diff --git a/matrix-sdk-android/src/main/java/im/vector/matrix/android/internal/crypto/verification/VerificationMessageLiveObserver.kt b/matrix-sdk-android/src/main/java/im/vector/matrix/android/internal/crypto/verification/VerificationMessageLiveObserver.kt
index f75a11cdcb..9a9cf9a420 100644
--- a/matrix-sdk-android/src/main/java/im/vector/matrix/android/internal/crypto/verification/VerificationMessageLiveObserver.kt
+++ b/matrix-sdk-android/src/main/java/im/vector/matrix/android/internal/crypto/verification/VerificationMessageLiveObserver.kt
@@ -70,12 +70,23 @@ internal class VerificationMessageLiveObserver @Inject constructor(
                 }
                 .toList()
 
+        // TODO use age also, ignore initial sync or back pagination?
+        val now = System.currentTimeMillis()
+        val tooInThePast = now - (10 * 60 * 1000 * 1000)
+        val tooInTheFuture = System.currentTimeMillis() + (5 * 60 * 1000 * 1000)
+
         events.forEach { event ->
             Timber.d("## SAS Verification live observer: received msgId: ${event.eventId} msgtype: ${event.type} from ${event.senderId}")
             Timber.v("## SAS Verification live observer: received msgId: $event")
 
+            // If the request is in the future by more than 5 minutes or more than 10 minutes in the past,
+            // the message should be ignored by the receiver.
+            val eventOrigin = event.originServerTs ?: -1
+            if (eventOrigin < tooInThePast || eventOrigin > tooInTheFuture) {
+                Timber.d("## SAS Verification live observer: msgId: ${event.eventId} is out of time ^^")
+                return@forEach
+            }
             // decrypt if needed?
-
             if (event.isEncrypted() && event.mxDecryptionResult == null) {
                 // TODO use a global event decryptor? attache to session and that listen to new sessionId?
                 // for now decrypt sync
@@ -103,8 +114,6 @@ internal class VerificationMessageLiveObserver @Inject constructor(
                 }
                 EventType.MESSAGE               -> {
                     if (MessageType.MSGTYPE_VERIFICATION_REQUEST == event.getClearContent().toModel<MessageContent>()?.type) {
-                        // TODO  If the request is in the future by more than 5 minutes or more than 10 minutes in the past,
-                        // the message should be ignored by the receiver.
                         sasVerificationService.onRoomRequestReceived(event)
                     }
                 }