diff --git a/docs/megolm.rst b/docs/megolm.rst
index 49293492b4aa7ebf13ef0bce4a5e2eb80c275bf3..03ee426476686055448dabc46a5b94b147c0b00e 100644
--- a/docs/megolm.rst
+++ b/docs/megolm.rst
@@ -274,6 +274,17 @@ bytes preceding the signature.
 Limitations
 -----------
 
+Message Replays
+---------------
+
+A message can be decrypted successfully multiple times. This means that an
+attacker can re-send a copy of an old message, and the recipient will treat it
+as a new message.
+
+To mitigate this it is recommended that applications track the ratchet indices
+they have received and that they reject messages with a ratchet index that
+they have already decrypted.
+
 Lack of Transcript Consistency
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~