diff --git a/scripts-dev/check_auth.py b/scripts-dev/check_auth.py
index 4fa8792a5fe1b0eb670c4855ecfb4bd79bc80ac6..b362aad722a9bccf37ecd32a55d8985f0371cc1d 100644
--- a/scripts-dev/check_auth.py
+++ b/scripts-dev/check_auth.py
@@ -38,7 +38,7 @@ def check_auth(auth, auth_chain, events):
             print "Failed:", e.event_id, e.type, e.state_key
             print "Auth_events:", auth_events
             print ex
-            print json.dumps(e.get_dict(), sort_keys=True, indent=4)
+            # print json.dumps(e.get_dict(), sort_keys=True, indent=4)
             # raise
         print "Success:", e.event_id, e.type, e.state_key
 
diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py
index 30b9982e2523d0fcf934bff4092d6b5d09dff0b1..0f11fa390fecaa37b13e80ba8f9c8ebb1afc3938 100644
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@@ -649,8 +649,6 @@ class FederationHandler(BaseHandler):
                 # FIXME
                 pass
 
-            self._check_auth_tree(auth_chain, event)
-
             event_stream_id, max_stream_id = yield self._persist_auth_tree(
                 auth_chain, state, event
             )
@@ -1001,7 +999,16 @@ class FederationHandler(BaseHandler):
             is_new_state=(not outliers and not backfilled),
         )
 
-    def _check_auth_tree(self, auth_events, event):
+    @defer.inlineCallbacks
+    def _persist_auth_tree(self, auth_events, state, event):
+        events_to_context = {}
+        for e in auth_events:
+            ctx = yield self.state_handler.compute_event_context(
+                e, outlier=True,
+            )
+            events_to_context[e.event_id] = ctx
+            e.internal_metadata.outlier = True
+
         event_map = {
             e.event_id: e
             for e in auth_events
@@ -1021,17 +1028,17 @@ class FederationHandler(BaseHandler):
             if create_event:
                 a[(EventTypes.Create, "")] = create_event
 
-            self.auth.check(e, auth_events=a)
+            try:
+                self.auth.check(e, auth_events=a)
+            except AuthError:
+                logger.warn(
+                    "Rejecting %s because %s",
+                    event.event_id, e.msg
+                )
 
-    @defer.inlineCallbacks
-    def _persist_auth_tree(self, auth_events, state, event):
-        events_to_context = {}
-        for e in auth_events:
-            ctx = yield self.state_handler.compute_event_context(
-                e, outlier=True,
-            )
-            events_to_context[e.event_id] = ctx
-            e.internal_metadata.outlier = True
+                if e == event:
+                    raise
+                events_to_context[e.event_id].rejected = RejectedReason.AUTH_ERROR
 
         yield self.store.persist_events(
             [