diff --git a/inbox.py b/inbox.py
index eaba2bf2a..c67af19e1 100644
--- a/inbox.py
+++ b/inbox.py
@@ -352,6 +352,12 @@ def inbox_permitted_message(domain: str, message_json: {},
                             federation_list: []) -> bool:
     """ Initial validation of whether an incoming post is permitted
     """
+    if '@type' in message_json or \
+       'https://www.w3.org/ns/activitystreams#object' in message_json or \
+       'https://www.w3.org/ns/activitystreams#actor' in message_json:
+        print('WARN: invalid expanded json ' + str(message_json))
+        return False
+
     if not has_actor(message_json, False):
         return False
 
diff --git a/pyjsonld.py b/pyjsonld.py
index 4237a75a6..a055c00ca 100644
--- a/pyjsonld.py
+++ b/pyjsonld.py
@@ -10,6 +10,8 @@ JSON-LD.
 .. moduleauthor:: Dave Longley
 .. moduleauthor:: Mike Johnson
 .. moduleauthor:: Tim McNamara <tim.mcnamara@okfn.org>
+
+23/04/2026 Modified to remove @graph and @reverse
 """
 
 __copyright__ = 'Copyright (c) 2011-2014 Digital Bazaar, Inc.'
diff --git a/scripts/invalid b/scripts/invalid
index 92b10dd2b..762b8f46b 100755
--- a/scripts/invalid
+++ b/scripts/invalid
@@ -1,2 +1,2 @@
 #!/bin/bash
-journalctl -u epicyon | grep "invalid nickname\|invalid header\|invalid characters\|leech bounced\|LLM scraper\|suspicious\|contradictory browsers\|bad path\|not wordpress\|attempt to access passwords\|GET Unknown request"
+journalctl -u epicyon | grep "invalid expanded\|invalid nickname\|invalid header\|invalid characters\|leech bounced\|LLM scraper\|suspicious\|contradictory browsers\|bad path\|not wordpress\|attempt to access passwords\|GET Unknown request"