diff --git a/routers/user/auth.go b/routers/user/auth.go
index e5e8cc1151..37181c68e7 100644
--- a/routers/user/auth.go
+++ b/routers/user/auth.go
@@ -942,6 +942,11 @@ func LinkAccountPostRegister(ctx *context.Context) {
 		}
 	}
 
+	if !form.IsEmailDomainAllowed() {
+		ctx.RenderWithErr(ctx.Tr("auth.email_domain_blacklisted"), tplLinkAccount, &form)
+		return
+	}
+
 	if setting.Service.AllowOnlyExternalRegistration || !setting.Service.RequireExternalRegistrationPassword {
 		// In models.User an empty password is classed as not set, so we set form.Password to empty.
 		// Eventually the database should be changed to indicate "Second Factor"-enabled accounts