diff --git a/src/authres.rs b/src/authres.rs
index eb267ddc9..2b2555544 100644
--- a/src/authres.rs
+++ b/src/authres.rs
@@ -644,7 +644,6 @@ Authentication-Results: dkim=";
             .unwrap();
     }
 
-    #[ignore = "Disallowing keychanges is disabled for now"]
     #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
     async fn test_handle_authres_fails() -> Result<()> {
         let mut tcm = TestContextManager::new();
@@ -822,8 +821,7 @@ Authentication-Results: dkim=";
             .insert_str(0, "Authentication-Results: example.net; dkim=fail\n");
         let rcvd = bob.recv_msg(&sent).await;
 
-        // Disallowing keychanges is disabled for now:
-        // assert!(rcvd.error.unwrap().contains("DKIM failed"));
+        assert!(rcvd.error.unwrap().contains("DKIM failed"));
         // The message info should contain a warning:
         assert!(message::get_msg_info(&bob, rcvd.id)
             .await
diff --git a/src/decrypt.rs b/src/decrypt.rs
index 1165e3dd7..fa1232830 100644
--- a/src/decrypt.rs
+++ b/src/decrypt.rs
@@ -99,8 +99,7 @@ pub(crate) async fn prepare_decryption(
         from,
         autocrypt_header.as_ref(),
         message_time,
-        // Disallowing keychanges is disabled for now:
-        true, // dkim_results.allow_keychange,
+        dkim_results.allow_keychange,
     )
     .await?;
 
diff --git a/src/mimeparser.rs b/src/mimeparser.rs
index 5742e4cb1..d428fc080 100644
--- a/src/mimeparser.rs
+++ b/src/mimeparser.rs
@@ -325,8 +325,7 @@ impl MimeMessage {
             if let (Some(peerstate), Ok(mail)) = (&mut decryption_info.peerstate, mail) {
                 if message_time > peerstate.last_seen_autocrypt
                     && mail.ctype.mimetype != "multipart/report"
-                // Disallowing keychanges is disabled for now:
-                // && decryption_info.dkim_results.allow_keychange
+                    && decryption_info.dkim_results.allow_keychange
                 {
                     peerstate.degrade_encryption(message_time);
                 }
@@ -397,12 +396,11 @@ impl MimeMessage {
         parser.heuristically_parse_ndn(context).await;
         parser.parse_headers(context).await?;
 
-        // Disallowing keychanges is disabled for now
-        // if !decryption_info.dkim_results.allow_keychange {
-        //     for part in parser.parts.iter_mut() {
-        //         part.error = Some("Seems like DKIM failed, this either is an attack or (more likely) a bug in Authentication-Results checking. Please tell us about this at https://support.delta.chat.".to_string());
-        //     }
-        // }
+        if !parser.decryption_info.dkim_results.allow_keychange {
+            for part in parser.parts.iter_mut() {
+                part.error = Some("Seems like DKIM failed, this either is an attack or (more likely) a bug in Authentication-Results checking. Please tell us about this at https://support.delta.chat.".to_string());
+            }
+        }
 
         if parser.is_mime_modified {
             parser.decoded_data = mail_raw;