diff --git a/README.md b/README.md
index a3ad18f..7794821 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,7 @@ Phase 1:
 
 Phase 2:
 * [x] Pantalaimon support
-* [ ] No-op mode (for verifying behaviour)
+* [x] No-op mode (for verifying behaviour)
 * [ ] Redact messages on ban (optionally)
 * [x] More useful spam in management room
 * [ ] Command to import ACLs, etc from rooms
diff --git a/config/default.yaml b/config/default.yaml
index e32968b..d17d2ce 100644
--- a/config/default.yaml
+++ b/config/default.yaml
@@ -42,6 +42,11 @@ syncOnStartup: true
 # resets, etc) before Mjolnir is needed.
 verifyPermissionsOnStartup: true
 
+# If true, Mjolnir won't actually ban users or apply server ACLs, but will
+# think it has. This is useful to see what it does in a scenario where the
+# bot might not be trusted fully, yet. Default false (do bans/ACLs).
+noop: false
+
 # A list of rooms to protect (matrix.to URLs)
 protectedRooms:
   - "https://matrix.to/#/#yourroom:example.org"
diff --git a/src/actions/ApplyAcl.ts b/src/actions/ApplyAcl.ts
index e84d9a2..cac1006 100644
--- a/src/actions/ApplyAcl.ts
+++ b/src/actions/ApplyAcl.ts
@@ -51,7 +51,9 @@ export async function applyServerAcls(lists: BanList[], roomIds: string[], mjoln
                 await mjolnir.client.sendNotice(mjolnir.managementRoomId, `Applying ACL in ${roomId}`);
             }
 
-            await mjolnir.client.sendStateEvent(roomId, "m.room.server_acl", "", finalAcl);
+            if (!config.noop) {
+                await mjolnir.client.sendStateEvent(roomId, "m.room.server_acl", "", finalAcl);
+            }
         } catch (e) {
             errors.push({roomId, errorMessage: e.message || (e.body ? e.body.error : '<no message>')});
         }
diff --git a/src/actions/ApplyBan.ts b/src/actions/ApplyBan.ts
index 892695a..3180b17 100644
--- a/src/actions/ApplyBan.ts
+++ b/src/actions/ApplyBan.ts
@@ -58,7 +58,10 @@ export async function applyUserBans(lists: BanList[], roomIds: string[], mjolnir
                                 await mjolnir.client.sendNotice(mjolnir.managementRoomId, `Banning ${member['state_key']} in ${roomId} for: ${userRule.reason}`);
                             }
 
-                            await mjolnir.client.banUser(member['state_key'], roomId, userRule.reason);
+                            if (!config.noop) {
+                                await mjolnir.client.banUser(member['state_key'], roomId, userRule.reason);
+                            }
+
                             banned = true;
                             break;
                         }
diff --git a/src/config.ts b/src/config.ts
index d819b62..94f7061 100644
--- a/src/config.ts
+++ b/src/config.ts
@@ -30,6 +30,7 @@ interface IConfig {
     verboseLogging: boolean;
     syncOnStartup: boolean;
     verifyPermissionsOnStartup: boolean;
+    noop: boolean;
     protectedRooms: string[]; // matrix.to urls
 }