diff --git a/src/imex.rs b/src/imex.rs
index 55ef80fec..bab2732eb 100644
--- a/src/imex.rs
+++ b/src/imex.rs
@@ -1095,6 +1095,10 @@ mod tests {
     const S_EM_SETUPCODE: &str = "1742-0185-6197-1303-7016-8412-3581-4441-0597";
     const S_EM_SETUPFILE: &str = include_str!("../test-data/message/stress.txt");
 
+    // Autocrypt Setup Message payload "encrypted" with plaintext algorithm.
+    const S_PLAINTEXT_SETUPFILE: &str =
+        include_str!("../test-data/message/plaintext-autocrypt-setup.txt");
+
     #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
     async fn test_split_and_decrypt() {
         let buf_1 = S_EM_SETUPFILE.as_bytes().to_vec();
@@ -1118,6 +1122,23 @@ mod tests {
         assert!(headers.get(HEADER_SETUPCODE).is_none());
     }
 
+    /// Tests that Autocrypt Setup Message encrypted with "plaintext" algorithm cannot be
+    /// decrypted.
+    ///
+    /// According to <https://datatracker.ietf.org/doc/html/rfc4880#section-13.4>
+    /// "Implementations MUST NOT use plaintext in Symmetrically Encrypted Data packets".
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_decrypt_plaintext_autocrypt_setup_message() {
+        let setup_file = S_PLAINTEXT_SETUPFILE.to_string();
+        let incorrect_setupcode = "0000-0000-0000-0000-0000-0000-0000-0000-0000";
+        assert!(decrypt_setup_file(
+            incorrect_setupcode,
+            std::io::Cursor::new(setup_file.as_bytes()),
+        )
+        .await
+        .is_err());
+    }
+
     #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
     async fn test_key_transfer() -> Result<()> {
         let alice = TestContext::new_alice().await;
diff --git a/test-data/message/plaintext-autocrypt-setup.txt b/test-data/message/plaintext-autocrypt-setup.txt
new file mode 100644
index 000000000..8a2a93998
--- /dev/null
+++ b/test-data/message/plaintext-autocrypt-setup.txt
@@ -0,0 +1,23 @@
+-----BEGIN PGP MESSAGE-----
+Passphrase-Format: numeric9x4
+Passphrase-Begin: .
+
+ww0EAAMIn48zz4/N5VLg0sJOAX7Qy8IyYgBlyt1KLS0tLS1CRUdJTiBQR1AgUFJJ
+VkFURSBLRVkgQkxPQ0stLS0tLQpBdXRvY3J5cHQtUHJlZmVyLUVuY3J5cHQ6IG11
+dHVhbAoKeFZnRVpjcmRTaFlKS3dZQkJBSGFSdzhCQVFkQUtNSUJtZTVLV2tCak5U
+ajBYTmZURUdTcEttclBzTEFJcUhFYQppQ01tVHgwQUFRRE53Z3R6T05Ed2MzVkF4
+M2wrcW0wRFVuMEpVZzVMYlVFWHNmY3NFMXdoYmcwZ3pSbEJiR2xqClpTQThZV3hw
+WTJWQVpYaGhiWEJzWlM1amIyMCt3b1FFRXhZSUFDd0ZBbVhLM1VvQ0d3SUNDd2ND
+RlFnQ0ZnSUMKSGdFV0lRUVhldDlUeXF4VndvY3hid05NaFdYVGRhaE40QUFLQ1JC
+TWhXWFRkYWhONElla0FRQ3FKUUlJelVxcworQmN3cW4zY2cvbm42b1Mvd2tNY3RF
+c3NNTytjN1VsQk13RUFyc09XbFNwbzVJWDZYbnl2ZmpoNldHb0hLSVArCjR5dXpj
+QlRkZTgyNEJnWEhYUVJseXQxS0Vnb3JCZ0VFQVpkVkFRVUJBUWRBYkplbkVUY3NM
+Q0o0b2dLa2Qxc28KeUg5Q0FFZ25qMmVEQVBQY2tyWnRsUnNEQVFnSEFBRC9iZUd0
+MFZEQ3laRkFEUUZPNXlEUFF3S1B3M3VGL1NSdApsd2o3WEZkMi9hQVJMc0o0QkJn
+V0NBQWdCUUpseXQxS0Foc0VGaUVFRjNyZlU4cXNWY0tITVc4RFRJVmwwM1dvClRl
+QUFDZ2tRVElWbDAzV29UZUNxelFFQWwzNVhjaENqSkV0dkI0bDVxdXVUMXZ5d1Bn
+Q0dyZVJnV01NbHVOaWEKTHY0QkFNRFVuSDZqMmJEWXA0cWc1V2V0R29WcW00UUha
+aUgyTlRYOUFmZk50clVPCj0wN2xkCi0tLS0tRU5EIFBHUCBQUklWQVRFIEtFWSBC
+TE9DSy0tLS0tCtMUxf1xDQmBgDtEozOxjZG4+GiJc+w=
+=jkSD
+-----END PGP MESSAGE-----