To very lossily summarize: always authenticate before looking at the message.
Its a handy rule of thumb when you're making choices like how to validate a message.
https://moxie.org/2011/12/13/the-cryptographic-doom-principl....