diff --git a/lib/pleroma/web/plugs/inbox_guard_plug.ex b/lib/pleroma/web/plugs/inbox_guard_plug.ex
index 643b586d4..0064cce76 100644
--- a/lib/pleroma/web/plugs/inbox_guard_plug.ex
+++ b/lib/pleroma/web/plugs/inbox_guard_plug.ex
@@ -4,7 +4,7 @@
 
 defmodule Pleroma.Web.Plugs.InboxGuardPlug do
   import Plug.Conn
-  import Pleroma.Constants, only: [allowed_activity_types_from_strangers: 0]
+  import Pleroma.Constants, only: [activity_types: 0, allowed_activity_types_from_strangers: 0]
 
   alias Pleroma.Config
   alias Pleroma.User
@@ -14,24 +14,46 @@ defmodule Pleroma.Web.Plugs.InboxGuardPlug do
   end
 
   def call(%{assigns: %{valid_signature: true}} = conn, _opts) do
-    conn
+    with {_, true} <- {:federating, Config.get!([:instance, :federating])} do
+      conn
+      |> filter_activity_types()
+    else
+      {:federating, false} ->
+        conn
+        |> json(403, "Not federating")
+        |> halt()
+    end
   end
 
   def call(conn, _opts) do
     with {_, true} <- {:federating, Config.get!([:instance, :federating])},
-         true <- known_actor?(conn) do
+         conn = filter_activity_types(conn),
+         {:known, true} <- {:known, known_actor?(conn)} do
       conn
     else
       {:federating, false} ->
         conn
         |> json(403, "Not federating")
+        |> halt()
 
-      _ ->
+      {:known, false} ->
         conn
         |> filter_from_strangers()
     end
   end
 
+  # Early rejection of unrecognized types
+  defp filter_activity_types(%{body_params: %{"type" => type}} = conn) do
+    with true <- type in activity_types() do
+      conn
+    else
+      _ ->
+        conn
+        |> json(400, "Invalid activity type")
+        |> halt()
+    end
+  end
+
   # If signature failed but we know this actor we should
   # accept it as we may only need to refetch their public key
   # during processing
@@ -52,6 +74,7 @@ defmodule Pleroma.Web.Plugs.InboxGuardPlug do
       _ ->
         conn
         |> json(400, "Invalid activity type for an unknown actor")
+        |> halt()
     end
   end
 
diff --git a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs
index c32f6c1a3..3bd589f49 100644
--- a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs
+++ b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs
@@ -711,6 +711,27 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       end)
     end
 
+    test "Unknown activity types are discarded", %{conn: conn} do
+      unknown_types = ["Poke", "Read", "Dazzle"]
+
+      Enum.each(unknown_types, fn bad_type ->
+        params =
+          %{
+            "type" => bad_type,
+            "actor" => "https://unknown.mastodon.instance/users/somebody"
+          }
+          |> Jason.encode!()
+
+        conn
+        |> assign(:valid_signature, true)
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/inbox", params)
+        |> json_response(400)
+
+        assert all_enqueued() == []
+      end)
+    end
+
     test "accepts Add/Remove activities", %{conn: conn} do
       object_id = "c61d6733-e256-4fe1-ab13-1e369789423f"