diff --git a/src/api/server_server.rs b/src/api/server_server.rs
index e4f5adae..f6e1c303 100644
--- a/src/api/server_server.rs
+++ b/src/api/server_server.rs
@@ -1705,6 +1705,13 @@ async fn create_join_event(
     )
     .map_err(|_| Error::BadRequest(ErrorKind::BadJson, "Invalid event content"))?;
 
+    if event_content.membership != MembershipState::Join {
+        return Err(Error::BadRequest(
+            ErrorKind::BadJson,
+            "Membership of sent event does not match that of the endpoint",
+        ));
+    }
+
     if event_content
         .join_authorized_via_users_server
         .map(|user| user.server_name() == services().globals.server_name())