Cybercriminals are abusing DocuSign APIs to send bogus email messages that bypass protections such as spam and phishing filters.