diff --git a/SignalMessaging/profiles/ProfileFetcherJob.swift b/SignalMessaging/profiles/ProfileFetcherJob.swift
index a0a3739cf..1261b3b0e 100644
--- a/SignalMessaging/profiles/ProfileFetcherJob.swift
+++ b/SignalMessaging/profiles/ProfileFetcherJob.swift
@@ -135,7 +135,8 @@ public class ProfileFetcherJob: NSObject {
 
         Logger.error("getProfile: \(recipientId)")
 
-        let udAccess = udManager.udAccess(forRecipientId: recipientId)
+        let udAccess = udManager.udAccess(forRecipientId: recipientId,
+            requireSyncAccess: false)
         return requestProfile(recipientId: recipientId,
                               udAccess: udAccess,
                               canFailoverUDAuth: true)
diff --git a/SignalServiceKit/src/Messages/OWSMessageSender.m b/SignalServiceKit/src/Messages/OWSMessageSender.m
index 32f88812c..749aa35cd 100644
--- a/SignalServiceKit/src/Messages/OWSMessageSender.m
+++ b/SignalServiceKit/src/Messages/OWSMessageSender.m
@@ -593,7 +593,7 @@ NSString *const OWSMessageSenderRateLimitedException = @"RateLimitedException";
             NSString *localNumber = self.tsAccountManager.localNumber;
             OWSUDAccess *_Nullable theirUDAccess;
             if (senderCertificate != nil && ![recipient.recipientId isEqualToString:localNumber]) {
-                theirUDAccess = [self.udManager udAccessForRecipientId:recipient.recipientId];
+                theirUDAccess = [self.udManager udAccessForRecipientId:recipient.recipientId requireSyncAccess:YES];
             }
 
             OWSMessageSend *messageSend = [[OWSMessageSend alloc] initWithMessage:message
diff --git a/SignalServiceKit/src/Messages/UD/OWSUDManager.swift b/SignalServiceKit/src/Messages/UD/OWSUDManager.swift
index 78b3a7fb2..d694a8f1f 100644
--- a/SignalServiceKit/src/Messages/UD/OWSUDManager.swift
+++ b/SignalServiceKit/src/Messages/UD/OWSUDManager.swift
@@ -74,7 +74,8 @@ public class OWSUDAccess: NSObject {
     func udAccessKey(forRecipientId recipientId: RecipientIdentifier) -> SMKUDAccessKey?
 
     @objc
-    func udAccess(forRecipientId recipientId: RecipientIdentifier) -> OWSUDAccess?
+    func udAccess(forRecipientId recipientId: RecipientIdentifier,
+                  requireSyncAccess: Bool) -> OWSUDAccess?
 
     // MARK: Sender Certificate
 
@@ -235,7 +236,27 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
 
     // Returns the UD access key for sending to a given recipient.
     @objc
-    public func udAccess(forRecipientId recipientId: RecipientIdentifier) -> OWSUDAccess? {
+    public func udAccess(forRecipientId recipientId: RecipientIdentifier,
+                         requireSyncAccess: Bool) -> OWSUDAccess? {
+        if requireSyncAccess {
+            guard let localNumber = tsAccountManager.localNumber() else {
+                if isUDVerboseLoggingEnabled() {
+                    Logger.info("UD disabled for \(recipientId), no local number.")
+                }
+                owsFailDebug("Missing local number.")
+                return nil
+            }
+            if localNumber != recipientId {
+                let selfAccessMode = unidentifiedAccessMode(forRecipientId: localNumber)
+                guard selfAccessMode == .enabled || selfAccessMode == .unrestricted else {
+                    if isUDVerboseLoggingEnabled() {
+                        Logger.info("UD disabled for \(recipientId), UD disabled for sync messages.")
+                    }
+                    return nil
+                }
+            }
+        }
+
         let accessMode = unidentifiedAccessMode(forRecipientId: recipientId)
         switch accessMode {
         case .unrestricted:
diff --git a/SignalServiceKit/tests/Messages/OWSUDManagerTest.swift b/SignalServiceKit/tests/Messages/OWSUDManagerTest.swift
index 306c9cc87..bc302d941 100644
--- a/SignalServiceKit/tests/Messages/OWSUDManagerTest.swift
+++ b/SignalServiceKit/tests/Messages/OWSUDManagerTest.swift
@@ -78,23 +78,23 @@ class OWSUDManagerTest: SSKBaseTestSwift {
         let aliceRecipientId = "+13213214321"
 
