diff --git a/daemon.py b/daemon.py
index 23074d6c3..7978e82d6 100644
--- a/daemon.py
+++ b/daemon.py
@@ -19,8 +19,12 @@ from person import personLookup
 from person import personKeyLookup
 import os
 
+# domain name of this server
 thisDomain=''
 
+# List of domains to federate with
+federationList=[]
+
 def readFollowList(filename: str):
     """Returns a list of ActivityPub addresses to follow
     """
@@ -130,9 +134,11 @@ class PubServer(BaseHTTPRequestHandler):
         self._set_headers('application/json')
         self.wfile.write(json.dumps(message).encode('utf-8'))
 
-def runDaemon(domain: str,port=80,useTor=False) -> None:
+def runDaemon(domain: str,port=80,allowedDomains,useTor=False) -> None:
     global thisDomain
+    global federationList
     thisDomain=domain
+    federationList=allowedDomains
 
     if len(domain)==0:
         domain='127.0.0.1'
diff --git a/epicyon.py b/epicyon.py
index 8c6e4fc0d..805a939b8 100644
--- a/epicyon.py
+++ b/epicyon.py
@@ -20,6 +20,7 @@ from httpsig import testHttpsig
 from daemon import runDaemon
 import socket
 
+allowedDomains=['mastodon.social']
 username='testuser'
 #domain=socket.gethostname()
 domain='mydomain.com'
@@ -31,7 +32,7 @@ session = createSession(useTor)
 privateKeyPem,publicKeyPem,person,wfEndpoint=createPerson(username,domain,https,True)
 setPreferredUsername(username,domain,'badger')
 setBio(username,domain,'Some personal info')
-runDaemon(domain,port,useTor)
+runDaemon(domain,port,allowedDomains,useTor)
 
 #testHttpsig()
 #sys.exit()
@@ -40,7 +41,6 @@ runDaemon(domain,port,useTor)
 #print('\n')
 #pprint(wfEndpoint)
 
-allowedDomains=['mastodon.social']
 handle="https://mastodon.social/@Gargron"
 wfRequest = webfingerHandle(session,handle,True)
 if not wfRequest:
diff --git a/session.py b/session.py
index 202fa9a8a..31e2f34e5 100644
--- a/session.py
+++ b/session.py
@@ -28,8 +28,17 @@ def getJson(session,url: str,headers,params):
     session.cookies.clear()
     return session.get(url, headers=sessionHeaders, params=sessionParams).json()
 
-def postJson(session,postJson,inboxUrl: str):
+def postJson(session,postJson,allowedDomains,inboxUrl: str):
     """Post a json message to the inbox of another person
     """
+    # check that we are posting to a permitted domain
+    permittedDomain=False
+    for domain in allowedDomains:
+        if domain in inboxUrl:
+            permittedDomain=True
+            break
+    if not permittedDomain:
+        return None
+
     postResult = session.post(url = inboxUrl, data = postJson) 
     return postResult.text