diff --git a/commonspace/object/acl/list/aclrecordbuilder.go b/commonspace/object/acl/list/aclrecordbuilder.go
index 5b3e85f1..5d81aff4 100644
--- a/commonspace/object/acl/list/aclrecordbuilder.go
+++ b/commonspace/object/acl/list/aclrecordbuilder.go
@@ -488,7 +488,7 @@ func (a *aclRecordBuilder) buildInviteRevoke(inviteRecordId string) (value *aclr
 func (a *aclRecordBuilder) BuildRequestJoin(payload RequestJoinPayload) (rawRecord *consensusproto.RawRecord, err error) {
 	var inviteId string
 	for id, inv := range a.state.invites {
-		if inv.Key.Equals(payload.InviteKey.GetPublic()) && inv.Type == aclrecordproto.AclInviteType_RequestToJoin {
+		if inv.Key.Equals(payload.InviteKey.GetPublic()) {
 			inviteId = id
 		}
 	}
diff --git a/commonspace/object/acl/list/acltestsuite_test.go b/commonspace/object/acl/list/acltestsuite_test.go
index 8cc65701..ec06267f 100644
--- a/commonspace/object/acl/list/acltestsuite_test.go
+++ b/commonspace/object/acl/list/acltestsuite_test.go
@@ -142,6 +142,8 @@ func TestAclExecutor(t *testing.T) {
 		{"a.batch::revoke:oldInvId;invite_anyone:someId,a", nil},
 		{"new4.invite_join::someId", nil},
 		{"new4.add::super,r,superm", nil},
+		// check that users can't join using request to join for anyone can join links
+		{"new5.join::someId", ErrNoSuchInvite},
 	}
 	for _, cmd := range cmds {
 		err := a.Execute(cmd.cmd)
diff --git a/commonspace/object/acl/list/validator.go b/commonspace/object/acl/list/validator.go
index 4012d6b0..71e3fa3c 100644
--- a/commonspace/object/acl/list/validator.go
+++ b/commonspace/object/acl/list/validator.go
@@ -282,6 +282,9 @@ func (c *contentValidator) ValidateRequestJoin(ch *aclrecordproto.AclAccountRequ
 	if !c.aclState.Permissions(authorIdentity).NoPermissions() {
 		return ErrInsufficientPermissions
 	}
+	if invite.Type != aclrecordproto.AclInviteType_RequestToJoin {
+		return ErrNoSuchInvite
+	}
 	inviteIdentity, err := c.keyStore.PubKeyFromProto(ch.InviteIdentity)
 	if err != nil {
 		return