diff --git a/README.md b/README.md
index 2e56c66..0e9fa6e 100644
--- a/README.md
+++ b/README.md
@@ -36,6 +36,7 @@ Contains information for populating the relay's `nip11` document.
 
 Contains policy and access related configuration.
 
+- `public_join` - whether to allow non-members to join the relay without an invite code. Defaults to `false`.
 - `strip_signatures` - whether to remove signatures when serving events to non-admins. This requires clients/users to trust the relay to properly authenticate signatures. Be cautious about using this; a malicious relay will be able to execute all kinds of attacks, including potentially serving events unrelated to a community use case.
 
 ### `[groups]`
@@ -84,6 +85,7 @@ pubkey = "<hex public key>"
 description = "A community relay for my friends"
 
 [policy]
+public_join = true
 strip_signatures = false
 
 [groups]
diff --git a/zooid/config.go b/zooid/config.go
index c286063..62eb04c 100644
--- a/zooid/config.go
+++ b/zooid/config.go
@@ -27,6 +27,7 @@ type Config struct {
 	} `toml:"info"`
 
 	Policy struct {
+		PublicJoin      bool `toml:"public_join"`
 		StripSignatures bool `toml:"strip_signatures"`
 	} `toml:"policy"`
 
diff --git a/zooid/management.go b/zooid/management.go
index 31a2897..744f361 100644
--- a/zooid/management.go
+++ b/zooid/management.go
@@ -289,6 +289,10 @@ func (m *ManagementStore) ValidateJoinRequest(event nostr.Event) (reject bool, e
 		return true, "invalid: you have been banned from this relay"
 	}
 
+	if m.Config.Policy.PublicJoin {
+		return false, ""
+	}
+
 	claimTag := event.Tags.Find("claim")
 
 	if claimTag == nil {