diff --git a/src/omemo/omemo.c b/src/omemo/omemo.c
index f9878ac3..4b65aebb 100644
--- a/src/omemo/omemo.c
+++ b/src/omemo/omemo.c
@@ -724,6 +724,8 @@ omemo_on_message_send(ProfWin *win, const char *const message, gboolean request_
 
     GList *device_ids_iter;
 
+    omemo_ctx.identity_key_store.recv = false;
+
     GList *recipients_iter;
     for (recipients_iter = recipients; recipients_iter != NULL; recipients_iter = recipients_iter->next) {
         GList *recipient_device_id = NULL;
@@ -888,6 +890,8 @@ omemo_on_message_recv(const char *const from_jid, uint32_t sid,
         goto out;
     }
 
+    omemo_ctx.identity_key_store.recv = true;
+
     if (key->prekey) {
         log_debug("OMEMO: decrypting message with prekey");
         pre_key_signal_message *message;
@@ -923,6 +927,9 @@ omemo_on_message_recv(const char *const from_jid, uint32_t sid,
         }
     }
 
+    omemo_ctx.identity_key_store.recv = false;
+    *trusted = omemo_ctx.identity_key_store.trusted_msg;
+
     session_cipher_free(cipher);
     if (res != 0) {
         log_error("OMEMO: cannot decrypt message key");
diff --git a/src/omemo/store.c b/src/omemo/store.c
index 3e602c2a..04704a0e 100644
--- a/src/omemo/store.c
+++ b/src/omemo/store.c
@@ -362,6 +362,11 @@ save_identity(const signal_protocol_address *address, uint8_t *key_data,
 {
     identity_key_store_t *identity_key_store = (identity_key_store_t *)user_data;
 
+    if (identity_key_store->recv && !identity_key_store->trusted_msg) {
+        /* Do not trust identity automatically */
+        return SG_SUCCESS;
+    }
+
     signal_buffer *buffer = signal_buffer_create(key_data, key_len);
 
     GHashTable *trusted = g_hash_table_lookup(identity_key_store->trusted, strdup(address->name));
@@ -390,9 +395,18 @@ is_trusted_identity(const signal_protocol_address *address, uint8_t *key_data,
     int ret;
     identity_key_store_t *identity_key_store = (identity_key_store_t *)user_data;
 
+    if (identity_key_store->recv) {
+        return true;
+    }
+
     GHashTable *trusted = g_hash_table_lookup(identity_key_store->trusted, address->name);
     if (!trusted) {
-        return 0;
+        if (identity_key_store->recv) {
+            identity_key_store->trusted_msg = false;
+            return 1;
+        } else {
+            return 0;
+        }
     }
 
     signal_buffer *buffer = signal_buffer_create(key_data, key_len);
diff --git a/src/omemo/store.h b/src/omemo/store.h
index fd52c0b9..f3a9274a 100644
--- a/src/omemo/store.h
+++ b/src/omemo/store.h
@@ -48,6 +48,7 @@ typedef struct {
    signal_buffer *private;
    uint32_t registration_id;
    GHashTable *trusted;
+   bool recv;
 } identity_key_store_t;
 
 GHashTable * session_store_new(void);