diff --git a/specification/modules/end_to_end_encryption.rst b/specification/modules/end_to_end_encryption.rst
index 078b3f99..50a14f72 100644
--- a/specification/modules/end_to_end_encryption.rst
+++ b/specification/modules/end_to_end_encryption.rst
@@ -360,6 +360,11 @@ The plaintext payload is of the form:
      "type": "<type of the plaintext event>",
      "content": "<content for the plaintext event>",
      "room_id": "<the room_id>",
+     "sender": "<sender_user_id>",
+     "recipient": "<recipient_user_id>",
+     "recipient_keys": {
+       "ed25519": "<our_ed25519_key>"
+     },
      "keys": {
        "ed25519": "<sender_ed25519_key>"
      }
@@ -370,6 +375,12 @@ The type and content of the plaintext message event are given in the payload.
 We include the room ID in the payload, because otherwise the homeserver would
 be able to change the room a message was sent in.
 
+Other properties are included in order to prevent an attacker from publishing
+someone else's curve25519 keys as their own and subsequently claiming to have
+sent messages which they didn't.
+``sender`` must correspond to the user who sent the event, ``recipient`` to
+the local user, and ``recipient_keys`` to the local ed25519 key.
+
 Clients must confirm that the ``sender_key`` and the ``ed25519`` field value
 under the ``keys`` property match the keys returned by |/keys/query|_ for
 the given user, and must also verify the signature of the payload. Without