diff --git a/src/invitation.c b/src/invitation.c
index 35e8e492..08afe785 100644
--- a/src/invitation.c
+++ b/src/invitation.c
@@ -392,7 +392,7 @@ int cmd_invite(int argc, char *argv[]) {
 
 	// Fill in the details.
 	fprintf(f, "Name = %s\n", argv[1]);
-	if(netname)
+	if(check_netname(netname, true))
 		fprintf(f, "NetName = %s\n", netname);
 	fprintf(f, "ConnectTo = %s\n", myname);
 
@@ -541,12 +541,17 @@ static bool finalize_join(void) {
 	}
 
 	if(!check_id(name)) {
-		fprintf(stderr, "Invalid Name found in invitation: %s!\n", name);
+		fprintf(stderr, "Invalid Name found in invitation!\n");
 		return false;
 	}
 
-	if(!netname)
+	if(!netname) {
 		netname = grep(data, "NetName");
+		if(netname && !check_netname(netname, true)) {
+			fprintf(stderr, "Unsafe NetName found in invitation!\n");
+			return false;
+		}
+	}
 
 	bool ask_netname = false;
 	char temp_netname[32];
diff --git a/src/tincd.c b/src/tincd.c
index 3bc17e23..72bd8f31 100644
--- a/src/tincd.c
+++ b/src/tincd.c
@@ -261,11 +261,14 @@ static bool parse_options(int argc, char **argv) {
 		netname = NULL;
 	}
 
-	if(netname && (strpbrk(netname, "\\/") || *netname == '.')) {
+	if(netname && !check_netname(netname, false)) {
 		fprintf(stderr, "Invalid character in netname!\n");
 		return false;
 	}
 
+	if(netname && !check_netname(netname, true))
+		fprintf(stderr, "Warning: unsafe character in netname!\n");
+
 	return true;
 }
 
diff --git a/src/utils.c b/src/utils.c
index c374eb5d..fadfd05f 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -191,6 +191,22 @@ bool check_id(const char *id) {
 	return true;
 }
 
+bool check_netname(const char *netname, bool strict) {
+	if(!netname || !*netname || *netname == '.')
+		return false;
+
+	for(const char *c = netname; *c; c++) {
+		if(iscntrl(*c))
+			return false;
+		if(*c == '/' || *c == '\\')
+			return false;
+		if(strict && strchr(" $%<>:`\"|?*", *c))
+			return false;
+	}
+
+	return true;
+}
+
 /* Windows doesn't define HOST_NAME_MAX. */
 #ifndef HOST_NAME_MAX
 #define HOST_NAME_MAX 255
diff --git a/src/utils.h b/src/utils.h
index c3364ced..5c387bdb 100644
--- a/src/utils.h
+++ b/src/utils.h
@@ -51,6 +51,7 @@ extern const char *winerror(int);
 extern unsigned int bitfield_to_int(const void *bitfield, size_t size);
 
 extern bool check_id(const char *);
+extern bool check_netname(const char *, bool strict);
 char *replace_name(const char *name);
 
 #endif /* __TINC_UTILS_H__ */