handle malicious modification of messages

could theoretically cause a client crash loop by modifying the recipient field of a message, so that the recipient would receive a message not intended for them, and their client (might) crash on failed decryption of that message