diff --git a/src/ripple/overlay/impl/PeerImp.cpp b/src/ripple/overlay/impl/PeerImp.cpp
index 046bc12e6..049c4a072 100644
--- a/src/ripple/overlay/impl/PeerImp.cpp
+++ b/src/ripple/overlay/impl/PeerImp.cpp
@@ -937,7 +937,15 @@ PeerImp::on_message (std::shared_ptr <protocol::TMTransaction> const& m)
         m_journal.debug << "Got transaction from peer " << *this << ": " << txID;
 
         if (m_clusterNode)
-            flags |= SF_TRUSTED | SF_SIGGOOD;
+        {
+            flags |= SF_TRUSTED;
+            if (! getConfig().VALIDATION_PRIV.isSet())
+            {
+                // For now, be paranoid and have each validator
+                // check each transaction, regardless of source
+                flags |= SF_SIGGOOD;
+	    }
+	}
 
         if (getApp().getJobQueue().getJobCount(jtTRANSACTION) > 100)
             m_journal.info << "Transaction queue is full";
diff --git a/src/ripple/overlay/impl/handshake_analyzer.h b/src/ripple/overlay/impl/handshake_analyzer.h
index c9171f56a..1a3f43066 100644
--- a/src/ripple/overlay/impl/handshake_analyzer.h
+++ b/src/ripple/overlay/impl/handshake_analyzer.h
@@ -1078,10 +1078,8 @@ private:
 
     static void checkTransaction (Job&, int flags, SerializedTransaction::pointer stx, std::weak_ptr<Peer> peer)
     {
-    #ifndef TRUST_NETWORK
         try
         {
-    #endif
 
             if (stx->isFieldPresent(sfLastLedgerSequence) &&
                 (stx->getFieldU32 (sfLastLedgerSequence) <
@@ -1108,15 +1106,12 @@ private:
             bool const trusted (flags & SF_TRUSTED);
             getApp().getOPs ().processTransaction (tx, trusted, false, false);
 
-    #ifndef TRUST_NETWORK
         }
         catch (...)
         {
             getApp().getHashRouter ().setFlag (stx->getTransactionID (), SF_BAD);
             charge (peer, Resource::feeInvalidRequest);
         }
-
-    #endif
     }
 
     // Called from our JobQueue
diff --git a/src/ripple/rpc/handlers/Submit.cpp b/src/ripple/rpc/handlers/Submit.cpp
index 8f374d4cc..cbc3f071b 100644
--- a/src/ripple/rpc/handlers/Submit.cpp
+++ b/src/ripple/rpc/handlers/Submit.cpp
@@ -65,7 +65,7 @@ Json::Value doSubmit (RPC::Context& context)
 
     try
     {
-        tpTrans     = std::make_shared<Transaction> (stpTrans, false);
+        tpTrans     = std::make_shared<Transaction> (stpTrans, true);
     }
     catch (std::exception& e)
     {
@@ -75,6 +75,14 @@ Json::Value doSubmit (RPC::Context& context)
         return jvResult;
     }
 
+    if (tpTrans->getStatus() != NEW)
+    {
+        jvResult[jss::error]            = "invalidTransactions";
+        jvResult["error_exception"] = "fails local checks";
+
+        return jvResult;
+    }
+
     try
     {
         (void) context.netOps_.processTransaction (