In order to determine the legitimacy of a RightSignature email for a document that you need to review and sign, there are a few things you need to verify.
1. Verify that the sender address actually came from firstname.lastname@example.org and not some other email.
Since domain spoofing an email address is a possibility, you can always click "Reply" and verify that your email will actually be sent to the email address of the sender.
*In domain spoofing, the reply-to address would be different than the sender address*
Ex. of it being legitimate:
2. Compare the structure of the email to legitimate RightSignature documents you have received in the past.
As you can see, the following RighSignature email addresses me by my first name, has a reference number, signer(s), a status, an expiration date, the sender, and details at the bottom. This is how all legitimate RightSignature emails are structured.
3. Hover over the "REVIEW & SIGN DOCUMENT" button with your mouse to make sure it takes you to "secure.rightsignature.com".
The secure.rightsignature.com portion of the URL is all you need to verify.
*On mobile devices, simply press and hold the button for approximately 3 seconds*
Once these 3 main things have been verified, you are good to go ahead and proceed.
If you are still unsure, it is always best practice to contact the sender directly and verify that they did in fact send you the email.
In my examples, I received this RightSignature document from Adam. I could always call him on the phone or send him an email to verify that the document did in fact come from him.