents with a chip-enabled ID card. PDF documents signed this way cannot be editted later. If they are not original files (like someone trying to print the document, then scan, then use that pdf) the signatures will not have tje green authentication check mark. The receiver will know the document doea not have an original electronic signature. These forms can be copied and emailed as many times as needed. As long as the form is not altered, the signature Adobe recognies the signature as valid.
There is no copy/pasting with this system. And in order to sign, the signer needs to have the smart card and the PIN. Two-level authentication… Something you hae and something you know.
By far the best and most reliable form of signing a document.

What happens if someone edits in an image of a green checkmark?

The reason why I don’t think those sort of digital signatures (ie, “real” digital signatures) are going to catch on is that it’s a bunch of work on behalf of the signer, but the person who has an interest in the signature being secure is not the signer, but the receiver.

Unless the receiver is demanding a really secure signature, there’s no particular reason for you to put yourself to any bother to provide one. And if the receiver does start to demand this sort of signature, then they just get pushback from the general public - ‘why are you making us go to all this trouble? Why are signatures suddenly not good enough for you?’ (answer: because Photoshop. But a lot of people will take a fair amount of convincing on that front)

For most situations, “this agreement to XYZ came from the email of Joe Blow” is pretty good evidence that Joe Blow agreed to XYZ - much better than the scanned emailed signature that people frequently request - and organisations who have a real interest in ensuring the validity of signatures (eg, lawyers) seem to be quite happy with their current protocols for validation (stick it in the post). Real electonic signatures are pretty niche.

The green check is part of Adobe itself, and not the document. If that makes sense? Its produced by the application, not merely an age on the document. The digital signature is clickable. Adobe will tell you if it is trusted and/or valid. Think of the check as an icon with the Adobe program, not merely clipart on the document.

… with that said, understand yhat the digitally signed document is only infallable in its digital form. A paper copy of tue signed document could indeed be a forgery. This isn’t an issue for documents that mostly stay in the cloud or get shared and processed theough various digital means.

The process Im describing is what’s used across the federal government and military. I agree that it will be a long time, if ever, for it to catch on publicly.
But for a large corporation that needs a lot of internal memos and documents approved with a high degree of certainty the signatures are real and valid, it could make sense for them to adopt such a system.
I also had a Korean bank account that did a similar thing. They issued a Security Certificate on a thumb drive to the customers. Needed to have that certificate installed on any computer I intended to access the account with or sign and documents. Without that certificate and the PIN for it, I couldnt sign a loan application or access my accoubt, etc.