diff --git a/src/activitypub/index.js b/src/activitypub/index.js
index 167eb16d15..6b51236bfa 100644
--- a/src/activitypub/index.js
+++ b/src/activitypub/index.js
@@ -152,7 +152,23 @@ ActivityPub.resolveInboxes = async (ids) => {
 		batch: 500,
 	});
 
-	return Array.from(inboxes);
+	let inboxArr = Array.from(inboxes);
+
+	// Filter out blocked instances
+	const blocked = [];
+	inboxArr = inboxArr.filter((inbox) => {
+		const { hostname } = new URL(inbox);
+		const allowed = ActivityPub.instances.isAllowed(hostname);
+		if (!allowed) {
+			blocked.push(inbox);
+		}
+		return allowed;
+	});
+	if (blocked.length) {
+		ActivityPub.helpers.log(`[activitypub/resolveInboxes] Not delivering to blocked instances: ${blocked.join(', ')}`);
+	}
+
+	return inboxArr;
 };
 
 ActivityPub.getPublicKey = async (type, id) => {
@@ -305,6 +321,15 @@ ActivityPub.get = async (type, id, uri, options) => {
 		throw new Error('[[error:activitypub.not-enabled]]');
 	}
 
+	const { hostname } = new URL(uri);
+	const allowed = ActivityPub.instances.isAllowed(hostname);
+	if (!allowed) {
+		ActivityPub.helpers.log(`[activitypub/get] Not retrieving ${uri}, domain is blocked.`);
+		const e = new Error(`[[error:activitypub.get-failed]]`);
+		e.code = `ap_get_domain_blocked`;
+		throw e;
+	}
+
 	options = {
 		cache: true,
 		...options,
diff --git a/src/activitypub/instances.js b/src/activitypub/instances.js
index 16765ea553..64502c0998 100644
--- a/src/activitypub/instances.js
+++ b/src/activitypub/instances.js
@@ -11,7 +11,7 @@ Instances.log = async (domain) => {
 
 Instances.getCount = async () => db.sortedSetCard('instances:lastSeen');
 
-Instances.isAllowed = async (domain) => {
+Instances.isAllowed = (domain) => {
 	let { activitypubFilter: type, activitypubFilterList: list } = meta.config;
 	list = new Set(String(list).split('\n'));
 	// eslint-disable-next-line no-bitwise
diff --git a/src/middleware/activitypub.js b/src/middleware/activitypub.js
index 45bfffa4b9..730b4e78af 100644
--- a/src/middleware/activitypub.js
+++ b/src/middleware/activitypub.js
@@ -93,12 +93,12 @@ middleware.assertPayload = helpers.try(async function (req, res, next) {
 
 	// Domain check
 	const { hostname } = new URL(actor);
-	const allowed = await activitypub.instances.isAllowed(hostname);
+	const allowed = activitypub.instances.isAllowed(hostname);
 	if (!allowed) {
 		activitypub.helpers.log(`[middleware/activitypub] Blocked incoming activity from ${hostname}.`);
 		return res.sendStatus(403);
 	}
-	await activitypub.instances.log(hostname);
+	activitypub.instances.log(hostname);
 
 	// Origin checking
 	if (typeof object !== 'string' && object.hasOwnProperty('id')) {