diff --git a/cmd/server/main.go b/cmd/server/main.go
index 25cba1d..44d7709 100644
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@@ -229,6 +229,7 @@ func runroomsrv() error {
 	// create the shs+muxrpc server
 	roomsrv, err := mksrv.New(
 		db.Members,
+		db.DeniedKeys,
 		db.Aliases,
 		db.AuthWithSSB,
 		bridge,
diff --git a/roomdb/interface.go b/roomdb/interface.go
index fbcf78d..9c0b3b7 100644
--- a/roomdb/interface.go
+++ b/roomdb/interface.go
@@ -94,7 +94,7 @@ type DeniedKeysService interface {
 	// HasFeed returns true if a feed is on the list.
 	HasFeed(context.Context, refs.FeedRef) bool
 
-	// HasFeed returns true if a feed is on the list.
+	// HasID returns true if a member id is on the list.
 	HasID(context.Context, int64) bool
 
 	// GetByID returns the list entry for that ID or an error
diff --git a/roomsrv/init_network.go b/roomsrv/init_network.go
index 0ebe729..edb3733 100644
--- a/roomsrv/init_network.go
+++ b/roomsrv/init_network.go
@@ -40,6 +40,11 @@ func (s *Server) initNetwork() error {
 			}
 		}
 
+		// if feed is in the deny list, deny their connection
+		if s.DeniedKeys.HasFeed(s.rootCtx, *remote) {
+			return nil, fmt.Errorf("this key has been banned")
+		}
+
 		// for community + open modes, allow all connections
 		return &s.public, nil
 	}
diff --git a/roomsrv/server.go b/roomsrv/server.go
index 097ffd3..77cced8 100644
--- a/roomsrv/server.go
+++ b/roomsrv/server.go
@@ -65,8 +65,9 @@ type Server struct {
 
 	StateManager *roomstate.Manager
 
-	Members roomdb.MembersService
-	Aliases roomdb.AliasesService
+	Members    roomdb.MembersService
+	DeniedKeys roomdb.DeniedKeysService
+	Aliases    roomdb.AliasesService
 
 	authWithSSB       roomdb.AuthWithSSBService
 	authWithSSBBridge *signinwithssb.SignalBridge
@@ -79,6 +80,7 @@ func (s Server) Whoami() refs.FeedRef {
 
 func New(
 	membersdb roomdb.MembersService,
+	deniedkeysdb roomdb.DeniedKeysService,
 	aliasdb roomdb.AliasesService,
 	awsdb roomdb.AuthWithSSBService,
 	bridge *signinwithssb.SignalBridge,
@@ -90,6 +92,7 @@ func New(
 	s.authorizer = membersdb
 
 	s.Members = membersdb
+	s.DeniedKeys = deniedkeysdb
 	s.Aliases = aliasdb
 	s.Config = config