
Show HN: Free PDF signing over email - eschutte2
https://signandreturn.com/
======
eschutte2
I heard that you should be embarrassed by the first version of your product.
Well, today I'm delighted to announce that I'm positively humiliated by the
first version of this free tool that I made for myself.

It's a super-simple e-signing application for PDFs that works over email.
Email it a PDF and it'll email you back a link to edit it. Or, if you're
sending someone a PDF, cc: it (free@signandreturn.com) and it'll take care of
the rest.

It's an experiment in how much UI I can remove from the process of getting a
document signed.

Ideas for improvements? Let me hear them! Maybe with your help I can
unembarrass myself.

EDIT: Need a sample PDF? Here's one:
[https://dl.dropboxusercontent.com/u/6821374/samplecontract.p...](https://dl.dropboxusercontent.com/u/6821374/samplecontract.pdf)

~~~
botw
pdf to webpage and write it back as pdf. what tech stack are you using?

~~~
eschutte2
Oh hey, sorry, hadn't checked this thread in a while. It's Node, using
ImageMagick for the page images and pdftk to assemble the final PDF. All the
interesting bits (in my view, because email is mysterious to me) are handled
by Mailgun [http://www.mailgun.com/](http://www.mailgun.com/) which I've been
very happy with so far.

~~~
botw
oh so there is no pdf2html involved. just image overlay. do you plan to open
source this tool?

------
pstatho
Just tried it out and looks pretty good, nice work!

My business account is on Office 365 and the emails that come in from the
system go into my Junk folder. I took a quick look at the headers and didn't
notice anything obvious. Perhaps the body is to short and with the link it
looks suspicious??

Other than that, I got 2 email notifications that the email is available and
then another 2 emails with the success after the signature.

~~~
eschutte2
Thanks for trying it - I'll look into both the spam issue and the duplicate
emails. Did you send the email to yourself? Maybe it's not handling that
properly. The spam report is very helpful.

------
leeuwnhawk
Works just as intended. I work in a startup where we constantly have to send
invoices and contracts to our users, and this service could really alleviate
the hassles of legality at our end.

------
stephenr
I haven't got to try this yet because I haven't received any email yet.

Can you explain some of the technical details - how/where are signatures
stored? Are they encrypted when stored?

For example on OS X, Preview.app has had the ability to add a signature to a
PDF (t's part of annotations) for many years, and the actual signature is
stored in the OS X Keychain (which also means it gets synced if you use iCloud
Keychain).

~~~
eschutte2
Thanks for checking it out. Is it possible something went to your spam folder?
I don't have enough data yet to know how spam filters are going to handle
these emails.

Re: signatures, they're not saved in the browser at all (yet), and they exist
on the server in the form of temporary files that are deleted after the final
email is sent. As it exists right now, the solution is "security-free." Don't
use it for anything sensitive.

That raises an interesting idea - maybe I can have v2.0 generate and send the
final PDF directly from the browser. You would still have your signature in a
PDF going over email. Until I add optional "sign in" and secure download, the
email aspect is going to be a weak point.

As you mention, if you're on OS X, Preview is the best software-based solution
I know of. Even there, it seems like every time I try to stamp a PDF with
Preview something goes wrong. This solution also removes a few steps even from
that workflow--namely any concept of dealing with files and their location--
and works basically the same on most devices.

Thanks again, I appreciate your feedback.

~~~
stephenr
My main concern would be the signature sitting somewhere for someone to grab
and apply to documents. In theory they can do that from a pdf too but it's
much simpler if they have the original vector of the signature.

I can't say I've had issues with preview signatures for a while - I have a
signature and initials captured and they pretty much just work.

It would be nice to be able to suggest something to people without that option
though (eg Windows using clients) - any chance you'd open source it to allow
self-hosting?

~~~
eschutte2
Yes, I will open source it. I just need to get mail server integration and a
sane install process nailed down first.

------
botw
Nice idea. I thought about esign several years ago but never nailed it as a
service like this. Great job!

------
johnnyg
Neat. I'm taking this for a spin now.

~~~
johnnyg
So this worked as I expected it to.

UI wise it'd be nice to click an area of the PDF and be prompted for the kind
of input I wish to create on that spot, but I survived.

Admin wise it'd be nice to be able to say "and don't allow them to click OK
without having placed at least X signatures".

I pitched this to our IT team and our HIPAA compliance team. Their issue was
they don't want NDAs and similar things they sign in the cloud. "If they would
open source this or sell us a self hosted version, we'd use it and it'd be
better than what we do today."

It'd be nice to be able to get an identifier in the subject line that'd let me
parse out documents received back from people by person. I can see how sending
this out to 60 people would become unwieldy. Perhaps that's how you "get em"
\- you allow this for free but you have to create an account to organize all
you've sent.

The number of companies who send me a doc file to enter my cc info in and send
back to them is endemic. If I as a business owner and credit card holder could
turn it into a PDF, use this service to fill it out and securely send it back,
it'd be good. I suspect this isn't the killer use case, but I mention it.

This is a legit and useful idea. Have an upvote.

~~~
eschutte2
Hey thanks for these comments, this is great.

Click-on-document to add an element is good, I definitely need to add that.

As I'm sure you know, there's a tradeoff between it being dead easy and
therefore free-form, vs a) more secure or b) guided ("need signature page 4"),
since those both require additional interactions on one end or the other. I
started with the minimal case but I do want to offer more sophisticated
features as an option.

A self-hosted version is an interesting idea, hadn't thought of it, but should
be able to do it.

I'll address some of these items as soon as I have time. Thanks a lot for
writing up your thoughts.

