diff --git a/federationapi/routing/join.go b/federationapi/routing/join.go
index f0e1ae0d6..7310a3053 100644
--- a/federationapi/routing/join.go
+++ b/federationapi/routing/join.go
@@ -194,6 +194,12 @@ func SendJoin(
 			JSON: jsonerror.BadJSON("No state key was provided in the join event."),
 		}
 	}
+	if !event.StateKeyEquals(event.Sender()) {
+		return util.JSONResponse{
+			Code: http.StatusBadRequest,
+			JSON: jsonerror.BadJSON("Event state key must match the event sender."),
+		}
+	}
 
 	// Check that the room ID is correct.
 	if event.RoomID() != roomID {