         XCTAssert(UnidentifiedAccessMode.enabled == udManager.unidentifiedAccessMode(forRecipientId: aliceRecipientId))
-        XCTAssertNotNil(udManager.udAccess(forRecipientId: aliceRecipientId))
+        XCTAssertNotNil(udManager.udAccess(forRecipientId: aliceRecipientId, requireSyncAccess: false))
 
         udManager.setUnidentifiedAccessMode(.unknown, recipientId: aliceRecipientId)
         XCTAssert(UnidentifiedAccessMode.unknown == udManager.unidentifiedAccessMode(forRecipientId: aliceRecipientId))
-        XCTAssertNil(udManager.udAccess(forRecipientId: aliceRecipientId))
+        XCTAssertNil(udManager.udAccess(forRecipientId: aliceRecipientId, requireSyncAccess: false))
 
         udManager.setUnidentifiedAccessMode(.disabled, recipientId: aliceRecipientId)
         XCTAssert(UnidentifiedAccessMode.disabled == udManager.unidentifiedAccessMode(forRecipientId: aliceRecipientId))
-        XCTAssertNil(udManager.udAccess(forRecipientId: aliceRecipientId))
+        XCTAssertNil(udManager.udAccess(forRecipientId: aliceRecipientId, requireSyncAccess: false))
 
         udManager.setUnidentifiedAccessMode(.enabled, recipientId: aliceRecipientId)
         XCTAssert(UnidentifiedAccessMode.enabled == udManager.unidentifiedAccessMode(forRecipientId: aliceRecipientId))
-        XCTAssertNotNil(udManager.udAccess(forRecipientId: aliceRecipientId))
+        XCTAssertNotNil(udManager.udAccess(forRecipientId: aliceRecipientId, requireSyncAccess: false))
 
         udManager.setUnidentifiedAccessMode(.unrestricted, recipientId: aliceRecipientId)
         XCTAssert(UnidentifiedAccessMode.unrestricted == udManager.unidentifiedAccessMode(forRecipientId: aliceRecipientId))
-        XCTAssertNotNil(udManager.udAccess(forRecipientId: aliceRecipientId))
+        XCTAssertNotNil(udManager.udAccess(forRecipientId: aliceRecipientId, requireSyncAccess: false))
     }
 
     func testMode_noProfileKey() {
@@ -111,24 +111,24 @@ class OWSUDManagerTest: SSKBaseTestSwift {
         XCTAssertNotEqual(bobRecipientId, tsAccountManager.localNumber()!)
 
         XCTAssertEqual(UnidentifiedAccessMode.unknown, udManager.unidentifiedAccessMode(forRecipientId: bobRecipientId))
-        XCTAssertNil(udManager.udAccess(forRecipientId: bobRecipientId))
+        XCTAssertNil(udManager.udAccess(forRecipientId: bobRecipientId, requireSyncAccess: false))
 
         udManager.setUnidentifiedAccessMode(.unknown, recipientId: bobRecipientId)
         XCTAssertEqual(UnidentifiedAccessMode.unknown, udManager.unidentifiedAccessMode(forRecipientId: bobRecipientId))
-        XCTAssertNil(udManager.udAccess(forRecipientId: bobRecipientId))
+        XCTAssertNil(udManager.udAccess(forRecipientId: bobRecipientId, requireSyncAccess: false))
 
