diff --git a/server/routes/user.js b/server/routes/user.js
index ba1eb9ad8..8b6eb380f 100644
--- a/server/routes/user.js
+++ b/server/routes/user.js
@@ -314,6 +314,10 @@ router.post('/user/init', handleErrorAsync(async (req, res) => {
         return res.json({ error: 'user.account.changeEmail.invalid' })
     }
 
+    if (await lookupBanArchive(req.db, 'email', payload)) {
+        throw 'banned';
+    }
+
     let codeKey;
     if (isTest) {
         codeKey = await saveAuthenticator(req.db, 'email', user, payload, 15);