diff --git a/src/services/websocket_server/handlers/notify_get_notifications.rs b/src/services/websocket_server/handlers/notify_get_notifications.rs
index 64925084..62f1716d 100644
--- a/src/services/websocket_server/handlers/notify_get_notifications.rs
+++ b/src/services/websocket_server/handlers/notify_get_notifications.rs
@@ -24,7 +24,7 @@ use {
         },
         state::AppState,
         types::{Envelope, EnvelopeType0},
-        utils::topic_from_key,
+        utils::{is_same_address, topic_from_key},
     },
     base64::Engine,
     chrono::Utc,
@@ -122,6 +122,13 @@ pub async fn handle(msg: PublishedMessage, state: &AppState) -> Result<(), Relay
             }
         }
 
+        if !is_same_address(&account, &subscriber.account) {
+            Err(RelayMessageServerError::NotifyServerError(
+                NotifyServerError::AccountNotAuthorized,
+            ))?;
+            // TODO change to client error?
+        }
+
         account
     };