diff --git a/lib/interac_email.rb b/lib/interac_email.rb
index b7212529f9295b2186fc924ce30c4afcf011fcf4..b12b045da6a9444f56d0d58a5c3b0c9f33c85ac9 100644
--- a/lib/interac_email.rb
+++ b/lib/interac_email.rb
@@ -20,6 +20,9 @@ class InteracEmail
 
 		NoSpam = err "No Spam Status"
 		BadSPF = err "Don't trust SPF"
+		NoAuth = err "Authentication header missing"
+		BadAuth = err "Authentication header isn't a pass"
+		BadDomain = err "Authentication header isn't for the right domain"
 		BadDKIM = err "Don't trust DKIM"
 		NoDKIM = err "No DKIM Signature somehow..."
 		WrongDKIM = err "DKIM Signature is for a different domain"
@@ -94,7 +97,8 @@ class InteracEmail
 		end
 
 		def ensure_safe
-			ensure_spam_checks
+			# ensure_spam_checks
+			ensure_authentication_header
 			ensure_dkim
 		end
 
@@ -114,6 +118,20 @@ class InteracEmail
 			raise Error::BadDKIM, @m unless spam.include?("DKIM_VALID_AU")
 		end
 
+		def authentication_header
+			@m["Authentication-Results"]&.value
+		end
+
+		HEADER_REGEX = /\sheader.d=payments.interac.ca\s/.freeze
+
+		def ensure_authentication_header
+			auth = authentication_header
+
+			raise Error::NoAuth, @m unless auth
+			raise Error::BadAuth, @m unless auth =~ /\sdkim=pass\s/
+			raise Error::BadDomain, @m unless auth =~ HEADER_REGEX
+		end
+
 		def dkim_header
 			@m["DKIM-Signature"]
 				&.value