diff --git a/CHANGELOG.md b/CHANGELOG.md
index 62936f4..2b20845 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,10 +5,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## Unreleased
-
 ### Changed
-
 - Updated `github.com/ProtonMail/go-mime` to latest versions, which cleans up uneeded dependencies. And fix an issue with PGP/MIME messages with non standard encodings.
+- Sanitize strings returned in `MIMECallbacks.OnBody()` and `PlainMessage.GetString()`. Strings that have non utf8 characters will be sanitized to have the "character unknown" character : � instead.
 
 ## [2.4.10] 2022-08-22
 ### Changed
diff --git a/crypto/message.go b/crypto/message.go
index ccdb5d3..d6072fe 100644
--- a/crypto/message.go
+++ b/crypto/message.go
@@ -202,7 +202,7 @@ func (msg *PlainMessage) GetBinary() []byte {
 
 // GetString returns the content of the message as a string.
 func (msg *PlainMessage) GetString() string {
-	return strings.ReplaceAll(string(msg.Data), "\r\n", "\n")
+	return sanitizeString(strings.ReplaceAll(string(msg.Data), "\r\n", "\n"))
 }
 
 // GetBase64 returns the base-64 encoded binary content of the message as a
diff --git a/crypto/message_test.go b/crypto/message_test.go
index 0f93b82..17be0d6 100644
--- a/crypto/message_test.go
+++ b/crypto/message_test.go
@@ -5,6 +5,7 @@ import (
 	"encoding/base64"
 	"errors"
 	"io"
+	"io/ioutil"
 	"testing"
 	"time"
 
@@ -83,7 +84,12 @@ func TestTextMixedMessageDecryptionWithPassword(t *testing.T) {
 		t.Fatal("Expected no error when decrypting, got:", err)
 	}
 
-	assert.Exactly(t, readTestFile("message_mixedPasswordPublicExpected", true), decrypted.GetString())
+	expected, err := ioutil.ReadFile("testdata/message_mixedPasswordPublicExpected")
+	if err != nil {
+		panic(err)
+	}
+
+	assert.Exactly(t, expected, decrypted.GetBinary())
 }
 
 func TestTextMessageEncryption(t *testing.T) {
diff --git a/crypto/mime.go b/crypto/mime.go
index 4d55cd0..d756dfc 100644
--- a/crypto/mime.go
+++ b/crypto/mime.go
@@ -49,7 +49,8 @@ func (keyRing *KeyRing) DecryptMIMEMessage(
 		callbacks.OnVerified(constants.SIGNATURE_OK)
 	}
 	bodyContent, bodyMimeType := body.GetBody()
-	callbacks.OnBody(bodyContent, bodyMimeType)
+	bodyContentSanitized := sanitizeString(bodyContent)
+	callbacks.OnBody(bodyContentSanitized, bodyMimeType)
 	for i := 0; i < len(attachments); i++ {
 		callbacks.OnAttachment(attachmentHeaders[i], []byte(attachments[i]))
 	}
diff --git a/crypto/sanitize_string.go b/crypto/sanitize_string.go
new file mode 100644
index 0000000..854e11f
--- /dev/null
+++ b/crypto/sanitize_string.go
@@ -0,0 +1,7 @@
+package crypto
+
+import "strings"
+
+func sanitizeString(input string) string {
+	return strings.ToValidUTF8(input, "\ufffd")
+}