diff --git a/CHANGES.rst b/CHANGES.rst
index c1a8dd761..da4232790 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,3 +1,20 @@
+Changes in synapse v0.18.7-rc1 (2017-01-06)
+===========================================
+
+Bug fixes:
+
+* Fix error in #PR 1764 to actually fix the nightmare #1753 bug.
+* Improve deadlock logging further
+* Discard inbound federation traffic from invalid domains, to immunise
+  against #1753
+
+Changes in synapse v0.18.6 (2017-01-06)
+=======================================
+
+Bug fixes:
+
+* Fix bug when checking if a guest user is allowed to join a room (PR #1772)
+
 Changes in synapse v0.18.6-rc3 (2017-01-05)
 ===========================================
 
diff --git a/synapse/__init__.py b/synapse/__init__.py
index a1da92ef9..91e3a2c2e 100644
--- a/synapse/__init__.py
+++ b/synapse/__init__.py
@@ -16,4 +16,4 @@
 """ This is a reference implementation of a Matrix home server.
 """
 
-__version__ = "0.18.6-rc3"
+__version__ = "0.18.7-rc1"
diff --git a/synapse/events/__init__.py b/synapse/events/__init__.py
index 8c71aeb5e..da9f3ad43 100644
--- a/synapse/events/__init__.py
+++ b/synapse/events/__init__.py
@@ -43,7 +43,7 @@ class _EventInternalMetadata(object):
 
         returns a str with the name of the server this event is sent on behalf of.
         """
-        return getattr(self, "get_send_on_behalf_of", None)
+        return getattr(self, "send_on_behalf_of", None)
 
 
 def _event_dict_property(key):
diff --git a/synapse/federation/federation_server.py b/synapse/federation/federation_server.py
index 800f04189..5f6e6cbb4 100644
--- a/synapse/federation/federation_server.py
+++ b/synapse/federation/federation_server.py
@@ -23,6 +23,7 @@ from synapse.util.async import Linearizer
 from synapse.util.logutils import log_function
 from synapse.util.caches.response_cache import ResponseCache
 from synapse.events import FrozenEvent
+from synapse.types import get_domain_from_id
 import synapse.metrics
 
 from synapse.api.errors import AuthError, FederationError, SynapseError
@@ -132,7 +133,7 @@ class FederationServer(FederationBase):
 
         if response:
             logger.debug(
-                "[%s] We've already responed to this request",
+                "[%s] We've already responded to this request",
                 transaction.transaction_id
             )
             defer.returnValue(response)
@@ -475,6 +476,27 @@ class FederationServer(FederationBase):
     @defer.inlineCallbacks
     @log_function
     def _handle_new_pdu(self, origin, pdu, get_missing=True):
+
+        # check that it's actually being sent from a valid destination to
+        # workaround bug #1753 in 0.18.5 and 0.18.6
+        if origin != get_domain_from_id(pdu.event_id):
+            if not (
+                pdu.type == 'm.room.member' and
+                pdu.content and
+                pdu.content.get("membership", None) == 'join' and
+                self.hs.is_mine_id(pdu.state_key)
+            ):
+                logger.info(
+                    "Discarding PDU %s from invalid origin %s",
+                    pdu.event_id, origin
+                )
+                return
+            else:
+                logger.info(
+                    "Accepting join PDU %s from %s",
+                    pdu.event_id, origin
+                )
+
         # We reprocess pdus when we have seen them only as outliers
         existing = yield self._get_persisted_pdu(
             origin, pdu.event_id, do_auth=False
diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py
index ba49075a2..2f8782e52 100644
--- a/synapse/handlers/room_member.py
+++ b/synapse/handlers/room_member.py
@@ -232,10 +232,12 @@ class RoomMemberHandler(BaseHandler):
         is_host_in_room = yield self._is_host_in_room(current_state_ids)
 
         if effective_membership_state == Membership.JOIN:
-            if requester.is_guest and not self._can_guest_join(current_state_ids):
-                # This should be an auth check, but guests are a local concept,
-                # so don't really fit into the general auth process.
-                raise AuthError(403, "Guest access not allowed")
+            if requester.is_guest:
+                guest_can_join = yield self._can_guest_join(current_state_ids)
+                if not guest_can_join:
+                    # This should be an auth check, but guests are a local concept,
+                    # so don't really fit into the general auth process.
+                    raise AuthError(403, "Guest access not allowed")
 
             if not is_host_in_room:
                 inviter = yield self.get_inviter(target.to_string(), room_id)
diff --git a/synapse/state.py b/synapse/state.py
index ba0d2a39a..8003099c8 100644
--- a/synapse/state.py
+++ b/synapse/state.py
@@ -160,9 +160,9 @@ class StateHandler(object):
 
     @defer.inlineCallbacks
     def get_current_user_in_room(self, room_id, latest_event_ids=None):
-        logger.info("calling resolve_state_groups from get_current_user_in_room")
         if not latest_event_ids:
             latest_event_ids = yield self.store.get_latest_event_ids_in_room(room_id)
+        logger.info("calling resolve_state_groups from get_current_user_in_room")
         entry = yield self.resolve_state_groups(room_id, latest_event_ids)
         joined_users = yield self.store.get_joined_users_from_state(
             room_id, entry.state_id, entry.state