diff --git a/r2/r2/controllers/api.py b/r2/r2/controllers/api.py
index 4c7dd2917..ed4346379 100755
--- a/r2/r2/controllers/api.py
+++ b/r2/r2/controllers/api.py
@@ -623,6 +623,8 @@ class ApiController(RedditController, OAuth2ResourceController):
         """
         if type in self._sr_friend_types:
             container = c.site
+            if c.user._spam:
+                return
         else:
             container = VByName('container').run(container)
             if not container:
@@ -677,6 +679,9 @@ class ApiController(RedditController, OAuth2ResourceController):
         if form.has_errors('permissions', errors.INVALID_PERMISSIONS):
             return
 
+        if c.user._spam:
+            return
+
         type, permissions = type_and_permissions
         update = None