diff --git a/CHANGELOG.md b/CHANGELOG.md
index f440d5549..2f0b0cafc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -35,6 +35,8 @@
 
 ### Changes
 - allow sender timestamp to be in the future, but not too much
+- Disable the new "Authentication-Results/DKIM checking" security feature
+  until we have tested it a bit #3728
 - refactorings #3706
 
 ### Fixes
diff --git a/src/authres.rs b/src/authres.rs
index d1a31636f..12345526b 100644
--- a/src/authres.rs
+++ b/src/authres.rs
@@ -644,6 +644,7 @@ Authentication-Results: box.hispanilandia.net; spf=pass smtp.mailfrom=adbenitez@
             .unwrap();
     }
 
+    #[ignore = "Disallowing keychanges is disabled for now"]
     #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
     async fn test_handle_authres_fails() -> Result<()> {
         let mut tcm = TestContextManager::new();
diff --git a/src/decrypt.rs b/src/decrypt.rs
index c2c67a4f8..af4c18adb 100644
--- a/src/decrypt.rs
+++ b/src/decrypt.rs
@@ -79,7 +79,8 @@ pub async fn prepare_decryption(
         from,
         autocrypt_header.as_ref(),
         message_time,
-        dkim_results.allow_keychange,
+        // Disallowing keychanges is disabled for now:
+        true, // dkim_results.allow_keychange,
     )
     .await?;
 
diff --git a/src/mimeparser.rs b/src/mimeparser.rs
index c87c627e2..1a3490ad1 100644
--- a/src/mimeparser.rs
+++ b/src/mimeparser.rs
@@ -298,7 +298,8 @@ impl MimeMessage {
                     if let Some(peerstate) = &mut decryption_info.peerstate {
                         if message_time > peerstate.last_seen_autocrypt
                             && mail.ctype.mimetype != "multipart/report"
-                            && decryption_info.dkim_results.allow_keychange
+                        // Disallowing keychanges is disabled for now:
+                        // && decryption_info.dkim_results.allow_keychange
                         {
                             peerstate.degrade_encryption(message_time);
                             peerstate.save_to_db(&context.sql, false).await?;
@@ -372,11 +373,12 @@ impl MimeMessage {
         parser.heuristically_parse_ndn(context).await;
         parser.parse_headers(context).await?;
 
-        if !decryption_info.dkim_results.allow_keychange {
-            for part in parser.parts.iter_mut() {
-                part.error = Some("Seems like DKIM failed, this either is an attack or (more likely) a bug in Authentication-Results checking. Please tell us about this at https://support.delta.chat.".to_string());
-            }
-        }
+        // Disallowing keychanges is disabled for now
+        // if !decryption_info.dkim_results.allow_keychange {
+        //     for part in parser.parts.iter_mut() {
+        //         part.error = Some("Seems like DKIM failed, this either is an attack or (more likely) a bug in Authentication-Results checking. Please tell us about this at https://support.delta.chat.".to_string());
+        //     }
+        // }
         if warn_empty_signature && parser.signatures.is_empty() {
             for part in parser.parts.iter_mut() {
                 part.error = Some("No valid signature".to_string());