diff --git a/src/cpp/ripple/AccountSetTransactor.cpp b/src/cpp/ripple/AccountSetTransactor.cpp
index 88c48b2469..7834dd1bd9 100644
--- a/src/cpp/ripple/AccountSetTransactor.cpp
+++ b/src/cpp/ripple/AccountSetTransactor.cpp
@@ -1,4 +1,5 @@
 #include "AccountSetTransactor.h"
+#include "Config.h"
 
 SETUP_LOG();
 
@@ -94,15 +95,22 @@ TER AccountSetTransactor::doApply()
 	// MessageKey
 	//
 
-	if (!mTxn.isFieldPresent(sfMessageKey))
+	if (mTxn.isFieldPresent(sfMessageKey))
 	{
-		nothing();
-	}
-	else
-	{
-		cLog(lsINFO) << "AccountSet: set message key";
+		std::vector<unsigned char>	vucPublic	= mTxn.getFieldVL(sfMessageKey);
 
-		mTxnAccount->setFieldVL(sfMessageKey, mTxn.getFieldVL(sfMessageKey));
+		if (vucPublic.size() > PUBLIC_BYTES_MAX)
+		{
+			cLog(lsINFO) << "AccountSet: message key too long";
+
+			return telBAD_PUBLIC_KEY;
+		}
+		else
+		{
+			cLog(lsINFO) << "AccountSet: set message key";
+
+			mTxnAccount->setFieldVL(sfMessageKey, vucPublic);
+		}
 	}
 
 	//
@@ -119,6 +127,12 @@ TER AccountSetTransactor::doApply()
 
 			mTxnAccount->makeFieldAbsent(sfDomain);
 		}
+		else if (vucDomain.size() > DOMAIN_BYTES_MAX)
+		{
+			cLog(lsINFO) << "AccountSet: domain too long";
+
+			return telBAD_DOMAIN;
+		}
 		else
 		{
 			cLog(lsINFO) << "AccountSet: set domain";
diff --git a/src/cpp/ripple/Config.h b/src/cpp/ripple/Config.h
index b24df2ed16..1144140372 100644
--- a/src/cpp/ripple/Config.h
+++ b/src/cpp/ripple/Config.h
@@ -28,6 +28,9 @@
 #define DEFAULT_VALIDATORS_SITE		""
 #define VALIDATORS_FILE_NAME		"validators.txt"
 
+const int DOMAIN_BYTES_MAX				= 256;
+const int PUBLIC_BYTES_MAX				= 2048;		// Maximum bytes for an account public key.
+
 const int SYSTEM_PEER_PORT				= 6561;
 const int SYSTEM_WEBSOCKET_PORT			= 6562;
 const int SYSTEM_WEBSOCKET_PUBLIC_PORT	= 6563;	// XXX Going away.
diff --git a/src/cpp/ripple/TransactionErr.cpp b/src/cpp/ripple/TransactionErr.cpp
index dcf5f2df2a..d9a55901f2 100644
--- a/src/cpp/ripple/TransactionErr.cpp
+++ b/src/cpp/ripple/TransactionErr.cpp
@@ -35,7 +35,9 @@ bool transResultInfo(TER terCode, std::string& strToken, std::string& strHuman)
 		{	tefPAST_SEQ,			"tefPAST_SEQ",				"This sequence number has already past."				},
 
 		{	telLOCAL_ERROR,			"telLOCAL_ERROR",			"Local failure."										},
+		{	telBAD_DOMAIN,			"telBAD_DOMAIN",			"Domain too long."										},
 		{	telBAD_PATH_COUNT,		"telBAD_PATH_COUNT",		"Malformed: Too many paths."							},
+		{	telBAD_PUBLIC_KEY,		"telBAD_PUBLIC_KEY",		"Public key too long."									},
 		{	telINSUF_FEE_P,			"telINSUF_FEE_P",			"Fee insufficient."										},
 
 		{	temMALFORMED,			"temMALFORMED",				"Malformed transaction."								},
diff --git a/src/cpp/ripple/TransactionErr.h b/src/cpp/ripple/TransactionErr.h
index 7fb0e32159..e87ac3ead9 100644
--- a/src/cpp/ripple/TransactionErr.h
+++ b/src/cpp/ripple/TransactionErr.h
@@ -13,7 +13,9 @@ enum TER	// aka TransactionEngineResult
 	// - Not forwarded
 	// - No fee check
 	telLOCAL_ERROR	= -399,
+	telBAD_DOMAIN,
 	telBAD_PATH_COUNT,
+	telBAD_PUBLIC_KEY,
 	telINSUF_FEE_P,
 
 	// -299 .. -200: M Malformed (bad signature)