         udManager.setUnidentifiedAccessMode(.disabled, recipientId: bobRecipientId)
         XCTAssertEqual(UnidentifiedAccessMode.disabled, udManager.unidentifiedAccessMode(forRecipientId: bobRecipientId))
-        XCTAssertNil(udManager.udAccess(forRecipientId: bobRecipientId))
+        XCTAssertNil(udManager.udAccess(forRecipientId: bobRecipientId, requireSyncAccess: false))
 
         udManager.setUnidentifiedAccessMode(.enabled, recipientId: bobRecipientId)
         XCTAssertEqual(UnidentifiedAccessMode.enabled, udManager.unidentifiedAccessMode(forRecipientId: bobRecipientId))
-        XCTAssertNil(udManager.udAccess(forRecipientId: bobRecipientId))
+        XCTAssertNil(udManager.udAccess(forRecipientId: bobRecipientId, requireSyncAccess: false))
 
         // Bob should work in unrestricted mode, even if he doesn't have a profile key.
         udManager.setUnidentifiedAccessMode(.unrestricted, recipientId: bobRecipientId)
         XCTAssertEqual(UnidentifiedAccessMode.unrestricted, udManager.unidentifiedAccessMode(forRecipientId: bobRecipientId))
-        XCTAssertNotNil(udManager.udAccess(forRecipientId: bobRecipientId))
+        XCTAssertNotNil(udManager.udAccess(forRecipientId: bobRecipientId, requireSyncAccess: false))
     }
 
     func testMode_withProfileKey() {
@@ -145,22 +145,22 @@ class OWSUDManagerTest: SSKBaseTestSwift {
         profileManager.setProfileKeyData(OWSAES256Key.generateRandom().keyData, forRecipientId: bobRecipientId)
 
         XCTAssertEqual(UnidentifiedAccessMode.unknown, udManager.unidentifiedAccessMode(forRecipientId: bobRecipientId))
-        XCTAssertNil(udManager.udAccess(forRecipientId: bobRecipientId))
+        XCTAssertNil(udManager.udAccess(forRecipientId: bobRecipientId, requireSyncAccess: false))
 
         udManager.setUnidentifiedAccessMode(.unknown, recipientId: bobRecipientId)
         XCTAssertEqual(UnidentifiedAccessMode.unknown, udManager.unidentifiedAccessMode(forRecipientId: bobRecipientId))
-        XCTAssertNil(udManager.udAccess(forRecipientId: bobRecipientId))
+        XCTAssertNil(udManager.udAccess(forRecipientId: bobRecipientId, requireSyncAccess: false))
 
         udManager.setUnidentifiedAccessMode(.disabled, recipientId: bobRecipientId)
         XCTAssertEqual(UnidentifiedAccessMode.disabled, udManager.unidentifiedAccessMode(forRecipientId: bobRecipientId))
-        XCTAssertNil(udManager.udAccess(forRecipientId: bobRecipientId))
+        XCTAssertNil(udManager.udAccess(forRecipientId: bobRecipientId, requireSyncAccess: false))
 
         udManager.setUnidentifiedAccessMode(.enabled, recipientId: bobRecipientId)
         XCTAssertEqual(UnidentifiedAccessMode.enabled, udManager.unidentifiedAccessMode(forRecipientId: bobRecipientId))
-        XCTAssertNotNil(udManager.udAccess(forRecipientId: bobRecipientId))
+        XCTAssertNotNil(udManager.udAccess(forRecipientId: bobRecipientId, requireSyncAccess: false))
 
         udManager.setUnidentifiedAccessMode(.unrestricted, recipientId: bobRecipientId)
         XCTAssertEqual(UnidentifiedAccessMode.unrestricted, udManager.unidentifiedAccessMode(forRecipientId: bobRecipientId))
-        XCTAssertNotNil(udManager.udAccess(forRecipientId: bobRecipientId))
+        XCTAssertNotNil(udManager.udAccess(forRecipientId: bobRecipientId, requireSyncAccess: false))
     }
 }