I agree with Clemens on the postcondition discussion. At the risk of using two quickie "gun/bullet" analogies in a month, I offer this one to explain why checking post-conditions is as (or more) important as checking pre-conditions.
It's better to take the bullets out of the gun, than to wear a bullet-proof vest.
Too often message validation is considered a defensive manuever to protect one's self from bad input. I believe this "knee-jerk" style of coding is an artifact of C and C++ where engineers always check input pointers for nulls and such.
In a system that is constrained by contracts, you certainly know as much about the outgoing messages and inherent contract as the incoming, so there's no reason not validate the outbound messages.