diff --git a/src/imessage/aps_client.rs b/src/imessage/aps_client.rs
index 5d952aa..8e14e15 100644
--- a/src/imessage/aps_client.rs
+++ b/src/imessage/aps_client.rs
@@ -250,8 +250,12 @@ impl IMClient {
             target: Some(target),
             ..
         } = &payload {
-            if error_string == "ec-com.apple.messageprotection-802" {
-                // refreshing identity cache can fix this
+            if error_string.starts_with("ec-com.apple.messageprotection-") {
+                // refreshing identity cache can fix this; previously this only
+                // matched "-802" but the same recovery path also resolves "-6"
+                // (signature/decrypt verification failed) and other recoverable
+                // message-protection codes that indicate a stale per-device
+                // session key. See discussion in openbubbles-app#206.
                 let mut cache_lock = self.identity.cache.lock().await;
                 cache_lock.invalidate(&target, &sender);
             }