diff --git a/lib/server.js b/lib/server.js
index 95b2885..59547bf 100755
--- a/lib/server.js
+++ b/lib/server.js
@@ -201,18 +201,14 @@ module.exports = function createServer(config, log) {
       fetchRecords(ip, email, phoneNumber)
         .spread(
           function (ipRecord, reputation, emailRecord, ipEmailRecord, smsRecord) {
-            if (ipRecord.isBlocked()) {
+            if (ipRecord.isBlocked() && ! allowWhitelisted({ block: true }, ip, email)) {
               // a blocked ip should just be ignored completely
               // it's malicious, it shouldn't penalize emails or allow
               // (most) escape hatches. just abort!
-              const result = {
+              return {
                 block: true,
                 retryAfter: ipRecord.retryAfter()
               }
-
-              if (! allowWhitelisted(result, ip, email)) {
-                return result
-              }
             }
 
             var wantsUnblock = req.body.payload && req.body.payload.unblockCode