diff --git a/src/controllers/UserController.ts b/src/controllers/UserController.ts
index bb8d5ee..82fc1f0 100644
--- a/src/controllers/UserController.ts
+++ b/src/controllers/UserController.ts
@@ -1,7 +1,7 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
-import { UserIdsNotMatchingError, UserNotFoundError } from '../errors/UserErrors';
+import { UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
 import { UserGroupNotFoundError } from '../errors/UserGroupErrors';
 import { CreateUser } from '../models/actions/create/CreateUser';
 import { UpdateUser } from '../models/actions/update/UpdateUser';
@@ -51,7 +51,8 @@ export class UserController {
 	@Post()
 	@Authorized("USER:CREATE")
 	@ResponseSchema(ResponseUser)
-	@ResponseSchema(UserGroupNotFoundError)
+	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
+	@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
 	@OpenAPI({ description: 'Create a new user. <br> If you want to grant permissions to the user you have to create them seperately by posting to /api/permissions after creating the user.' })
 	async post(@Body({ validate: true }) createUser: CreateUser) {
 		let user;
@@ -70,6 +71,7 @@ export class UserController {
 	@ResponseSchema(ResponseUser)
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
+	@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
 	@OpenAPI({ description: "Update the user whose id you provided. <br> To change the permissions directly granted to the user please use /api/permissions instead. <br> Please remember that ids can't be changed." })
 	async put(@Param('id') id: number, @Body({ validate: true }) updateUser: UpdateUser) {
 		let oldUser = await this.userRepository.findOne({ id: id });
diff --git a/src/errors/UserErrors.ts b/src/errors/UserErrors.ts
index 8cee607..5d2b659 100644
--- a/src/errors/UserErrors.ts
+++ b/src/errors/UserErrors.ts
@@ -14,6 +14,18 @@ export class UsernameOrEmailNeededError extends NotFoundError {
 	message = "No username or email is set!"
 }
 
+/**
+ * Error to throw when no username contains illegal characters.
+ * Right now the only one is "@" but this could change in the future.
+ */
+export class UsernameContainsIllegalCharacterError extends NotAcceptableError {
+	@IsString()
+	name = "UsernameContainsIllegalCharacterError"
+
+	@IsString()
+	message = "The provided username contains illegal characters! \n Right now the following characters are considered illegal: '@'"
+}
+
 /**
  * Error to throw when no email is set.
  * We somehow need to identify you :)
diff --git a/src/models/actions/create/CreateUser.ts b/src/models/actions/create/CreateUser.ts
index 50e5b7b..1942e59 100644
--- a/src/models/actions/create/CreateUser.ts
+++ b/src/models/actions/create/CreateUser.ts
@@ -3,7 +3,7 @@ import { IsBoolean, IsEmail, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, Is
 import { getConnectionManager } from 'typeorm';
 import * as uuid from 'uuid';
 import { config } from '../../../config';
-import { UserEmailNeededError } from '../../../errors/UserErrors';
+import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
 import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
 import { User } from '../../entities/User';
 import { UserGroup } from '../../entities/UserGroup';
@@ -94,6 +94,7 @@ export class CreateUser {
         if (!this.email) {
             throw new UserEmailNeededError();
         }
+        if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
 
         newUser.email = this.email
         newUser.username = this.username
diff --git a/src/models/actions/update/UpdateUser.ts b/src/models/actions/update/UpdateUser.ts
index 45726b7..2797b34 100644
--- a/src/models/actions/update/UpdateUser.ts
+++ b/src/models/actions/update/UpdateUser.ts
@@ -2,7 +2,7 @@ import * as argon2 from "argon2";
 import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import { config } from '../../../config';
-import { UserEmailNeededError } from '../../../errors/UserErrors';
+import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
 import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
 import { User } from '../../entities/User';
 import { UserGroup } from '../../entities/UserGroup';
@@ -101,13 +101,15 @@ export class UpdateUser {
         if (!this.email) {
             throw new UserEmailNeededError();
         }
-        user.email = this.email;
-        user.username = this.username;
+        if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
+
         if (this.password) {
             user.password = await argon2.hash(this.password + user.uuid);
             user.refreshTokenCount = user.refreshTokenCount + 1;
         }
 
+        user.email = this.email;
+        user.username = this.username;
         user.enabled = this.enabled;
         user.firstname = this.firstname
         user.middlename = this.middlename