diff --git a/app.py b/app.py
index f2bb03a..ed9a986 100644
--- a/app.py
+++ b/app.py
@@ -66,6 +66,7 @@ from activitypub import _answer_key
 from activitypub import embed_collection
 from config import ADMIN_API_KEY
 from config import BASE_URL
+from config import BLACKLIST
 from config import DB
 from config import DEBUG_MODE
 from config import DOMAIN
@@ -123,6 +124,10 @@ else:
 SIG_AUTH = HTTPSigAuth(KEY)
 
 
+def is_blacklisted(url: str) -> bool:
+    return urlparse(url).netloc in BLACKLIST
+
+
 def verify_pass(pwd):
     return bcrypt.verify(pwd, PASS)
 
@@ -1809,6 +1814,19 @@ def inbox():
             response=json.dumps({"error": "failed to decode request as JSON"}),
         )
 
+    # Check the blacklist now to see if we can return super early
+    if (
+        "id" in data
+        and is_blacklisted(data["id"])
+        or (
+            "object" in data
+            and "id" in data["object"]
+            and is_blacklisted(data["object"]["id"])
+        )
+    ):
+        logger.info(f"dropping activity from blacklisted host: {data['id']}")
+        return Response(status=201)
+
     print(f"req_headers={request.headers}")
     print(f"raw_data={data}")
     logger.debug(f"req_headers={request.headers}")
diff --git a/config.py b/config.py
index 97504f7..9592030 100644
--- a/config.py
+++ b/config.py
@@ -234,3 +234,6 @@ if conf.get("emojis"):
 EMOJI_TPL = '<img src="https://cdn.jsdelivr.net/npm/twemoji@12.0.0/2/svg/{filename}.svg" alt="{raw}" class="emoji">'
 if conf.get("emoji_tpl"):
     EMOJI_TPL = conf["emoji_tpl"]
+
+# Host blacklist
+BLACKLIST = conf.get("blacklist", [])