diff --git a/upub/core/src/ext.rs b/upub/core/src/ext.rs
index ac9ed26..504d22f 100644
--- a/upub/core/src/ext.rs
+++ b/upub/core/src/ext.rs
@@ -136,3 +136,16 @@ impl TypeName for String {
 		"String".to_string()
 	}
 }
+
+pub fn strip_proto(url: &str) -> &str {
+	url
+		.strip_prefix("https://")
+		.unwrap_or(url)
+		.strip_prefix("http://")
+		.unwrap_or(url)
+}
+
+pub fn is_blacklisted(id: &str, blacklist: &[String]) -> bool {
+	let stripped = strip_proto(id);
+	blacklist.iter().any(|x| stripped.starts_with(x))
+}
diff --git a/upub/core/src/traits/address.rs b/upub/core/src/traits/address.rs
index d0698f8..bfce764 100644
--- a/upub/core/src/traits/address.rs
+++ b/upub/core/src/traits/address.rs
@@ -198,9 +198,8 @@ async fn expand_addressing(targets: Vec<String>, audience: Option<String>, tx: &
 }
 
 async fn expand_addressing_with_blacklist(id: &str, blacklist: &[String], mut targets: Vec<String>, audience: Option<String>, tx: &impl ConnectionTrait) -> Result<Vec<String>, DbErr> {
-	let trimmed = id.replace("https://", "").replace("http://", "");
-	if blacklist.iter().any(|x| trimmed.starts_with(x)) {
-		targets.retain(|x| x != apb::target::PUBLIC && x != apb::target::PUBLIC_COMPACT);
+	if crate::ext::is_blacklisted(id, blacklist) {
+		targets.retain(|x| !apb::target::is_public(x));
 	}
 	expand_addressing(targets, audience, tx).await
 }
diff --git a/upub/routes/src/activitypub/application.rs b/upub/routes/src/activitypub/application.rs
index aded7a0..9934fbc 100644
--- a/upub/routes/src/activitypub/application.rs
+++ b/upub/routes/src/activitypub/application.rs
@@ -139,8 +139,7 @@ pub async fn cloak_proxy(
 	let uri = ctx.uncloak(&hmac, &uri)
 		.ok_or_else(ApiError::unauthorized)?;
 
-	let stripped = uri.replace("https://", "").replace("http://", "");
-	if ctx.cfg().reject.media.iter().any(|x| stripped.starts_with(x)) {
+	if upub::ext::is_blacklisted(&uri, &ctx.cfg().reject.media) {
 		return Err(ApiError::Status(axum::http::StatusCode::UNAVAILABLE_FOR_LEGAL_REASONS));
 	}
 
diff --git a/upub/worker/src/outbound.rs b/upub/worker/src/outbound.rs
index bab2a0d..886e227 100644
--- a/upub/worker/src/outbound.rs
+++ b/upub/worker/src/outbound.rs
@@ -188,8 +188,7 @@ pub async fn process(ctx: Context, job: &model::job::Model) -> crate::JobResult<
 
 	targets
 		.retain(|target| {
-			let stripped = target.replace("https://", "").replace("http://", "");
-			if ctx.cfg().reject.delivery.iter().any(|x| stripped.starts_with(x)) {
+			if upub::ext::is_blacklisted(target, &ctx.cfg().reject.delivery) {
 				tracing::warn!("rejecting delivery of {} to {target}", job.activity);
 				false
 			} else {