diff --git a/posts.py b/posts.py
index 28a7a9e51..a6c8a6c47 100644
--- a/posts.py
+++ b/posts.py
@@ -460,7 +460,8 @@ def threadSendPost(session,postJsonObject: {},federationList: [],capsList: [],\
     backoffTime=60
     for attempt in range(20):
         postResult = postJson(session,postJsonObject,federationList, \
-                              capsList,inboxUrl,signatureHeaderJson)
+                              capsList,inboxUrl,signatureHeaderJson, \
+                              "inbox:write")
         if postResult:
             postLog.append(postJsonObject['published']+' '+postResult+'\n')
             # keep the length of the log finite
diff --git a/session.py b/session.py
index 201903592..d30318ff7 100644
--- a/session.py
+++ b/session.py
@@ -39,13 +39,16 @@ def getJson(session,url: str,headers: {},params: {}) -> {}:
         pass
     return None
 
-def postJson(session,postJsonObject: {},federationList: [],capsList: [],inboxUrl: str,headers: {}) -> str:
+def postJson(session,postJsonObject: {},federationList: [],capsList: [],inboxUrl: str,headers: {},capability: str) -> str:
     """Post a json message to the inbox of another person
+    Supplying a capability, such as "inbox:write"
     """
-    
-    # check that we are posting to a permitted domain
-    if not urlPermitted(inboxUrl,federationList,capsList,"inbox:write"):
-        return None
+
+    # always allow capability requests
+    if not capability.startswith('cap'):    
+        # check that we are posting to a permitted domain
+        if not urlPermitted(inboxUrl,federationList,capsList,capability):
+            return None
 
     postResult = session.post(url = inboxUrl, data = json.dumps(postJsonObject), headers=headers)
     return postResult.text