diff --git a/bridgev2/matrix/matrix.go b/bridgev2/matrix/matrix.go
index 64165941..6c94bccc 100644
--- a/bridgev2/matrix/matrix.go
+++ b/bridgev2/matrix/matrix.go
@@ -27,6 +27,11 @@ func (br *Connector) handleRoomEvent(ctx context.Context, evt *event.Event) {
 	if br.shouldIgnoreEvent(evt) {
 		return
 	}
+	if !br.Config.Bridge.Permissions.Get(evt.Sender).SendEvents && evt.Type != event.StateMember {
+		zerolog.Ctx(ctx).Debug().Msg("Dropping event from user with no permission to send events")
+		br.SendMessageStatus(ctx, &bridgev2.ErrNoPermissionToInteract, bridgev2.StatusEventInfoFromEvent(evt))
+		return
+	}
 	if (evt.Type == event.EventMessage || evt.Type == event.EventSticker) && !evt.Mautrix.WasEncrypted && br.Config.Encryption.Require {
 		zerolog.Ctx(ctx).Warn().Msg("Dropping unencrypted event as encryption is configured to be required")
 		br.sendCryptoStatusError(ctx, evt, errMessageNotEncrypted, nil, 0, true)
@@ -76,6 +81,11 @@ func (br *Connector) handleEncryptedEvent(ctx context.Context, evt *event.Event)
 		Str("event_id", evt.ID.String()).
 		Str("session_id", content.SessionID.String()).
 		Logger()
+	if !br.Config.Bridge.Permissions.Get(evt.Sender).SendEvents {
+		log.Debug().Msg("Dropping event from user with no permission to send events")
+		br.SendMessageStatus(ctx, &bridgev2.ErrNoPermissionToInteract, bridgev2.StatusEventInfoFromEvent(evt))
+		return
+	}
 	ctx = log.WithContext(ctx)
 	if br.Crypto == nil {
 		br.sendCryptoStatusError(ctx, evt, errNoCrypto, nil, 0, true)
diff --git a/bridgev2/queue.go b/bridgev2/queue.go
index 95011cda..e1fb61c0 100644
--- a/bridgev2/queue.go
+++ b/bridgev2/queue.go
@@ -63,6 +63,12 @@ func (br *Bridge) rejectInviteOnNoPermission(ctx context.Context, evt *event.Eve
 	return true
 }
 
+var (
+	ErrEventSenderUserNotFound = WrapErrorInStatus(errors.New("sender not found for event")).WithIsCertain(true).WithErrorAsMessage()
+	ErrNoPermissionToInteract  = WrapErrorInStatus(errors.New("you don't have permission to send messages")).WithIsCertain(true).WithSendNotice(false).WithErrorAsMessage()
+	ErrNoPermissionForCommands = WrapErrorInStatus(WrapErrorInStatus(errors.New("you don't have permission to use commands")).WithIsCertain(true).WithSendNotice(false).WithErrorAsMessage())
+)
+
 func (br *Bridge) QueueMatrixEvent(ctx context.Context, evt *event.Event) EventHandlingResult {
 	// TODO maybe HandleMatrixEvent would be more appropriate as this also handles bot invites and commands
 
@@ -78,13 +84,11 @@ func (br *Bridge) QueueMatrixEvent(ctx context.Context, evt *event.Event) EventH
 			return EventHandlingResultFailed
 		} else if sender == nil {
 			log.Error().Msg("Couldn't get sender for incoming non-ephemeral Matrix event")
-			status := WrapErrorInStatus(errors.New("sender not found for event")).WithIsCertain(true).WithErrorAsMessage()
-			br.Matrix.SendMessageStatus(ctx, &status, StatusEventInfoFromEvent(evt))
+			br.Matrix.SendMessageStatus(ctx, &ErrEventSenderUserNotFound, StatusEventInfoFromEvent(evt))
 			return EventHandlingResultFailed
 		} else if !sender.Permissions.SendEvents {
 			if !br.rejectInviteOnNoPermission(ctx, evt, "interact with") {
-				status := WrapErrorInStatus(errors.New("you don't have permission to send messages")).WithIsCertain(true).WithSendNotice(false).WithErrorAsMessage()
-				br.Matrix.SendMessageStatus(ctx, &status, StatusEventInfoFromEvent(evt))
+				br.Matrix.SendMessageStatus(ctx, &ErrNoPermissionToInteract, StatusEventInfoFromEvent(evt))
 			}
 			return EventHandlingResultIgnored
 		} else if !sender.Permissions.Commands && br.rejectInviteOnNoPermission(ctx, evt, "send commands to") {
@@ -92,8 +96,7 @@ func (br *Bridge) QueueMatrixEvent(ctx context.Context, evt *event.Event) EventH
 		}
 	} else if evt.Type.Class != event.EphemeralEventType {
 		log.Error().Msg("Missing sender for incoming non-ephemeral Matrix event")
-		status := WrapErrorInStatus(errors.New("sender not found for event")).WithIsCertain(true).WithErrorAsMessage()
-		br.Matrix.SendMessageStatus(ctx, &status, StatusEventInfoFromEvent(evt))
+		br.Matrix.SendMessageStatus(ctx, &ErrEventSenderUserNotFound, StatusEventInfoFromEvent(evt))
 		return EventHandlingResultIgnored
 	}
 	if evt.Type == event.EventMessage && sender != nil {
@@ -102,8 +105,7 @@ func (br *Bridge) QueueMatrixEvent(ctx context.Context, evt *event.Event) EventH
 		msg.RemovePerMessageProfileFallback()
 		if strings.HasPrefix(msg.Body, br.Config.CommandPrefix) || evt.RoomID == sender.ManagementRoom {
 			if !sender.Permissions.Commands {
-				status := WrapErrorInStatus(errors.New("you don't have permission to use commands")).WithIsCertain(true).WithSendNotice(false).WithErrorAsMessage()
-				br.Matrix.SendMessageStatus(ctx, &status, StatusEventInfoFromEvent(evt))
+				br.Matrix.SendMessageStatus(ctx, &ErrNoPermissionForCommands, StatusEventInfoFromEvent(evt))
 				return EventHandlingResultIgnored
 			}
 			go br.Commands.Handle(