diff --git a/group_vars/all b/group_vars/all
index 1aa2255f..bd583374 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -190,6 +190,7 @@ bigbluebutton_enable_greenlight:  "true"
 
 #### Listmonk
 listmonk_admin_username:          "admin"
+listmonk_public_api_activated:    False # Security hole. Can be used for spaming
 
 #### Mastodon
 mastodon_version:                 "latest"
diff --git a/roles/docker-listmonk/files/deactivate-public-api.conf b/roles/docker-listmonk/files/deactivate-public-api.conf
new file mode 100644
index 00000000..8d1e8e36
--- /dev/null
+++ b/roles/docker-listmonk/files/deactivate-public-api.conf
@@ -0,0 +1,3 @@
+location /api/public/subscription {
+    return 403;
+}
\ No newline at end of file
diff --git a/roles/docker-listmonk/tasks/main.yml b/roles/docker-listmonk/tasks/main.yml
index 32b798f2..3aeb1903 100644
--- a/roles/docker-listmonk/tasks/main.yml
+++ b/roles/docker-listmonk/tasks/main.yml
@@ -2,6 +2,15 @@
 - name: "include docker/compose/database.yml"
   include_tasks: docker/compose/database.yml
 
+- name: Set nginx_docker_reverse_proxy_extra_configuration based on listmonk_public_api_activated
+  set_fact:
+    nginx_docker_reverse_proxy_extra_configuration: >-
+      {% if not listmonk_public_api_activated %}
+      {{ lookup('file', '{{ role_path }}/files/deactivate-public-api.conf') }}
+      {% else %}
+      ""
+      {% endif %}
+
 - name: "include tasks nginx-docker-proxy-domain.yml"
   include_tasks: nginx-docker-proxy-domain.yml